Investigación
Logo Universidad CEU San Pablo
Research

Cátedra Google de Privacidad, Sociedad e Innovación

The Google Chair was created in 2012 and is directed by José Luis Piñar, Lecturer of Administrative Law and former Director of the Spanish Data Protection Agency (Agencia Española de Protección de Datos). It is the first of its kind in Europe and its main objective is to study the ethical and legal limits of technologies that process personal data. Since its creation, the Chair has become an international forum for debate on the main challenges that the relationship between technological innovation and privacy poses for society nowadays and in the future.

Research award

The Google Chair in Privacy, Society and Innovation is going to carry out an Annual Research Project on a topic of great importance and relevance: the right to personal data protections and innovation technology.

In order to achieve this, the Chair is going to work with national and international experts and academics and with Research Universities and Centres both from Spain and from abroad. Its aim is to obtain results that could provide answers to many society's concerns in terms of privacy.

One of the aims of the Universidad CEU San Pablo Google Chair in Privacy, Society and Innovation is to drive research on matters related to this field. In order to achieve this, since its creation, the Chair has anully given a Research Award. Now, the award will be given for the fifth time.

RULES AND REGULATIONS

  • Work topic: the object of the work must be the judicial, sociologist, technological or economic analysis and assessment of privacy in the social reality and innovation framework. Both from a dogmatic or doctrinal approach as well as from a jurisprudential approach or from a sociology, technology or economics-based approach.
  • Participants: Those who have a national or international University degree and are interested in privacy will be able to opt for the award. The works will be able to be made individually or in a team. Teams will not be able to host more than three persons. In case that a team was awarded, the award will be attributed to the team as a whole.

Those who have a direct or indirect relation with the Chair in Privacy, Society and Innovation's cosponsor bodies will not be able to opt for the award.

  • First: The works shall be submitted in paper. Its content must not contain any personal data; except for its title. The works will be original and unprecedented and they won't have been awarded previously by any public or private body. The works shall be written in Spanish or English, and they will be submitted in Word format, in 12 point Times New Roman, 1.5 lined-spaced, DIN A-4 sized, and they must not be under 75 pages nor exceed 150 pages, including the research final conclusions.
  • Second: These works will also be provided in computerised form (CD or any similar device) and they must be exactly coinciding with the work submitted in paper.
  • Third: The works will be submitted in closed envelope, with the work's tile on its front too. On this envelope, the author will include any data that allows its identification and location (name and surnames, postal code, telephone number, e-mail, and any other similar data). The envelope will also contain a sworn statement that affirms that the research is original and unprecedented and that it has not been awarded by any public or private body. It must also contain a curriculum vitae, in which similar works to the one submitted are stated.

Deadline and Submission of the Works: the works submission deadline expires on 4 June 2018.

The Works shall be submitted in an envelope containing the title “International Research Award on privacy, society and innovation”. The envelope shall be addressed to the Google Chair in Privacy, Society and Innovation Secretariat, Universidad CEU-San Pablo, Calle Julián Romea, 22, 28003, Madrid. The original Works shall be submitted in the Chair Secretariat before 3p.m., 4 June. They will also be able to be submitted by e-mail. In this case, its delivery date must be stated and the time limit previously mention does not apply.

This envelope will include:

  • Jury: A Jury composed by five members will evaluate the received works. the Holder of the Google Chair in Privacy, Society and Innovation will lead this Jury. The Chair Monitoring Commission will choose the remaining four members. The Academic Secretary of the Chair will assist the Jury, in an advisory capacity, acting as the Chair secretary. The Jury will be legally constituted and be able to sign agreements when convened by the Chairman; and when at least more than half of the members are present, including the President. To these effects, the Jury will be able to meet by virtual means – by videoconferencing, for instance – that permit to confirm the identification and volunty of all members. The deliberations and votes will be secret.
  • Award: The award is endowed 2.000 €. Moreover, a diploma and a commemorative plaque issued by the Google Chair in Privacy, Society and Innovation will be handed in. Also, the Chair will organise the work’s edition and publication. A secondary award might be given when the Jury determines. The awarded will hand the Chair an exclusive license, for as long as the rights (in accordance with the applicable worldwide intellectual property legislation) lasts. Therefore, The Chair will be able to exploit the work (in all its forms). The work will also be disseminated accordingly by the Chair and its promoting Institutions’ own means (Universidad CEU San Pablo and Google). Either way, the award resolution will be notified to the participants in good time prior to the delivery of the award. The award could be declared void, if the quality of the works so concludes.
  • Personal Data Protection: As stated in article 5 of the Spanish Organic Act 15/1999, of 13 December, on Personal Data Protection, the provided personal data will be included in a file for which Universidad CEU San Pablo is responsible. These data will be treated with absolute confidentiality in order to manage the Google Chair in Privacy, Society and Innovation Research award. The award won’t be transferred to third parties, excluding the awarded data, as well as the data of those who provide consent to make it public. The participants’ data could be used to forward information regarding the Chair activities. Those interested will be able to exercise their access, rectification, erasure and objection rights by issuing a letter addressed to the University, the General Secretariat, Calle Isaac Peral, 58, 28003 Madrid.
  •  Acceptance of the present clauses: the participation in the “Research Award on privacy, society and innovation” implies the acceptance of all clauses in the present call.

International Conferences

25 y 26 de junio de 2013. Los retos de la privacidad: innovación, derecho y seguridad
25 and 26 June 2013

The I Chair’s Annual Conference was held in the Universidad CEU San Pablo's Aula Magna. At the Conference, “Privacy challenges: Innovation, Law and Security” were analysed.

During the Inauguration, Universidad CEU San Pablo's Rector Juan Carlos Domínguez Nafría, shared table with Juan Bravo, the Undersecretary of Justice; Bárbara Navarro, Public and Institutional Affairs Director for Google Spain, Portugal and Greece; and José Luis Piñar, the Chair holder.

The participants agreed on their approaches. The legal framework needs to be unified, taking into consideration the new reality in which we are immerged, guaranteeing rights and promoting economic development.

  • Round table 'Industry answers to meet privacy demands'. The Conference participants were Maria Valle, Director-Contract and Negotiation Department of Huawei Technologies Europe; Melina Violari, Head of Privacy in Brussels; and Javier Puyol, the Corporate Legal Advice Department Director of BBVA.
  • Round table 'The new European Personal Data Protection Legislation' consists of Francisco Fonseca, Head of the European Commission in Spain;  Antonio Troncoso, Constitutional Law Full Lecturer at the University of Cádiz and former Director of The Data Protection Agency of the Community of Madrid; and Thomas Zerdick, a European Data Protection Board (EDPB) member.
  • Round table 'Freedom of expression and personal data protection'. In order to address this subject, the Conference hosted Justino Si-nova, Universidad CEU San Pablo Lecturer and Director of the Observatory of Freedom of Expression; Lucía Méndez, Editor-in-Chief of El Mundo; Jorge Marirrodriga, Universidad CEU San Pablo Lecturer and Editor-in-chief of the American edition of El País; and Nuria Ramirez, from ABC.
  • Round table 'Judicial challenges in the light of the debate between privacy and innovation', in which the participants were Tomás de la Quadra-Salcedo, Administrative Law Carlos III University Lecturer and former Ministry of Justice; Nelson Remolina, Universidad de los Andes (Colombia) Lecturer; Ariane Mole, Bird & Bird-France partner; Juan Ignacio Sanz Fuentes, Information technology Lecturer at Universidad CEU San Pablo; and Alfonso Oñate-Laborde, Data Protection Secretary at IFAI (the Federal Institute of Access to Public Information) Mexico.
  • Round table 'The role of jurisprudence in the construction of data protection rights' consisting of Ricard Martínez, the Spanish Association of Privacy Professionals (APEP); Pablo Lucas Murillo de la Cueva, Constitutional Law lecturer and Supreme Court judge; Eva Nieto Garrido, Administrative law (enabled) lecturer at Universidad de Castilla-La Mancha and attorney of the Spanish Tribunal Constitucional; Belén del Pozo, Public Prosecutor at the Spanish National High Court and Civil Law lecturer at Universidad CEU San Pablo; and Miguel Recio, from Global Data Protection Consulting.
  • Round table 'Advocacy and the right to Personal Data Protection' composed by Carlos Carnicer, President of the General Council of Spanish Lawyers; Pere Huguet, Dean of the distinguished bar association of Reus and Vice-president of the General Council of Spanish Advocates; Jonathan Goldsmith, General Secretary of the European Council of Bars and Law Societies; and  Rodolfo Tesone, President of ENATIC.
  • Round table 'Innovation, social media and minor’s privacy' consisting of Carlos Represa, Director of the National ICT School Safety Centre; Conrado Escobar de las Heras, PP party Congressman and spokesman of the Committee on Internal Affairs and of the Subcommittee on the Study on the Use of Social Media; Ignacio Sánchez Amor, PSOE party Congressman and spokesman of the Subcommittee on the Study on the Use of Social Media; and José Díaz Cappa, at the Balearic Islands Supreme Public Prosecutor’s Office and the Computer-crime Representative.
  • Round table 'Internet Safety, the fight against cyber-crime and police interception systems' hosted José de la Peña, director of the journal of the cybersecurity journal SIC; Juan Luis García Rambla, technical director of Security at Sidertia Solutions; Juan Antonio Calles García, Senior consultant of Security at Everis and Creator of Flu–AD (the police interception tool); Carlos Represa Estrada, Director of the ICT School Safety Centre; Cesar Lorenzana, Captain of the Spanish Guardia Civil Cyber-crime Unit; and Juan Miguel Manzanas, Chief Commisioner of the Technological Investigation Brigade (BIT). 
23 AND 24 JUNE 2014

The II International Conference took place at Universidad CEU San Pablo Business School. The Conference dealt with issues related to big data, the right of oblivion, artificial intelligence and ‘applification’.

During the Inauguration, the Rector of Universidad CEU San Pablo Juan Carlos Domínguez Nafría, shared table with Juan Bravo, the Undersecretary of Justice; Bárbara Navarro, Public and Institutional Affairs Director for Google Spain, Portugal and Greece; and José Luis Piñar, the Chair holder.

During the Conference, the importance of informing and educating citizens about risks the downloading of apps risks was highlighted. The Conference focused on parents and teachers due to the significance role they play in education.

  • Conference ‘Data protection and technological innovation in the European Union framework’, led by Francisco Fonseca, Head of the European Commission in Spain.
  • Round table ‘Big Data Revolution: risks and benefits’ consisted of Javier Zamora, Information Systems Lecturer at IESE; Marie Georges, European Council’s Data Protection Consultant; Juan Francisco Losa, Head BBVA’s Digital Bank Security; Antonio Muñoz Marcos, Business Affairs Digital Regulation Counsel at Telefónica; and Ricardo Palomo Zurdo, Dean of the School of Economic and Business at Universidad CEU San Pablo.
  • Round table ‘Jurisprudence and the right to oblivion: What’s next?’ composed by José Luis Piñar, Chair holder; Pablo Lucas Murillo de la Cueva, Supreme Court Judge; Alejandro Perales, President of the Association of Internet Users; Jorge Villano, legal advisor of the Spanish Cortes Generales and main postdoctoral researcher on Privacy and Internet at Universidad Abat Oliba CEU; Javier Fernández Samaniego, director Partner Lawyer in Spain at Bird & Bird LLP; and José Antonio Hernández Corchete, Attorney of the Spanish Tribunal Constitucional.
  • Round table ‘the need for a crossroads policy in terms of privacy: restoring trust between Europe and USA’, with the participation of Hugh Stevenson, Deputy Director Office of International Affairs at Federal Trade Commission, Washington D.C.; Fernando Irurzún Montoro, deputy director general of judicial matters of the State Legal Service; and Ofelia Tejerina, Lawyer, member of ENATIC board of directors.
  • Round table ‘Innovation and Artificial Intelligence: Drones and Privacy’ featured by Cecilia Álvarez Rigaudias, Lawyer from Uría Menéndez; David Ramírez Morán, main Analyst at Spanish Institute for Strategic Studies (IEEE) at Centre for Higher National Defence Studies (CESEDEN); Juan Pablo Fuentes Brea, Senior researcher on Cognitive Robotics (UPM); and José de la Peña, director of the journal of the cybersecurity journal SIC.
  • Round table ‘Applification: a privacy challenge?’ composed of José Luis Piñar; Àngels Barbarà, Director of the Catalan Data Protection Authority; and Francisco Pérez Bes, Secretary-General of INTECO.

At the closing, José Luis Piñar stressed the importance of the discussed matters, data and knowledge that the speakers had delivered. This conference contributed to the Chair’s aim of: ‘creating an opened forum to constructive criticism in order to achive a better privacy, among other goals’.

Privacidad y seguridad en la sociedad de los datos
11 JUNE 2015

The Gabriela Mistral Lecture Hall at Casa de América hosted the III International Conference, that was chaired by the Minister of Internal Affairs, Jorge Fernández Díaz.

At the opening ceremony, the Minister was accompanied by Juan Carlos Domínguez Nafría, the Rector of CEU San Pablo University; Tomás Poveda, the Director General of Casa de América of Madrid; Francisco Ruiz Antón, the Director of Public Policy & Government Relations Google Spain and Portugal; and Lecturer Piñar, the chairholder.

Fernández Díaz encouraged everyone to take part in the debate between freedom and security and gave Google and Universidad CEU San Pablo as an example for promoting the Chair as a ‘useful forum for debate on privacy and data protection’.

Throughout this Conference, the need for transforming the internet into a free, safe, opened and respectful tool was emphasised. Looking for a balance between technological development and privacy was also stressed, since the threat of sanctions related to privacy, could lead to missing the boat of innovation.

Likewise, it was highlighted that ‘all crimes already have a technological component’ and that media ‘have gone from being the place where everyone wants to publish, to start tracking what people post on social media’. Additionally, the need for a Magna Carta that guarantees privacy and freedom to Internet users, governments and corporations was also emphasized.

  • Keynote Conference ‘Privacy between Present and Futur’, by Stefano Rodotà, Lecturer at La Sapienza University of Rome and former Italian Data Protection Guarantor.
  • Round table on ‘Social Networks and New Challenges in Child Protection’, consisted of Caridad García (IU) and Pilar Marcos (PP) Members of the Congress Subcommittee on the study of social networks; and Conrado Escobar (PP), Coordinator of the so-mentioned Subcommittee.
  • Round table on ‘Data Protection and Technological Development in a Global World’, composed by José Luis Piñar, Lecturer; Ricard Martínez, President of the Spanish Association of Privacy Professionals (APEP); Borja Adsuara, Advisor on of Digital Strategy, Public and Regulatory Affairs and former CEO of Red.es; and Miguel Ángel Encinar del Pozo, Chief Magistrate of the Supreme Court Technical Cabinet, Criminal Division.
  • Round table on ‘Cybersecurity, Online Fight against Crime, Terrorism and Corruption’, consisted of Fernando Sánchez Gómez, Director of the National Critical Infrastructure Protection System (CNPIC); Ignacio González Ubierna, from National Institute of Cybersecurity (INCIBE); Óscar de la Cruz, Head of the Telematic Crime Group of the Spanish Guardia Civil; and Luis de Eusebio, from the Police General Directorate.
  • Round table on ‘Citizen-journalism, social media and privacy’, featured by Javier García Vila, Director of Europa Press; Borja Bergareche, from Vocento Group; Juan Manuel Rodríguez, from El Confidencial; Soledad Alcaide, from El País, and Graham Keeley from The Times.
  • Round Table on ‘The Right to oblivion and Global Challenges’, composed by Diego Córdoba Castroverde, Magistrate of the Supreme Court; Pierre Trudel, Law Lecturer at the University of Montreal; William Malcom, Google’s Senior Privacy Counsel; Pablo García Mexía, Legal advisor of the Spanish Cortes Generales and Visiting Lecturer at The College of William & Mary; and Áurea Roldán, Under-secretary of Justice.
23 June 2016

The IV International Conference hosted 200 international experts and 25 international speakers from five countries.

At the inauguration, The Rector of CEU San Pablo University Antonio Calvo and the Chairholder José Luis Piñar, were accompanied by the Undersecretary of Justice Áurea Roldán and the Head of Public Policy and Government relations Francisco Ruiz Antón, the Director of Public Policy & Government Relations Google Spain and Portugal.

Áurea Roldán emphasized in her speech that the recently aprobed rules allow to combine data protection, business competitiveness and States security, and pointed out that it coordination between national rights and European law is necessary. On the other hand, Francisco Ruiz Antón explained that big opportunities brought by big data for all economic sectors could improbe GDP and boost employment. He also informed that Google has tools for users to know and decide about their data.

During this conference, participants stated that big data generates worth of society, for business and public authorities. They stressed that big data development offers an excellent opportunity to improve -individuals and society- life quality in relation to entrepreneurship and innovation.

Furthermore, participants highlighted that data protection concepts standardisation will be positive for enterprises and that industry ideas could be applied at the same time principles are respected.

Also, obvious benefits resulting from the appropriate treatment of data were addressed. Nevertheless, there are still challenges to overcome in the future, obstacles that will be overcome gradually by developing an appropriate regulation and promoting dialogue between the different actors. For this reason, it is very important to establish a system that allows a functional good governance. A governance that assures efficiency through cooperation with other data protection authorities.

  • Round table ‘social benefits of data analysis and respect to fundamental rights: the challenges behind the new European Data Protection Regulation’ consisted of Àngels Barbarà, Director of the Catalan Data Protection Authority; Carmen Pérez Andújar, member and secretary of the governing board of ICAM (distinguished bar association of Madrid), advisor and vice-secretary of the General Council of Spanish Advocates on material and technological means.
  • Round table ‘privacy and big data’ integrated by Carlos Gómez, director of business development for Europe at Waze; José Luis Zimmermann, General director of Adigital; Diego Zuluaga, Head of Research at EPICENTER and Financial Services Research Fellow at the Institute of Economic Affairs; Josep Domingo-Ferrer, Distinguished Lecturer of Computer Science at Universitat Rovira i Virgili de Tarragona and holder of the UNESCO Chair on Data Privacy; and Javier Puyol, Lawyer, Magistrate and former Attorney of the Spanish Tribunal Constitucional.
  • Conference ‘the new European Data Protection, Big Data and Innovation Regulation’, directed by Paul de Hert Co.directing Lecturer at the Research Group on Law, Science, Technology and Society Studies, Vrije Universiteit Brussel, coDirector of the Privacy Hub, Bruselas.
  • Round table ‘big data and health and biometric research data’ featured by Mark Phillips, researcher at the Centre of Genomics and Policy, McGill University, Montreal; Miguel Vázquez, researcher at the Spanish National Cancer Research Centre (CNIO); and Pilar Nicolás, researcher and Research projects coordinator at the the Inter-University Chair of BBVA Foundation
  • Round table ‘New European regulation on cybersecurity’, consisted of Alejandra Frías, magistrate, member of the National Cybersecurity Board; Borja Adsuara, expert consultan to Digital Law and Strategy; Francisco Pérez Bes, General Secretary of National Institute of Cybersecurity (INCIBE) and José de la Peña, director of the journal of the cybersecurity journal SIC.
  • Round table ‘Public Information re-use and data anonimisation’ featured by Esperanza Zambrano, general subdirector of claims at Council of Transparency and Good Governance; Iñaki Vicuña, Director of the judicial documentation center of the general council of the judiciary (CENDOJ) and former director of The Data Protection Agency of the Basque Country; and Mercedes Fuertes, Administrative Law Lecturer at Universidad de León.
  • Conference ‘European reforms on personal data protection’ directed by Bruno Gencarelli, Head of the Data protection unit of the European Commission.

The closing was presided by Carlos Lesmes, President of the Supreme Court and of the General Council of the Judiciary, who talked about the right to data protection and higlighted the progress made in terms of transparency. He referred to the tension between publicising and secret’ and brought up the need for Public administrations to continue progressing in cybersecurity regulation.

29 June 2017

The Universidad CEU San Pablo Google Chair on Privacy, Society and Innovation has held its V International Conference, in which technology law and innovation in the light of the Privacy European Framework has been debated. The Conference has become, this edition, an event of special importance, since it has shared date with the V anniversary of the Chair. It has also been the first forum on this matter after the passing of the Personal Data Protection Draft Act.

A total number of 25 speakers have addressed matters such as technology law and innovation, intelligent machines, cybersecurity, data driven innovation, NIS directive or the new European framework on data protection. The v Conference, participants, among others, were Juan José González Rivas, the President of the Spanish tribunal Constitucional; Mar España, the director of the Spanish Data Protection Agency; Áurea Roldán, Under-secretary of justice; José María Lasalle, the state secretary of Information society and digital agenda; and Richard Salgado, Google global director of law enforcement and one of the leading international experts in online security.

The European Union Data Protection Regulation and its adaption to Member States legislation was debated by experts. They stressed the need for looking for a balance between Information Society’s development and privacy. For this reason, according to what the Under-secretary of justice explained, the Personal Data Protection Draft Act adjusts the European Union Data Protection Regulation to the Spanish legislation. The aim is to establish a common European regime in terms of data protection. Áurea Roldán referred to some of the innovations from the draft in relation to the data of deceased people, the age of consent, the Data Protection Delegate, credit data and sanctions.

The state secretary of Information society and digital agenda informed about the digital strategy that Spain will carry out until 2025, together with social agents. José María Lassalle mentioned his five main fundamental pillars: the data economy, 4.0 ecosystems, smart regulation, technology infrastructures and digital citizenship. Furthermore, The State secretary brought up the need for considering the importance of data in the new digital economy and for facing this evolution in a responsible manner.

the director of the Spanish Data Protection Agency Mar España explained how the adaption process to the new data protection framework has been carried out in Spain. She highlighted that the legislation has gone from a reactive to a proactive approach. According to Mar España, the Regulation implies a challenge for citizens, enterprises – that have to adjust without incurring structural costs – and public administrations , which will need to change their methodology.

The Chairholder, José Luis Piñar, emphasized that ‘we must respect the right to privacy, but that technology innovation is essential for the development of the society; we must look for the appropriate balance though, while always applying common sense.

Data management and Security

the Director of Head of Public Policy & Government Relations Google Spain and Portugal Francisco Ruiz Antón, brought the attention to several data-related aspects that are being the focus of a ‘distorted debate’. Thus, he stated that at the current moment a data property right does not exist; that the insistence for adding value to data is ‘dangerous’; and that sometimes whether data represent an obstacle to entering the market can be questioned. For Google, ‘In contrast to natural resources, data are unlimited, and any enterprise can obtain them’.

According to Richard Salgado, the Google global director of law enforcement, argued that ‘today laws might not be effective tomorrow, due to the technologies fast advance’ and that it is necessary to combine legislation and online security technologies development.

Juan José González Rivas, President of the Spanish Tribunal Constitucional, closed the V International Conference and stressed that the Google Chair has positioned itself as the cutting-edge regarding knowledge on privacy and innovation. González Rivas added that ‘law-makers must set a framework thar protects privacy’ and claimed the importance of cybersecurity for the regulation to protect online infrastructures.

Throughout the Conference, the book titled ‘General Data Protection Regulation: towards a new privacy model’ (Reglamento General de Protección de Datos: hacia un nuevo modelo de privacidad) was presented. It is the first work ever published in Europe about Date Protection Regulation. Besides, Jorge Villarino was given the Google Chair Research Award IV, for his paper on ‘Privacy in the cloud computing environment’ (La privacidad en el entorno del cloud computing).

Round tables

The first round table was on ‘Intelligent machines, rights and data protection’ and was chaired by Carmen Pérez de Andújar, vice-secretary of the General Council of Spanish Advocates on material and technological means. The table was integrated by Asunción Gómez Pérez,

Lecturer at the Artificial Intelligence Department of the Universidad Politécnica of Madrid; Natalia Martos Díaz, Andersen Tax & Legal Partner; and Alfonso González Herrero, Director of Government Relations at IBM. It was highlighted that technology must be base don ethical principles that need to be applied on a strictly profesional atmosphere and that artificial intelligence must not replace but complement human action.

The second table addressed ‘the new European Data Protection Regulation: Where are we heading?’ chaired by Margarita Uría, director of the Data Protection Agency of the Basque Country. The table consisted of José Amérigo, General Technical Secretary of the Ministry of Defence; Rafael García Gonzalo, Head of International Relations at the Spanish Data Protection Authority (AEPD); Cecilia Álvarez, President of The Spanish Association of Privacy Professionals (APEP); Karolina Mojzesowicz, Deputy Head of the Data Protection Unit from the European Commission; and José Luis Piñar, Chairholder. The experts talked about the elaboration process of the future Spanish Organic Act on Personal Data Protection, which will transpose the European Regulation. Regarding this regulation, some aspects were highlighted. For instance, the importance of the European Data Protection Committee; the enterprises data management, the data of deceased people; or minor’s consent. It was stressed thar not all matters can be solved out only by implementing data protection and that states legislation should have a more holistic approach on this subject.

The round table chaired by José Luis Zimmermann, General director of Adigital, brought up the question ‘What type of cybesercurity according to NIS Directive?’. This table was featured by Mar López Gil, Head of the Security Office of the National Security Department; and Gema Campillos, General Under-secretary of Information Society Services. The experts explained the NIS Directive main lines of strategy, highlighting that its aim is States to have a security strategy by applying homogeneous criteria.

During the last round table, the subject was ‘Data driven innovation and privacy’. It was led by Ángels Barbarà, Director of the Catalan Data Protection Authority. The participants were: Flora Egea, Data Privacy Officer at BBVA; and Gianluca D’Antonio, President of ISMS Forum. They laid out the challenges related to combining both big data and the information principles, consent and security. The participants also talked about the essential role that the Data Protection Representative will play.

28 June 2019

The Universidad CEU San Pablo Google Chair on Privacy, Society and Innovation has hosted its VI International Conference, in which Artificial Intelligence and Data Economy: the General Data Protection Regulation. Present and Future Challenges was debated. During the Conference, the need for Law and Ethics must go hand in hand with twchnology in order that progress respects rights and rules and does not set an obstacle to the unquestionable benefits of innovation.

A total number of 24 speakers, including some of the leading international experts in terms of quantum computers, artificial intelligence, robotics, law and data protection regulation. They tackled topics such as social media security, ethical tretament of personal data, algorithms and Data Ownership, intelligent Machines, data-driven innovation, transhumanism or the General Data Protection Regulation (GDPR), fully aplicable already.

This time, the VI Conference consisted of Encarnación Roca Trías, the Vice-president of the Spanish Tribunal Constitucional; Juan Ignacio, the Director of the Max Planck Institute for Quantum Optics and award-winner of Premio Príncipe de Asrturias; and Leonardo Cervera, the director of The European Data Protection Supervisor

José Luis Piñar, The Google Chairholder stressed that law is used to facing and overcoming disruptive situations and that it is necessary to tackle them with measures that take into consideration law, ethics and technology, so that they lasto ver time. In this respect, the Chairholder stated that the European regulation lets rules to adjust to future technological advance; creating a global policy for the first time in history

 

Encarna Roca, the Vice-president of the Spanish Tribunal Constitucional brought up the challenges that disruptive technologies such as artificial intelligence or robotics mean for Law. She posed the question of whether we are going towards a “virtual person right”’ and pondered whether ‘human person’ ter mis already a redundancy. She also stood up for the idea that individuals must be informed of the internal logic behind the algorithm he opts for.

Francisco Ruiz Antón, the Director of Head of Public Policy & Government Relations Google Spain and Portugal, rejected disagreed on comparing data with the new oil, because they are not a scarce resource nor exclusive. Neither they can be stored by an only actor. He stressed that data themselves have no worth if they do not organise or are interporeted. Besides, they are owned by the user, who has got the right to share them. However, Ruiz Antón emphasized that there must be transparency and that the owner of the data is the one who acquires and transfers them.

In this regard, he pointed out that Google users can exercise their right to delete all their data any time. He also stated that ‘ it is essential that policy-makers take into account all law, privacy and new technologies development. According to María Álvarez Caro, Manager of Public Policy & Government Relations Google Spain and Portugal, in regard to principles and an ethical framework, which are necessary for the development of AI, they must have a positive social impact, being applied there when benefits clearly exceed the risks.

Juan Ignacio Cirac explained that the quantum computer -which lets creating new algorythms- will revolutionize the IT world and that will have a big impact on all sectors of society, as well as on social media society and data protection. Thus, these computers must be equipped with mechanisms that prevent other quantum computers from deciphring codes, so they are much safer than current ones.

On the other hand, Leonardo Cervera, made clear that the General Data Protection Regulation does not aim to block IT development, but to set certain ‘red lines’. Therefore, according to Cervera, the new European regulation is felxible and that it is necessary to go towards an ethical dimensión that includes industry and politics leaders.

The first round table was about ‘Artificial Intelligence, Robotics, Ethics and Law’ and was chaired by Antonio Estella Noriega, Administrative Law Lecturer, who holds the Univrsidad Carlos III Jean Monnet “ad personam” Chair on European Economic Governance Law. He was acompanied by Alessandro Mantelero, Associate Lecurer of Private Law (Politecnico di Torino); Concha Monje Micharet, Research at the Universidad Carlos III Robotics Lab; Julian Kinderlerer, Emeritus Professor of Intellectual Property Law at Universidad de Cape Town and former President and member of the current European’s Commission Group on Ethics and Science in New Technologies (EGE); and Nuria Oliver Ramírez, director of Data Science Research at Vodafone.

This table focused on the benefits that intelligent machines and their values have for clients. Also, it was said that data security is a universal asset and that citizens must know what decisions are made on their behalf.

The second table was about ‘Artificial Intelligence, Rights and the General Data Protection Regulation’. It was chaired by Patricia Juárez Patrón, Consultant at Analistas Financieros Internacionales (Afi). The table was featured by Emmanuel Daoud, Vigo Avocats, (París) Partner; Aurélie Pols, Chief Visionary Officer, Mind Your Privacy and member of the European Data Protection Supervisor’s Ethics Advisory Group; and Moisés Barrio Andrés, Attorney at the Spanish State Council.

At the table, the question on whether our legal system is appropriate to regulate artificial intelligence or robotics challenges was brought up. It was also stated that Law already has means to confront these challenges. Also, the dividing line between personal data and non-personal data is harder to recognise now. However, thanks to the new Regulation, the first step in terms of consents has been taken. Furthermore, subjects such as business accountability and transparency, how to adjust law to transhumanism or how to assess new values were bropught up.

The third table tackled ‘Artificial Intelligence, Algorithms and Data Ownership’ and it was chaired by Mercedes Fuertes López, Administrative Law Lecturer are Universidad De León and permanent board member of the General Codification Commission. Juan Antonio Hernández Corchete, Attorney at the Spanish Tribunal Constitucional; and Javier Torre de Silva, Attorney at the Spanish State Council, also took part.

The speakers discussed judicial matters related to data treatment, such as the European Union’s concern in regard to the judicial uncertainty that could block Artificial Intelligence development. The focus was also set on how to balance companies technological progress and their right to secrecy, and the transparency that allows people to know where their data go. The participants discussed Data Ownership and the legal problem of combining economic actors and personal data too.

‘Data cannot be considered state property, but they must be under protection’, Hernández Corchete sentenced. On the one hand, according to the Attorney at the Spanish Tribunal Constitucional, ‘the core of personal data is linked to every person’s autonomy’. From his point of view, it must be discussed what are the collective values and how they interact with the citizens capacity to make a number of decisions’. On the other hand, he points out that most data are used in the Industry and Business fields. Therefore, they must be protected appropriately. According to Torre de Silva, the Spanish Act on Trade Secrets protects industrial data to a great extent. However, this act is not ideal to protect these data from unfair competitors.

Regarding Data Ownership, Torre de Silva agreed with other participants on the idea that data cannot be considered an asset ‘as oil’ and stated that they do not consider paying for personal data has a clear future.

In the last table, representatives from the business world discussed about ‘Artificial Intelligence and Data-Driven Innovation’. It was chaired by Zoraida Frías Barroso, Assistant Professor at Universidad Politécnica de Madrid. The participants were Marcelo Soria-Rodríguez, Vice-president of Data Services at BBVA Data & Analytics, José Manuel García Gavilán Strategic Customer Director of Google Cloud; and Pedro Romera, Business Developer Manager for Machine Learning, Artificial Intelligence & Big Data at Amazon Web Services, EMA.

The speakers explained the way in which their systems for data treatment systems have been developed in order to help citizens and meet their needs. They agreed on the importance of accountability and consent in data use to create new goods and services.

27 June 2019

The Universidad CEU San Pablo Google Chair on Privacy, Society and Innovation organised its annual VII International Conference on 27 June. During the Conference, some of the national and international leading experts on data protection from both public and private sector and academic and judicial fields discussed the ‘Right to personal data portability, privacy and promotion of the data economy competition’ and businesses daily appliance and transformation to comply data protection regulations was also assessed.

In this round tables and talks, held throughout the Conference and in which approximately 30 experts participated, it was highlighted that ‘portability without interoperability and without commitment may cause that right to privacy comes to nothing’, as Chairholder José Luis Piñar had already stated.

Regarding the right to data portability in between enterprises, a key element during this seventh edition-, María Álvarez Caro, Manager of Public Policy & Government Relations Google Spain and Portugal, stressed that her company ‘have been facilitating personal data portability for 8 years and that General Data Protection Regulation entails the ideal framework to guarantee an appropriate portability and the wanted promotion of competition’.

By delving into the responsibility aspect, during the opening, the President of The Spanish National Markets and Competition Commission (CNMC), José María Marín Quemada, said that ‘big companies must take responsibility into account very seriously’. On the other hand, he mentioned that those who work in competitiveness and regulation agencies consider that data are not ‘cloud or companies’ data, but users’ data; and that’s the reason why it must be them who decide how they want to use and access those data’. At the Conference, Marín Quemada made clear that the institution he presides, does not only regulates and sanctions, but also collaborates with enterprises with the aim to achieve a correct development of the Economy.

Universidad CEU San Pablo Rector Magnificus Antonio Calvo oversaw the opening of this seventh Conference. He highlighted the University attempt to educate students on digital era, as well as he acknowledged Google’s work in this matter.

This Seventh Conference was featured by Greg Fair, Global Senior Products Manager of Data Privacy and Protection off Google and Yann Padova, Partner in charge of Personal Data Protection at Baker & Mckenzie Paris and former General Secretary of the French Data Protection Authority (CNIL).

During his talk, Greg Fair, Global Manager of many of the Google privacy products, he explained that portability is one of the elements that the enterprise is focusing on since 2007. Also, he explained the Data Transfer Project (DTP) for personal data direct portability among enterprises. The aim of this project is to ‘provide safe services for data transfer between enterprises of any size. We want to collaborate with all sorts of enterprises no matter the size. We are open to every company’. Later, in this same round table, Fair said that ‘privacy is not a universal concept. They way in which it is perceived can vary significantly between 2 subjects and that is why information is so sensitive’. 

During his talk, Yann Pandova analysed the evolution of data sharing from a business point of view. He analysed its origin and explained that a change in terms of data sharing is taking place. The exchange between algorithms and knowledge. According to him, this is the type of change that builds the future.

  • The first round table was chaired by Marcos Judel, President of the Spanish Association of Privacy Professionals (APEP). The table was on ‘the right to portability in the GDPR’. Flora Egea, Data Protection Officer at BBVA, explained how, after a long period of ‘reticence and uncertainty’ in the banking sector, the fundamental basis for the judicial safety reinforcement were set out. José Amérigo, General Technical Secretary of the Ministry of Justice, who has first-hand experience of the adaption process of the Spanish Organic Act on Personal Data Protection to the European Regulation. He stressed that the right to portability -a matter in which more than 26 entities addressed during the Act project public consultation- ‘is emblematic of the problems we regarding the wording of the Act’. Meanwhile, Mario Guglielmetti, Legal Officer of the European Data Protection Supervisor explained and compared some of the aspects included in the GDPR and concluded that interoperability is also important for competitiveness as the European Commission paper ‘Competition Policy for the Digital Era’.

Javier Torre de Silva, Partner at CMS Albiñana & Suárez from Lezo and Attorney at the Spanish State Council emphasized the need to distinct between personal data and non-personal data, that -as he described- has an extraordinary economic worth’. Regarding non-personal portability, he informed that doctrine does not take for granted that it must exist and that is why it is not acknowledge on a general basis: ‘when there is not a fundamental right standing in the way, the situation is unbalanced ‘. For Torre de Silva, it is necessary to ‘take care of the different Member States portability regulation; we are at a transition period, but game rules should be the same for all the companies involved without exception’. 

  • The second table was chaired by Carlos Saiz, Vice-President of the ISMS Forum and Director of the Data Privacy Institute. The table was about ‘direct portability between enterprises: technical viability and competitiveness promotion’. Thomas Van der Valk, Privacy Policy Manager of Facebook for Europe, Middle East and Africa also agreed on the importance of data portability within his company: ‘it is a key issue. When privacy is threatened, integrity must be a guaranteed service anywhere. The ultimate aim is to offer data protection for users and not compromise their private information’.

On the other hand, Jerónimo Maíllo, EU Law Lecturer and Coordinator of the Competitiveness Policy Centre in the Institute for European Studies at the Universidad CEU San Pablo, stated that ‘the right to competitiveness must be the core of effective competitiveness’. For him, ‘anti-trust law will play a very important role in data portability and business volume among enterprises’. Luis Bermúdez, General secretary at Grupo Mutua Madrileña, referred to the UNESPA self-regulation guide for the personal data treatment, that among other things, entails the right to portability and data privacy in the insurance sector.

  • The third round table, which dealt with ‘Portability, Data Economy the Right to competitiveness’ was presided by Leticia López-Lapuente, Director Partner of the Data Protection and e-Commerce Area at Uría & Menéndez. The participants brought up the economic value of data. They also addressed the fact that the EU is aware of how portability leads to competitiveness. Mariano Bacigalupo, advisor at The Spanish National Markets and Competition Commission (CNMC) informed about the difficulty to tackle the channelling of data treatment and talked about the difference between data exchange and data access in portability processes of the subscribers numbers and of those marginalized from that portability. Lucas Blanque, Attorney at the Spanish State Council and Head of the Judicial Services General at the Council of Spanish Advocates, analysed portability from public sector perspective: ‘before Public Administrations, the right to portability cannot be executed. However, there is an actual data exchange between them’. Raúl Rubio, Partner in charge of Information Technology at Baker & Mckenzie discussed data applied to banking and their taxation. Data is started to be valued economically, but it is hard to assign them a certain economic value.
  • The last round table focused on ‘Data Protection, Data Sharing and Data for Good’. Ana Jiménez Castellanos, Associate Partner, Artificial Intelligence & Data Science at EY highlighted the importance of the algorithms present in the development od Artificial Intelligence for data treatment. On the other hand, Nuria Oliver, research director on Data Science at Vodaphone expressed the importance of the ‘good use of data to achieve a positive social use’. According to Oliver, reputational Social Ciences that study data related to human behaviour are key to ‘help us improve the world’.

Juan Murillo, Data Strategy & Data Science Innovation Senior Manager at BBVA brought up the 17 Sustainable Development Goals and thopse projects executed by BBVA that imply digital fingerprint for card users. According to him, ‘one of the biggest challenges is to gain Governments and Public Administrations trust’. Juan Antonio Hernández Corchete, Attorney at the Spanish Tribunal Constitucional, shared his asessement on data portability, the utility of these data, still in the private sector, and the voluntary principle. The table was chaired by Cristina Morales Puerta, General Subdirector Information Society Content at the Ministry of Economy and Business.

At the closing, José Luis Piñar concluded that ‘lawmakers must be open-minded and be ahead of their time; being always aware of self-regulation that let us adapt to portability and data protection and the right to free competition. Pedro González Trevijano, Magistrate at the Spanish Tribunal Constitucional reminded that ‘it is essential to have human rights guarantees. It is the first time that the Tribunal Constitucional determines that, our Constitution might include an evolution of our fundamental rights based on a EU regulation’. He was talking about the recent Tribunal Constitucional’s sentence that cancelled the possibility for political parties to treat political opinions-related data without consent. Finally, Carlos Pérez del Valle, Dean of the Law School at Universidad CEU San Pablo closed the Conference.

24 de Junio de 2021

Experts warn that there is the need to clarify the international legal framework for the use and flow of data.

  • The South EU Google Data Governance Chair has been introduced as a European forum for reflection on Data Governance.
  • Giorgia Abeltino, Google: ‘This is one of our most important projects on a European scale’
  • Wojciech Wiewiórowski, European Data Protection Supervisor stressed the need to ‘clarify’ data governance

On 24 June, the Chair on South EU Google Data Governance was introduced as an European forum for reflection on future challenges in terms of data regulations and data governance. It was chaired by José Luis Piñar, Lecturer at Universidad CEU San Pablo, whose Academic Council consists of the Lecturers: Maria da Graça Canto Moniz (Universidade Nova of Lisboa); Georgios Yannopoulos (National and Kapodistrian University of Athens) and Vincenzo Zeno-Zencovich (Università RomaTre).

During the first International Conference, a wide number of experts from the public sector and the academic world who work with data protection discussed data governance future and international data transfers.

European forum of reflection, debate and research

Director of Government and Public Policy Relations for the South of Europe at Google, Giorgia Abeltino, stressed that the Iniciative aims to go beyond the analysis of the impact of data governance. She affirmed that ‘Google is particularly engaged with the academic and research community work, so this new Chair is one of the most important projects at a European level. It could substantially contribute to shape the debate on data governance’.

The first edition of this International Conference was featured by Wojciech Wiewiórowski, European Data Protection Supervisor, who explained that monitoring is not only on the Politics side, but also on the Business and Civil Society sector, as well as a ‘scientific approach is needed’. However, he acknowledged that European initiatives include a high complexity for digital governance and that it must be ‘clarified’. He confirmed that the EU Works on several initiatives such as the Digital Services Act.

Regarding the Artificial Intelligence Act, he explained that, even though he’s got ‘doubts’ about the need of introducing a new legal frame, it is a ‘suplement’ that completes the European legislation. That’s the reason why Wiewiórowski specifyed that this new Chair could become a meeting point for solutions proposals in the research field; ‘an exercise for policy-making in specially complex cases’.

During the opening, Francisco Pereira Coutinho, Vice-dean of the Law School at Universidad Nova of Lisboa; Meletios - Athanasios C. Dimopoulos, Rector of the Athens University; and Rosa Visiedo, Rector of the Universidad CEU-San Pablo of Madrid; took part.

Round tables

The first round table was on the ‘future of the data governance and data regulation’. It was chaired by the Co-ordinator South EU Google Data Governance Chair José Luis Piñar, who stated that the concept of governance is wider than data governance, what ‘implies proactive responsibility, transparency and a narrow relationship between government and civil society’.

Maria da Graça Canto Moniz, Visiting Associate Lecturer at the Nova Law School and Associate Lecturer at Universidade Lusófona of Lisboa, focused her speech on the problems raised by the General Data Protection Regulation and the Data Governance Act (DGA).

However, she aims to ‘promote data availability to gain trust on data’. By reinforcing data exchange mechanisms all over the EU. However, there are obstacles to regulate both personal data and non-personal data under the same regulation, open data and the use of information in the public sector.

This way, Canto Moniz specified that, among the definitions that should be tackled or clarified, are those that are identified by DGA, as ‘data holder’, ‘sharing service provider’, ‘user’ or ‘data altruism’. Since it is far from clear how these concepts can be used in the data protection field. The same thing happens with those concepts related to personal and non-personal data usage and mixed data. As the Lecturer said: ‘the lack of coherence in the Regulation leads consequences such as the ‘legal insecurity’, what would weaken the protection that the GDPR aims to guarantee’.

On the other hand, the Associate Lecturer on IT law and Computer law and Director of the Law and IT Lab of the University of Athens, Georgios Yannopoulos, raised the question about what would happen with certifications in case that les regulation meant more trust on companies; or, in the contrary, who would impose an ‘excess of regulation’: how many authorities are needed for its control, why data or why a law-maker for law-makers is needed.

Nevertheless, he acknowledged that many of those questions did not have an answer yet. He relied on the idea that of these being indicators of how researchers will find the answers or guidelines for legislation regulations interconnections.

The last participant of the table, the Chaired Lecturer of Comparative Law at Universidad de RomaTre Vicenzo Zeno-Zencovich, considered that the EU has an ‘excess of authorities in charge of regulation’, with more than nine entities already present in different fields such as
telecommunications, data protection, media, consumers, competitiveness and cybersecurity. Some others such as ‘Data Innovation Board’ or Artficial Intelligence regulatory sandboxes are added to them. In relation to the second one, from his point of view, this could be applied to marketing, but not to legal matetrs’.

Both Yannopoulos and Zeno-Zencovich agreed on warning of an excess of regulation (hiper-regulation): ‘there cannot be a law-maker for every country’. This could generate ultimately a ‘data chaos’ caused by a conflict between regulation and law-makers, at a European level as well as an international level.

The second round table focused on ‘international personal data flows. Bojana Bellamy, President of Centre for Information Policy Leadership at Hunton Andrews Kurth highlighted that ‘data flows are critical o the economy, for society progress in the context of the 4th revolution in which we are inmerged’. After this pandemic, it is absolutely essential that we start being capable of sharing data for health protection’.

According to what Bellamy said, this issue causes confusion and affects all enterprises at a global level. It is one of the three main challenges on a commercial, strategic and compliance scale for enterprises that function internationally. Furthermore, he stated that the new standard contractual clauses provide judicial security but generate an important bureaucratic burden enterprises compliance.  

Bellamy concluded that ‘market efforts are trying to control data location, data sovereignty and cloud services as a solution to some of their problems, but this is not what Europe is about.

On the other hand, Alex Greenstein, Director of Privacy Shield in the U.S. Department of Commerce, focused on the difficulty to cuantify risks and benefits caused by data flows. He analysed the USA and the EU in relation to this issue.

Greenstein stressed that this issue must be of ‘high priority’ for the US government, and since the first day of Biden Administration after he took office, it has been given an extremely high level of attention’.

In this respect, he explained that ‘the United States and Europe are closer that what could be expected’, since both share the same fundamental values and the respect for privacy. However, they have a different approach on the matter. Finally, he added that ‘even though the United States have a different legal system, we are committed to overcome these differences and focus on finding ways to work together on the issue’.

Ralf Sauer, from the International data flows and protection unit at the Directorate-General for Justice and Consumers of the European Commission, confirmed the European Commitment to data flows: ‘if there is a block that takes a chance on the fight against protectionism in terms of data, that’s the European Union. The Union has defined a very clear policy regarding this matter during its trade negotiations’, said.

According to Sauer, the European regulation on this issue aims to ‘guarantee equal conditions’ of all Parties, so that those who want to take part from the outside can play under the same rules than European actors. Furthermore, he pointed out the need to ‘guarantee that we are capable of using data in Europe and that we have the necessary infrastructure to manage and maintain data access’. This is not related to protectionism’, he settled.

To conclude his talk, Sauer highlighted the work that is being done on a OECD level and other international forums in order to achieve global principles on data access and governance.

At the closing, José Luis Piñar concluded that ‘it is necessary to clarify the legal framework on data use and flow at an international level and to find solutions to end the current situation regarding hyper-regulation’.

Seminars

21 January 2013

Joel Reidenberg

The I Permanent Seminar took place in the boardroom of Rectorate
of the Universidad CEU San Pablo of Madrid. It was featured by Jol Reidenberg, Publi Law Lecturer and Director of the Law and Information Policy Center of Fordham University, New York.

Lecturer Reidenberg introduced the approach on the General Data Protection Regulation from the other side of the Atlantic, providing essential elements to the debate that can help to understand the effects of this legal framework beyond our borders.

7 March 2013

Karim Benyekhlef

The II Permanent Seminar was featured by Karim Benyekhlef, Law Lecturer and Director of the Centre de Recherche en Droit Public at the University of Montreal.

Benyekhlef focused on how democratic systems are facing the new challenges that privacy and security bring. From a comparative law point of view, he stressed that the main questions in relation to a new scenario in which the need to guarantee security has an impact on the global human rights protection system.

21 May 2013

Alejandro Perales

The III Permanent Seminar took place in the boardroom of Rectorate
of the Universidad CEU San Pablo of Madrid. It consisted of Alejandro Perales Albert, President of the Association of Media Users (AUC) and Member of the Advisory Council of the Spanish Data Protection Authority (AEPD).

Alejandro Perales delved into data protection and privacy from the point of view of citizens, highlighting the regulation and the latest news present in the General Data Protection Regulation submitted by the European Commission. After his speech, an interesting debate on current data protection challenges and concerns that consumers are facing was started among participants. The main focus was on social media usage, particularly regarding children and teenagers.

16 October 2013

Yves Poullet

The IV Permanent Seminar of the Chair took place in the boardroom of Rectorate of the Universidad CEU San Pablo. This time, the speaker was the Lecturer Yves Poullet, Rector, Law Lecturer and Member of the Centre de Recherche Information, Droit et Société (CRIDS) from the University of Namur, Belgium.

Poullet, one of the international wide leading and most and well-known experts on privacy and new technologies law, presented his thesis on the relation between Privacy and Technological Relation in the European context. He also provided interesting data on New Technologies assessments carried out in several research centres from all over the world. These figures particularly focused on: private life, freedoms and Information and Internet Society and its governance.

22 May 2014

Jon Allen, Karim Benyekhlef, Vincent Gautrais, Nicolas Vermeys

The Ambassador of Canada to Spain, Jon Allen, introduced the Chair V Permanent Seminar. He was accompanied by other speakers: Karim Benyekhlef, Vicent Gautrais and Nicolas Vermeys; Law Professors and Members of the Centre de Recherche en Droit Public from the University of Montreal, pioneer in Internet Law.

This V Seminar permitted offering attendees a Canadian perspective on the relation between private life and technological innovation in certain areas such as the right to oblivion in Canada and the USA; Snowden-PRISM case and its impact on the relation between security and privacy; the ‘consent’ concept in the present Internet context; of the future impact of the new EU General Data Protection Regulation. He made clear that Canada plays an essential role in the shaping of Data Protection Law internationally.

22 October 2014

Giovanni Buttarelli

The IV Permanent Seminar of the Chair took place in the boardroom of Rectorate of the Universidad CEU San Pablo. It was featured by The European Data Protection Supervisor, Giovanni Buttarelli.

Buttarelly announced to the attendees that the future General Data Protection Regulation, that has been being drafted since 2021, could start being applied in the first Semester of 2018. He also offered some interesting data in regard to the Regulation and insisted that a strong but flexible legal framework is necessary to confront a globalised world and resist the passing of time in a changing technological context.

The European Supervisor pointed out that data protection implies deeply assessing international information transfers, as well as big data and cloud computing phenomena.

 

12 February 2015

Karim Benyekhlef

The Spanish Minister of Justice, Rafael Catalá, chaired the VII Permanent Seminar, which took place in the Assembly Hall of General Council of Spanish Advocates, in Madrid.

The opening act also consisted of Carlos Carnicer, President of the General Council of Spanish Advocates; Francisco Ruiz Antón, the Director of Public Policy & Government Relations Google Spain and Portugal; and Jon Allen, the Ambassador of Canada to Spain.

After the opening, Karim Benyekhlef, Law Professor and Director of the Centre de Recherche en Droit Public and Director of the Cyberjustice Lab of the University of Montreal, gave a very interesting lecture on ‘The access to justice: a democratic requirement. Reflections on Cyberjustice’. Benyekhlef explained the important role of the Laboratory as a ‘space for re[1]flection and creation where the legal proceedings are modelled and rethought in order to better respond to what citizens expect’.

Afterwards, a dialogue moderated by the Chairholder, José Luis Piñar, on rights, personal data treatment and technological innovation in the field of justice was started. In this table, Iñaki Vicuña, Director of the Judicial Documentation Centre of the General Council of the Judiciary (CGPJ) and former Director of the Data Protection Agency of the Basque Country; and Esther Mitjans, Professor at the University of Barcelona and former Director of the Data Protection Agency of Catalonia.

The Seminar concluded with a round table on Modernisation of Justice and Information Technology. It was chaired by Rosa Tomé, Secretary of the Legal Advisory Committee for the Implementation of the Judicial Office. The participants were Pere Lluis Huguet, Vice-President of General Council of Spanish Advocates (CGAE); Jesús Remón, Partner at Uría&Menéndez; Juan Carlos Garcés, Manager of Judicial Computing at General Council of the Judiciary (CGPJ); and Luis Bustamante, General Sub-director of New Technologies at Ministry of Justice.

For the conclusions, Professor José Luis Piñar stressed that the challenge of eliminating the written version of the Justice administration will take a whole generation; it will be slow and it is going to imply a significant legislative effort’.

23 April 2015

Nelson Remolina

The VIII Permanent Seminar of the Chair took place in the Post graduate School of the Universidad CEU San Pablo. It consisted of Nelson Remolina, Professor at the Universidad de los Andes (Colombia) and one of the creators of the Ibero-American Data Protection Network (RIPD). He gave a speech on ‘the International Data Collection as a Challenge of the Post-Internet World’.

Remolina, one of the most well-known experts in data protection in Latin America, urged States to guarantee people’s protection in the cyberspace, since rules on this issue were made when only a few people had Internet access. He also warned that, currently, ‘anyone with Internet Access is a potential international data collector’.

During his speech, the speaker highlighted that all the challenges related to data protection must be solved out by achieving international agreements that try to set he basis for rules that could be approved by all agents involved. This basis must guarantee citizens protection in this new world that ‘does not have borders nor territories.

VIII Seminario Permanente: "Recolección internacional de datos como reto del mundo post internet".
7 October 2015

William Malcolm y Stephan Micklitz

William Malcolm, Privacy Counsel at Google and Stephan Micklitz, Engineering Director of Google, were speakers at the IX Permanent Seminar that took place in the Rectorate of the Universidad CEU San Pablo.

The Chairholder, José Luis Piñar, moderated the session, where guest experts explained how they confront technical and judicial implications in relation to data privacy and protection, from technological enterprises.

18 April 2016

Antonio Estella, Timothy Endicott, Alessia Fachechi

The XI Permanent Seminar of the Google Chair took place in the Rectorate of THE Universidad CEU San Pablo, around a table moderated by Professor Piñar; Antonio Estella, Professor at Universidad Carlos III of Madrid and Jean Monnet Chair ‘Ad Personam’. In this Seminar, Timothy Endicott, Professor and former Dean of the Faculty of Law at Oxford University; Alessia Fachechi, Professor at Seconda Universitá degli Studi di Napoli.

At the round table, the lecturers spoke about the ODR Systems tat companies have created in order to use them as a faster and more efficient bargaining tool. Thus, companies will enhance confidence and will ensure the functioning of e-commerce. They also accused ‘digital civic virtue’ and the use of electronic tools in political participation, pointing out that new technologies enable us to deepen in this direction as demonstrated by public initiatives of participatory democracy. Furthermore, issues related to cyberjustice were addressed by Timothy Endicott.

X Seminario Permanente: "Diálogo sobre ciberseguridad e innovación".
18 April 2016

Antonio Estella, Timothy Endicott, Alessia Fachechi

The XI Permanent Seminar of the Google Chair took place in the Rectorate of THE Universidad CEU San Pablo, around a table moderated by Professor Piñar; Antonio Estella, Professor at Universidad Carlos III of Madrid and Jean Monnet Chair ‘Ad Personam’. In this Seminar, Timothy Endicott, Professor and former Dean of the Faculty of Law at Oxford University; Alessia Fachechi, Professor at Seconda Universitá degli Studi di Napoli.

At the round table, the lecturers spoke about the ODR Systems tat companies have created in order to use them as a faster and more efficient bargaining tool. Thus, companies will enhance confidence and will ensure the functioning of e-commerce. They also accused ‘digital civic virtue’ and the use of electronic tools in political participation, pointing out that new technologies enable us to deepen in this direction as demonstrated by public initiatives of participatory democracy. Furthermore, issues related to cyberjustice were addressed by Timothy Endicott.

XI Seminario Permanente: "Online Dispute Resolution: Virtud cívica Digital, Democracia y derecho".
25 April 2016

Caitlin Pantos, Cecilia Álvarez y Javier Fernández

The XII Permanent Seminar was moderated by the Chairholder José Luis Piñar. For this occasion, the lecturers were Caitlin Pantos, Senior Engineering Program Manager, Privacy & Security at Google; Cecilia Álvarez, European Data Protection Officer Lead at Pfizer; and Javier Fernández, Partner at Bird & Bird. The major challenges posed by privacy and security to multinational companies were analysed.

During the Seminar, the attendees were informed about the tools made available to users by Google in order for them to protect their online security and privacy. Besides, several examples of innovation which deliver major benefits for people were enumerated. The need of balancing the benefits offered by technologies to both people and society was raised. The lecturers claimed that the problems resulting of data missuses ‘should not prevent us from using necessary information’.

26 October 2016

José Luis Piñar, Alexandre Sousa, Rosario Duaso, Esperanza Ibáñez y Filipa Calvão.

The XIII Permanent Seminar of the Google Chair was held in Lisbon, Portugal, in cooperation with the Institute of Political and Juridical Sciences of the Faculty of Law of the University of Lisbon. Nearly 200 experts on data protection in both the public and private sector attended the Seminar.

This Portuguese-Spanish Seminar - the first Seminar ever held by the Chair outside Spain - focused on the approval of the General Data Protection Regulation of the European Parliament and of the Council. This international edition included the participation of Filipa Calvão, President of the Portuguese National Data Protection Committee; Professor José Luis Piñar, the Chairholder; Alexandre Sousa Pinheiro, Professor at the Facultade de Dreito at the Universidade de Lisboa; Rosario Duaso, Academic Secretary of the Google Chair; and Esperanza Ibáñez, Public Policy and Government Relations Manager of Google Spain.

The lecturers analysed the challenges of the new regulation from different perspectives. They raised the need for a careful reflection on the new legal institutions and the prompt adoption of measures by Public Administrations and companies.

The principles of “Privacy by Design and Privacy by Default” in the regulations were also discussed, as well as the need to combine innovation, data and privacy. To close the event, Filipa Calvão spoke about the new supervisory model and the protection of citizens’ rights.

10 March 2017

Allen Ting

The XIV Permanent Seminar dealt with the ‘European Data Protection Regulation from an Asian Perspective’, through an interesting lecture by Allen Ting, legal expert at Huawei Technologies, former Agent of the Independent Commission Against Corruption (ICAC) and former Chief of the Personal Data Officer at the Hong Kong Personal Data Protection Commissioner.

Ting stressed that the European Regulation will affect every organization in touch with the EU, and that ‘every company shall be bound to comply with it’. He warned that, in the case of Asian companies, compliance would take longer because of the ‘the complexity and significant expansion of their obligations’. Allen Ting also explained the details of the Cybersecurity Act – which will come into force in China in 2017 - and that ‘the Act will require Critical Information Infrastructures operators to pass a national security review’.

25 April 2017

Paul De Hert y Josep Domingo-Ferrer.

The XV edition of the Permanent Seminars of the Chair included the participation of two of the main experts in the international scene on Data Protection: Dr. Paul De Hert, Co-Director of the ‘Research Group on Law, Science, Technology and Society Studie’ at Brussels´ Vrije University and Co-Director of the Privacy Hub (Brussels); and Dr. Josep Domingo-Ferrer, Distinguished Professor of Computer Science at the Rovira i Virgili University of Tarragona and Chairman of the UNESCO Chair on Data Protection.

Professor De Hert focused on the differences between Europe and the United States in the application of policies for personal data protection. He pointed out that the pragmatism needed for data use ‘should not harm the economy’, and stressed that ‘when it comes to privacy and big data we should go from simply protecting the consumer to giving them more power’.

Meanwhile, Professor Domingo-Ferrer considered that ‘the security-privacy conflict does not exist: the former can be achieved by respecting the latter’. He was also in favour of a ‘collaborative anonymization of data in order to keep the self-determination of the subject without data losing their purpose’.

XV Seminario Permanente: "Innovación, Privacidad y valor de los datos para las empresas y la sociedad"
XVI Permanent Seminar: ‘Data Protection and Transparency: Current Situation and Future Challenges in Mexico’
13 de diciembre de 2017

Francisco Acuña Llamas

The XV edition of the Permanent Seminars of the Chair included the participation of Dr. Francisco José Acuña Llamas, President of the National Institute of Transparency and Data Protection in Mexico (INAI). His lecture was on ‘Data Protection and Transparency: Current Situation and Future Challenges in Mexico’. He was introduced by Professor José Luis Piñar, holder of the Google Chair; and Carlos Pérez del Valle, Dean of the Faculty.

Francisco José Acuña Llamas, known as one of the leading experts on data protection in Ibero-America deeply analysed the challenges that Mexico is facing in regard to the reform of the Constitution, which has started to take up the strengthening of transparency and data protection together with the implementation of anti-corruption systems and the creation of an ombudsman, among its main axes.

As Dr. Acuña explained -who owns constitutional autonomy and is the top administrative institution in terms of personal data protection- is immersed in the implementation process of the new Mexican General Personal Data Protection Act, which was passed at the beginning of the year. It will regulate the privacy of 120 million persons and 250 public institutions.

As the President of the Authority highlighted, the reform ‘is not a cosmetic matter to cover Mexican democracy’. Mexico is not a country that has to demonstrate trustworthiness’. He stressed that the INAI faces a ‘massive challenge’: national institutions must not consider it as an ‘uncomfortable authority’, so it needs associates who understand ‘its labour’ and make citizens aware of the fact that ‘institutions are an incentive for the new democracy era’.

In this regard, on of the tasks that has been implemented by INAI focuses on analysing works and projects carried out in Europe. Acuña considers this work as the ‘maximum space for data protection worldwide and an obligatory reference’.

Acuña assured that Mexico studies with interest both the European Data Protection Regulation and the Spanish Act -under reform- with the aim to be considered as personal data protection safe space by the European Commission.  

XVII Seminario Permanente: "Retos del derecho ante la innovación tecnológica"
25 April 2018

José Luis Piñar

After being introduced by Encarnación Roca Trías, Vice-president of the Spanish Tribunal Constitucional and President of the Law Section of Information Technology and the Academy’s Communication; and Antonio Pau, Full Academician and Secretary of the Academy. The Professor brought up issues such as the disruption of technology in the current society and the need to co-exist between physical and digital identities or the vital dialogue between Law, Ethics and Technic.

The Professor analysed the disruption that innovation causes on society and how Law adjusts to a new reality, same as it does with other revolutions.

According to Piñar, ‘Law must know how to react -and not as a mere passive spectator- in the event of Information and Communications Technology or Knowledge Technologies raising. To him, Innovation makes society’s future to become digital and implies the need to set new ‘digital citizens’ rights or adapting the already existing ones to the new environment- ‘Acts are just possible if they go hand in hand with the social and technological reality’. ‘New rights are established for a digital citizenship, in accordance to the current situation. These will bring a future in which the person’s physical identity co-exists with his online identity’, he stated. In this sense, he discussed that ‘it is not about transforming the Internet into an imposed digital environment but acknowledging it as a right’.

Furthermore, he insisted on the need for the regulation to ‘focus on the person and not on the digital era’. On the other hand, he theorized about what he calls the ‘the principle of the inclusion from design and by default’; and about the need for the digital environment to not exclude disabled people. ‘It is not enough to plead precautionary right, but to guarantee that innovation is inclusive’.

Besides, he reflected on the theories of those who think that there will be a time in which human beings free from their bodies and even have access to immortality. According to the Professor, this ‘obliges to establish a dialogue between Law, Ethics and Technic’ to avoid the obsolescence of the former and face the innovation challenges jointly.

A constant dialogue between the University, the Academy and Business that propels research lines and reflects on the contribution that Law can make to the digital environment was one of the subjects of his speech.  

He gave the example of his own Title on Digital Law and Innovation Technology at the Universidad CEU San Pablo, in which students can complete their Law Studies with a solid training on data protection, cybersecurity or artificial intelligence, among other topics.

He concluded his intervention highlighting that innovation ‘requires a relationship between regulation and self-regulation’; something that can be solved, according to the example, with the General Data Protection Regulation, which offers applicable principles to future changes and that leaves an open door for self-regulation.

XVIII Seminario Permanente: "La llamada propiedad de los datos y la tutela de los intereses jurídicos relativoa a los datos"
21 and 28 May 2019

Javier Torre de Silva y Juan Antonio Hernández Corchete

The Google Chair on Privacy, Society and Innovation of the Universidad CEU San Pablo, in collaboration with the Law Section of ICTs of the Royal Academy of Jurisprudence and Legislation, held the 18th Permanent Seminar, under the title ‘The so-called data ownership and the safeguard of judicial interests related to data’.

During the session, Javier Torre de Silva, attorney at the State Council and partner-director of the TMC Department at CMS Albiñana; and Suárez de Lezo, member of the section, reflected on matters such as data ubiquity or the necessary differentiation between data and their content. To him, ‘information only becomes data when it transforms into it and becomes computable’.

Regarding ‘free competitiveness and the use of data in the business sphere, Torre de Silva highlighted that ‘data are found in the core of the digital revolution we are living in’. He affirmed that, in pursuit of a feasible Information Society development, ‘certain information must be able to be used by third Parties without depending on an initial approval’.

On the other hand, according to the thesis of the member of the Section, judicial interests must be protected, no matter what their form is: real or digital. Besides, he highlighted that ‘protected information in the real world, is also protected in the digital one, because the protected judicial interest is the same one regardless the form in which it is represented’.

During his later debate, led by experts from the law and data protection field, who came from both public and private sectors, they brough up the still unresolved questions on Regulations, such as the possibility to have or to not have data property beyond their ownership.

In this sense, during her intervention in the debate, Encarnación Roca, magistrate of the Spanish Tribunal Constitucional and Presidents of the Law Section of ICTs of the Royal Academy of Jurisprudence and Legislation, stressed the fact that the Spanish Civil Code already states the possibility of owning unmaterial goods, such as credit rights. This does not mean that we can acquire the property of those goods by usucaption or their mere continued holding. Giving Intellectual Property as an example, Roca pointed out that he ‘can own an artist’s master piece, but that ownership does not mean getting the artist’s Intellectual Property.

In order to finish the Google Chairholder, José Luis Piñar, stressed the importance of differentiating between personal data and non-personal data, to avoid any confusion.

During the second session, Juan Antonio Hernández Corchete, attorney at the Spanish Tribunal Constitutcional, Member of the Section and Administrative Law Professor, outlined that the idea of associating property and data is not new, it has existed since the 70’s. For Hernández Corchete, the fact that many authors have started to consider data as a ‘commodity’ has re-opened the debate.  

From that perspective, he reflected on the appropriateness of using property right to safeguard rights related to personality that host personal data.

In this sense, the attorney at the Spanish Tribunal Constitucional affirmed that individual rights intrinsic to personal data cannot be protected with property rights: ‘there is no useful enough data property right to safeguard rights related to personality’, he settled.

In terms of personal data ‘social value’, he discussed whether the current society, when economy is built around data, citizens can refuse to transfer their own data. Furthermore, the Professor questioned, in contrast to what some authors state, whether the solution to the dilemma could be assigning a fair compensation and -he nuanced- regulated.

The expert, during his speech, also deepened on the dilemma between consent and the evolution of possible data transfers acknowledged by the user. He concluded that the aspect linked to data personality is more powerful than the economy and that it cannot go against innovation.

To conclude his thesis, the attorney compared the dichotomy between the individual and economic aspect to the distinction between information (sole) and data (duplicable).

In relation to Hernández Corchete speech, several Law and data protection professionals focused the debate on the possibility of assigning an economic value to data.

Eva Nieto, Professor at the University of Castilla La Mancha, said that ‘the right to property perspective is inappropriate’ and affirmed that ‘it is the heritage value the one that could be extracted from data’.

From his perspective, the lawyer Rafael García del Poyo, stated that the ‘legitimate interest in data treatment resides in whether there are subjects that could benefit from this. For the lawyer, that legitimate interest must look out for the fundamental rights of the individual.

To close the session and the seminar, José Luis Piñar, the holder of the Google Chair, reiterated the importance of providing an answer to the debate on data property rights, that could condition the future treatment of personal data in a globalised world.

XIX Permanent Seminar: ‘Recent Jurisprudence on the Right to Oblivion: Territorial Scope and Sensitive Data’

The Google Chair on Privacy, Society and Innovation of Universidad CEU San Pablo held its XIX Permanente Seminar. In this edition, the talks were on the right to oblivion and its recent jurisprudence, as well as its territorial scope.

In this XIX session, the lecture was given by Yann Padova, former Secretary General of the French Data Protection Authority (CNIL) and Partner in charge of Personal Data Protection at Baker & Mckenzie Paris. The later debate was moderated by José Luis Piñar, holder of the Google Chair.

During his speech, Padova reflected on the uncertainties that the right to oblivion brings. First of all, the territorial scope. The expert asked whether this a universal, regional or ‘glocal’ right. Padova denied how ‘glocal’ is an option that combines local and global applications on the basis of the idea that this geo-blocking processes applicable to all the existing domains. However, its effect is limited to a certain territorial scope. The law-makers are facing the major difficulty of applying a right of global reach as data protection is.

Secondly, Padova explained that the right to oblivion -or right to erasure; a term, as she says, much more precise- is born due to the absence of real control over online data and due to the obligation of law-makers to protect individuals from possible interferences in the treatment of their data.

Thirdly, he deepened on the user’s right to oppose their personal data treatment. In this sense, Padova told that the European Union Court of Justice sentenced that the right to oblivion Is an absolute right. Therefore, it must be combined with other fundamental rights such as freedom of information and expression.

Furthermore, the expert reflected on the French State Council’s opinion on the implementation of the right to oblivion and examined the 11 questions formulated by this organism before the European Union Court of Justice. From his point of view, these matters could be catalogued into 2 different but interconnected groups: the consequence of the consideration of motor engines as responsible for personal data treatment, that in his implementation could lead to excessive consequences, on the one hand, and to the territorial scope, on the other.

The latter, as h explained, derived into 3 possible interpretations: the application to all existing domains regardless of the place of origin, the regional application and the ‘glocal’, what means the application on all those domains including those outside the European Union at the same time hie regional application is respected.

This situation betrays the regulation differences between countries (mainly between the United States and the European Union’) and the fact that the EU cannot create right not obligations outside their territory.

In terms of the global scope, other perspectives must take into account Laws such as the French Penal Law, which states that national courts will be able to judge any crime outside their national territory whenever the victim comes from national territory. Nevertheless, in a regional application, a sort of digital territory in which law is unindexed could be created. This law would be applied in the EU physical territory.

Regarind it ‘glocal’ application, Padova discussed the extended use of the ‘geo-blocking’ as a tool for the defence of copyrights and for the prevention of terrorism.

 The later debate led by experts coming from both the public and private sphere, was about issues such as the possibility that matters related to the request to exercise the right to oblivion end up being processed by Artificial Intelligence. This is an option that, as the attendees pointed out, would imply ‘teaching’ the fundamental basis of Human Rights to machines. In this regard, it was said that Google is the clear example of good practice, since the requests the company gets, are not analysed by Artficial Intelligence techniques, but by teams of people.  

Finally, it was discussed that in the GPDR, there are 2 different perspectives co-existing: the fundamental right to data protection and the free movement of data. Also, it was highlighted that the European Regulation set a common level for all States for which the free movement was fully applicable.

XX Seminario Permanente: "Innovación, tecnológia y retos de la privacidad en la gestión del covid-19"

The Google Chair on Privacy, Society and Innovation of the Universidad CEU San Pablo has held its XX Permanent Seminar was led by 3 experts and had José Luis Piñar Mañas, Administrative Law Professor and holder of the Google Chair as its moderator. The Seminar was on ‘Innovation, Technology and Privacy Challenges in the Management of COVID-19’. The Seminar was online for the first time; and had a total number of almost 300 attendees.

This XX edition of the Permanente Seminars of the Chair had Rosa Visiedo Claverol, Rector of the Universidad CEU San Pablo, for her opening and it was closed by Carlos Pérez del Valle, the Dean of the Faculty of Law. Both of them highlighted the importance of the collaboration with Google foe the benefit of digital research at the University, which is completed with the Master on Data Protection and its own Title on Digital Law and Innovation, lectured by the Faculty of Law.

During his speech, Andrés Ortega Klein, the Senior Associate Researcher from el Real Instituto Elcano and Director of the Observatorio de las Ideas (Observatory of Ideas), reflected on how human intelligence can complement Artificial Intelligence in the development of technological solutions that help fighting against the pandemic caused by COVID-19 and on the implications of apps that favour a ‘digital herd immunity’.

In this sense, he highlighted that the pandemic and the chosen methods to fight it ‘have led to an explosion of digital connection that has raised the controlling capacity of individuals and companies’ data’. However, he stressed that this does not necessarily implies a loss of privacy. The researcher reflected on 4 dichotomies: privacy and security; comfort, efficiency, and privacy; surveillance and capitalism, and data centralisation. He concluded that ‘citizens give up on privacy in the pursuit of comfort’; and pointed out that the States ‘have reacted late to the technological management of the pandemic’.

María Álvarez Caro, Manager of Public Policy & Government Relations Google Spain and Portugal brought up the joint work of both Google and Apple in the development on an API for the notification of the exposure to COVID-19 via Bluetooth. This API was extremely valuable resource to have ‘a record of all social contacts that we have with strangers’.

Álvarez explained that this API ‘based on knowledge’ is available for Governments to have a technological tool that helps them to better manage the pandemic. On Wednesday 24th June, as it was said, ‘there are 28 government authorities all over the world who can access this tool’. Álvarez pointed out that ‘access to geolocation is not allowed though’.

In this sense, Google Manager affirmed that this API is a ‘voluntary system’ with a decentralised architecture’, where code matching is generated at a gadget level and where ‘users’ identities are not known by Google, Apple, nor by any other user’.

Luca Bolognini, the President of the Istituto Italiano per la Privacy e la Valorizzazione dei Dati, pointed out that the General Data Protection Regulation offers ‘certain flexibility to States in terms of regulating exceptional situations such as the present one’, always under the scope of the ‘principle of proportionality’ and respect for fundamental rights of citizens like privacy and personal data processing.

During the later debate, it was set clear that during the pandemic several examples of misinformation and fake news have happened. Ortega Klein discussed that ‘there is a need for pedagogy in order to gain citizens’ trust’.

The Seminar also paid tribute to Francisco Ruiz Antón, the Director of Public Policy & Government Relations Google Spain and Portugal, deceased on 7 June 2020; and who was very committed to the Universidad CEU San Pablo Google Chair since the beginning.

XXI Seminario Permanente: "La estrategía europea de datos y transformación digital: Desafios y oportunidades".

The Google Chair on Privacy, Society and Innovation of Universidad CEU San Pablo, in collaboration with the Law Section of ICTs of the Royal Academy of Jurisprudence and Legislation, held its XXI Permanent Seminar. A webinar in which the participants were Carlos Romero Duplá, Public Prosecutor and Digital Transformation Advisor in the Spain's Permanent Representative to the EU (REPER); and Luís Felipe Antunes, Professor in the Department of computer sciences at the Faculty of Science in the University of Porto and Director of the Competence Centre for Cybersecurity and Privacy of Porto University. They analysed the challenges and opportunities that the European Data and Digital Transformation Strategy presents.

The session was opened by Carlos Pérez del Valle, Dean of the Faculty of Law at Universidad CEU San Pablo and moderated by José Luis Piñar Mañas, Law Administrative Professor and Chairholder of the Universidad CEU San Pablo and Vice-president of the LAW Section and ICT of the RAJL.

Carlos Romero Duplá highlighted in his speech that the European Data Strategy is a tool that Europe will use in order to establish fair rules. It is based on European values, and it is made for all those who play in their Community territory, without discriminating those who come from third countries’. Besides, he pointed out that ‘Europe wants to lead future digital transformation by applying an intelligent regulation that enables to promote the European model of data management’. This regulation will let Europe have digital sovereignty and autonomy in the globalised world.

Romero Duplá also used his speech to study the content of the four pillars of the Strategy. Regarding the first one, the cross-sectional governance framework for the access and data use explained that ‘the EC has announced that the Data Governance Regulation aims to reinforce the governance mechanisms for the data use at borders, and to facilitate decisions on how data can be used and who can manage them, in a respectful way always’.

Concerning the second one, he pointed out that the industrial initiative aims to mobilise up to 6.000 million euros in the following years. Thus, as he explained ‘from the EC is progressing on the creation of the Federation of European Self Storage Associations, an initiative that has been supported by 27 Member States and pursues to achieve that non-European actors safeguard guarantess applied to data storage are aligned to European legislation’. It also seeks to, as Duplá said, expand a new generation of cloud services for European business and for the public sector promoting a high level of security, trust, interoperability and energy efficiency.

In terms of the third pillar, the objective is people empowerment for them to use data in an efficient manner and to gain control over them. Finally, the fourth pillar of the Strategy focuses on the creation of common data spaces in sectors of public interest.

On the other hand, he highlighted the importance of companies’ empowerment by seizing the opportunity that data portability offers, including the General Data Protection Regulation.

Finally, he staked that ‘Spain will become one of the biggest European data hubs if technology, experts and connectivity are brought forward. Since it is the best one in Europe, and it is linked to Latin America and the Mediterranean basin.

Luís Felipe Antunes, Professor at the University of Porto, thinks that ‘Europe must lead the technological way and face the future as a whole in order to be able to compete against other large countries such as the USA or China directly’. In this sense, he explained that the Federation of European Self Storage Associations will serve to boost trust of each of this State and to overcome obstacles, thereby ensuring digital sovereignty. It must confront data responsibility and data quality for both of them to work in a balanced way’, he concluded.

He also affirmed that, in his opinion, the regulation did not slow down by itself but the advance of technological innovation, but it was necessary to transform research into ‘value’.

With that in mind, Carlos Romero indicated that Gia X is already a ‘federated space for data, which was started by France and Germany, and which intends to take on board European and non-European companies.

On his part, the Google Chairholder, José Luis Piñar highlighted that Europe is immersed in a digital transformation that has sped up due to the pandemic. He made clear that the European Commission has pointed 2025, as the year in which data volume will have increased by 500 % and there will be 11 million data professionals, compared to the current 5.5 million.

XXII Seminario Permanente: "Eprivacy Regulation: Challenges and opportunities for privacy enhancing technologies"

(clockwise, from the right upper-corner): João Ferreira, José Luis Piñar, Alberto Di Felice and Birgit Sippel. The Google Chair on Privacy, Society and Innovation of Universidad CEU San Pablo has hosted its XXII Permanent Seminar in which several internjatoional experts on privacy and data protection discussed on the ‘ePrivacy Regulation: Privacy-protective Technologies challenges and opportunities’.

The Seminar was moderated by José Luis Piñar Mañas, Administrative Law Professor and Holder of the Google Chair, who brought up the enormous consequences that this European regulation will have on people’s privacy and on the development of data-based technological innovation.

Piñar underlined that ‘fundamental rights are the core of Europe’, including the right to privacy and data protection, and therefore he stated that the future regulation will need to balance two key points: fundamental rights and the future role of Europe in the European scenario, which has become more and more complex after the pandemic’.

During his intervention, João Ferreira Pinto, Digital Affairs Attaché of the Permanent Representation of Portugal for the European Union, highlighted that the ePrivacy Regulation means a challenge for companies, people and users, but also a big opportunity to obtain advantages in a competitive world.

Ferreira reminded the efforts made during the Portuguese Presidency of the Council of the EU to align the Commission’s proposal to the General Data Protection Regulation (GDPR) and to update the text submitted in 2017, because since then ‘the world has widely changed from a technological, human, economic and social perspective’.

Accordingly, he pointed out three aims that future privacy regulation must take into account: guaranteeing a high level of data protection for both physical and legal entities; promoting the free flow of data within the European Union and Innovation.

Ferreira concluded that this is a ‘real challenge and an opportunity to become more competitive, in today’s world, the fierce and competitive ‘global village’.

Alberto Di Felice, Director of Infrastructures, Privacy and Security in the Digital Europe Management, stressed the interest in the participation that this regulation had generated among many and diverse industrial actors. This is caused due to the fact that this a ‘very wide proposal, which generates concern among different sectors’.

According to Di Felice, this concern is due to the digitalisation process that has happened in our economy during the last years, from the health sector to the transport one.

On the other hand, The Digital Europe Member pointed out the need for ‘having rules that let innovate’ and gave the existence of references to anonymisation on the legal basis for treatment as an example. ‘Otherwise -he announced- the use of anonymised data of innovative forms wouldn’t be allowed’.

Birgit Sippel, the Member of the European Parliament (S&D) and rapporteur of the ePrivacy Regulation, addressed the importance of focusing on fundamental rights protection in privacy regulation: ‘Communications and privacy protection is a previous condition to also protect other fundamental rights, to protect democracy’.

In this respect, Sippel explained that the current proposal ‘does not even approach to the minimum extent that we should expect from online privacy regulation. That minimum means not falling under the protection level that we must guarantee according to the current ePrivacy directive and the GDPR’.

According to Sippel, there is a feeling that the Council’s proposal could somehow confront the postulates of the current legislation. Concerning privacy-protective technologies, the lecturers agreed on the fact that these could create new services and industries, innovation, at the same time they protect people’s privacy and are a key privacy’s element since they are designed.

During the later debate, several perspectives on this regulation from a fundamental rights point of view were brought up. Also, there were perspectives which focused on business, economy and market. This could lead to think that the bargaining dialogues could be based on complex trialogues, due to these confronted stances.

It was also made clear the need to rely on this European Regulation in order to achieve the wished balance between the different actors’ needs and to guarantee the prot6ection of rights at stake.

International Activities

In the International Conference CPDP 2021 (Computers, Privacy & Data Protection) and a few days ahead of the celebration of the Safer Internet Day that occur internationally, the Google Chair on Privacy, Society and Innovation at Universidad CEU San Pablo organised a round table under the title ‘Privacy, globalisation and international data transfers: towards a new paradigm after Schrems II?’ in which several international experts on privacy and data protection analysed the scene after the recent Court of Justice of the European Union and its implications to understand how the data exchange between both sides of the Atlantic will work.

In the panel -organised and coordinated by José Luis Piñar Mañas, the Google Chairholder- it was also highlighted both the impacts that the Court’s decision had on our economy -touched by the pandemic- and the relation between public and private actors in regard to the tools provided by the General Data Protection Regulation.

During the debate, Alisa Vekeman, Member of the International data flows and protection unit at the Directorate-General for Justice and Consumers of the European Commission, reflected on the importance of international data transfers and how essential it is to have tools to facilitate them -after Schrems II Court’s resolution. Besides, she highlighted the importance of protection levels essentially equivalent, both for transfers based on adaption and for those that build on the appropriate guarantees’ implementation.

She also mentioned the European Commission’s effort after the Court’s decision, stressing the dialogues with the United States, the procedures for the adaptation of third countries and the work that is being carried out in terms of standard contractual closes.

For Luigi Montuori, European and International Affairs Director at the Garante per la protezione dei dati personali at the Italian Data Protection Authority, it is not for the data protection authorities to choose or advise what measures must be approved within the international personal data transfers framework. In this sense, in the current context, he pointed out that the main actors would be the exporters, responsible for the data transfer, as well as importers, since they know their country’s legislation and practices in terms of personal data protection.

Yann Padova, former Secretary General of the French Data Protection Authority (CNIL) and Partner in charge of Personal Data Protection at Baker & Mckenzie Paris, brought up that the phenomena currently observed on ‘privatisation of the adequacy assesment in the context of international personal data protection transfers. This circumstance implies that companies are the ones that must value in an individualised manner whether the recipient country of personal data has an adequate level of protection.

Padova underlined that the work that used to be done exclusively by the European Commission is now done by companies, with all this implies for these actors.

Noah Joshua Phillips, Commisioner at the USA Federal Trade Commission, explained that during his speech, after Schrems II sentence, national laws are gaining more and more importance in terms of personal data protection level of analysis.

On the other hand, Isabelle Vereecken, Director of the European Data Protection Board Secretariat, introduced the illustrative Recommendations and Documents manufactured by the EDPB to interpret and delimit the content of the Schrems II sentence. Among these documents, both the elaborated Opinion as well as the European Data Protection Board on standard contractual closes for data transfers to third countries-recently approved in January- are also included.

Vereecken presentede the methodology for the application of the principle of proactive responsibility in the context of international data protection transfers which is key to assure the concurrence of the level of protection required in the EU legislation in terms of data flows with third countries.

CPDP 2020: “Data Protection and Artificial Intelligence”

The Google Chair on Privacy, Society and Innovation of the Universidad CEU San Pablo participated for the Fourth year in a row in the International Conference CPDP (Computers, Privacy & Data Protection), which brings together the leading experts on privacy and data protection fin Brussels for three days. During the XIII edition of the Conference, from a legal, regulatory, academic and technological perspective, Data protection and Artificial Intelligence Development Challenges, as well as their possible impact on the current society were analysed under the title of ‘Data Protection and Artficial Intelligence’.

For this edition, the Chair organised a panel called ‘Algorithmic Transparency and No Discrimination’, which focused on the potential impact of the use of algorithms in relation to citizens’ fundamental rights and public freedoms’. Furthermore, the Chair highligthed the use of data according to mechanisms that assure transparency to avoid abusive and discriminatory practices.

During the panel, José Luis Piñar, the Google Chairholder and the only representative of Spain for the Scientific Committee of the CPDP, stressed the need for collaboration and co-work between experts from different sectors in order to face the use of algorithms and thus, to avoid discriminatory practices: ‘for transparency of algorithms to limit the impact of personal data protection in the context of Artificial Intelligence, it is essential that cross-sectional teams co-work jointly’, he stated.

During his speech, Bojana Bellamy, President of Centre for Information Policy Leadership at Hunton Andrews Kurth pointed out the ‘relation between Artificial Intelligence and the traditional principles of Data Protection’. In this regard, she affirmed that the General Data Protection Regulation ‘could be used to guarantee the responsible development and implementation of Artificial Intelligence according to the principles of transparency, equity and no discrimination’.

Luca Bolognini, Presidente del Istituto Italiano per la Privacy e la Valorizzazione dei Dati, explained the differences between the use of algorithms between the public and private sectors. Concerning the public sector, he stated that ‘the algorithms must be totally verifiable by the competent authorities, judicial and/or independent’. In respect of private aims, he affirmed that ‘they must be used with transparency, and always balancing rights and freedoms with the goal of protecting investment and innovation’.

Furthermore, he advised to go beyond article 22 of the GDPR, in order to introduce the new principle of ‘the Rule of Human Law’ in National Constitutions and in the EU Charter of Fundamental Rights.

‘This principle should be of application even in cases where automatised decisions, based on the use of non-personal date are made. The principle brings the possibility -for everyone- to require human intervention in the decision-making process, finally guaranteeing that the super-admin and law-makers are exclusively human beings’ he said.

Flora Egea, Data Protection Officer of BBVA Group, affirmed that the European framework in charge of regulating impartiality, is of ‘hard application because it depends on the sector’. For Egea, entities must look for a non-discriminatory result in their algorithms. In this regard, she underlined that ‘the GDPR does not allow the entity to gather and treat data vulnerability due to the principle of minimization and proportionality’. In respect of transparency, he considered that it is necessary ‘to clarify what is “enough” to comply with the requirement of “explainability” of an algorithm because considering it information is not a realistic approach. It does not protect fundamental rights in a better way either’. Finally, she explained that ‘it could jeopardize algorithmic innovation’.

Lastly, Jens-Henrik Jeppesen introduced the ‘Digital Connections Tool’ developed by the Centre for Democracy and Technology. This tool is for the use of algorithms in the decision-making process, he explained. This utility is based on a model that ‘sets how designers of algorithmic tools for decision-making can guarantee that the final product or service does not generate bias nor discrimination in an unjustified way’.

During the three days that the 12th edition lasts, the International Conference CPDP (Computers, Privacy & Data Protection), bring together the worldwide leading experts on privacy and data protection in Brussels. They analysed from a legal, regulatory, academic and technological perspective, Data Protection challenges and their possible impacts on current democracies under the title of ‘Data Protection and Democracy’.

In the 2019 edition, the Chair organised the panel ‘Data Ownership, Innovation and Privacy: looking for an approach on both sides of the Atlantic’, in which the need for democracies at boths sides of the ocean to create mechanisms that contribute to protect citizens’ fundamental rights from an ethical perspective. Besides, aspects such as the impact of the Right to Property on personal data in innovation and whether this could help to develop future technologies were brought forward.

The Chairholder, José Luis Piñar, stressed the importance of the Chair’s participation as the only Spanish academic institution that organises a panel. ‘To host such a distinguished event for the third consecutive year and to be able to collaborate with highly regarded lecturers means a step further in our international consolidation’.

In this panel, moderated by Peggy Valcke, Professor and Researcher in the Centre for IT & IP Law of the KU Leuven where participants were Juan Antonio Hernández Corchete, legal advisor of the Spanish Tribunal Constitucional; Yann Padova, Partner in charge of Personal Data Protection at Baker & Mckenzie Paris; Laura Schertel Mendes, Civil Law Professor at the University of Brasília and the Brazilian Institute for Public Law (BR); and Aurélie Pols, Chief Visionary Officer, Mind Your Privacy and member of the European Data Protection Supervisor’s Ethics Advisory Group.

Peggy Valcke started the debate pointing out that, among other factors, the implementation of the GDPR (General Data Protection Regulation) has brought back to life the reflection on Data Ownership.

During his speech, Juan Antonio Hernández Corchete argued trat Data Ownership does not aim to replace data protection. It just answers to different needs. He also stressed that this right would be effective to guarantee data economic value, it will be seriously limited.

Yann Padova focused on the idea that when selling data, control is lost and that there is a difficulty for the data owner to exercise the right to access and rectification. Besides, he highlighted that in this scenario, probably, people with less economic resources would be the ones who would sell their most sensitive data.

Professor Laura Schertel Mendes revolved around the concept of information, since it is cross-sectional and it is subject to many relations with different actors, what hinders talking about an only property. From her point of view, in reference to her country, Data Ownership could replace the existing guarantees system in terms of Data Protection in the context of Brazilian Law. This is due to the fact that it would protest less the owner, due to the nature of the fundamental right, characterised by extra-patrimoniality and non-transferability

Lastly, Aurélie Pols expressed that in countries at the other side of the Atlantic there is a true data market already, in contrast to what happens in Europe. However, she warned that probable risks associated to the selling of our personal data, because it won’t be possible to know where they’ll end up or how they’ll be used.

For the second consecutive year, the Google Chair on Privacy, Society and Innovation of Universidad CEU San Pablo participated in the International Conference CPDP (Computers, Privacy & Data Protection), which held its 11th edition in Brussels.

The event, which hosted the worldwide leading experts on privacy and data protection for three days was on ‘The Internet of Bodies’.

For this edition, the Chair organised a panel ‘Data Driven Innovation, Privacy and National Sovereignty in a Global World’, focused on discussing about how progress in innovation based on data, artificial intelligence or digitalisation process have an impact in the extra-territorial application of rules in a globalised world in which technology is constantly thinning physical borders and downplaying the classical national sovereignty model.

Edison Lanza, Special Rapporteur for the Freedom of Expression at the Organization of American States; Ariane Mole, Partner at the Bird&Bird (Paris); Dan Svantesson, Law Professor at the Australian University of Bond; and Michael Camilleri, Director of the Program ‘Peter D. Bell’ on human rights and democratic institutions in the political analysis centre Inter-American Dialogue (Washington), analysed the limits to national jurisdiction in the international arena in terms of digital rights. They focused on the challenges that the actors from the technological innovation sector are facing in a global world. Victoria Nash, Subdirector of the Oxford Internet Institute (United Kingdom), was in charge of moderating interventions.

The Google Chair on Privacy, Society and Innovation of the Universidad CEU San Pablo was invited for the first time to participate in the 10th edition of he CPDP Conference – Computers, Privacy & Data Protection – organised in Brussels from the 25 to the 27 January 2017. It is one of the most important events on data protection worldwide.

In this edition, the event revolved around ‘The Age of Intelligent Machines’. The Google Chair organised an international round table ‘Data protection and Data-Driven Innovation for Health Care and Biomedical Research’.

It was introduced by Professor Dr. José Luis Piñar, Google chairholder. At the table, many questions related to the impact of data analysis in health assistance and biomedical research (data property, implications of personal information use and the role of technology in the health sector) were answered.

In the debate, there were experts coming from the institutional, academic and business fields: Kristina Kjerstad, from DG Connect (European Commission); Guido Lobrano, BusinessEurope (Belgium); Mark Phillips, from McGill University (Canada) and Pilar Nicolás, from Universidad del País Vasco. Rita Balogh, Senior Analyst of Public Policy (Google Belgium), moderated the panel.

International Conference & the launch of South EU Google Data Governance Chair

The Google Chair on Privacy, Society and Innovation of Universidad CEU San Pablo is pleased to invite you to the ‘International Conference & the launch of South EU Google Data Governance Chair’ that will take place on 24 June at 19.30h and that will be broadcasted on Youtube.

This International Conference will mean the start of the South EU Google Data Governance Chair activities, whose Board will be presided by Professor José Luis Piñar (Universidad CEU San Pablo, Madrid) and consist of Professor Maria da Graça Canto Moniz (Universidade Nova de Lisboa), Georgios Yannopoulos (National and Kapodistrian University of Athens) and Vincenzo Zeno-Zencovich (Università RomaTre).

This Chair will focus on the scientific perspective and the research on data governance in Europe in the academic field. Besides, the framework will serve for analysing the challenges of Law and Data Governance in the European scope, in areas such Big Data, Innovation, Artificial Intelligence and the international exchange of Personal Data.

During this Conference, we will have two panels: the first one on future data governance, where experts will address legislation, apart from GDPR, have an impact on technology development, such as the Data Governance Act, the Digital Markets Act and the ePrivacy Regulation. The second role will deal with international flows of personal data, challenges of the EU and third countries on data exchange, apart from the European Union-United States privacy shield.

Activities Reports

Team

Chairholder

Academic Secretary of the Chair