• español
• · français

EXTENDED PROGRAM

TUESDAY, 3rd November

20:00h. - 22:00h.

WELCOME COCKTAIL at the Museum of contemporary art "MUSEO NACIONAL CENTRO DE ARTE REINA SOFÍA" , with a guided tour of the museum, including the gallery where the "Guernica" painting is exhibited

* Meeting point and information. HOTEL MELIÀ CASTILLA (Entrance Hall)
19:30h.	Bus departure: HOTEL MELIÀ CASTILLA Destination: NATIONAL MUSEUM OF ART REINA SOFÍA
20:00h.	Visit of the MUSEUM .
21:00h.	Welcome cocktail at the MUSEUM.
22:00h.	Buses depart to: HOTEL MELIÀ CASTILLA Option: For those of you who would like to enjoy a walk through the city centre, the bus will make a stop at Cibeles.

WEDNESDAY, 4th November

7'30h.- 9´00h.: REGISTRATION

9'45h.- 10´45h.: OFFICIAL INAUGURATION

INAUGURAL SPEECH

10�45-11'15 h.: COFFEE BREAK

• We live in a society of risk. Economic well-being and social development are leading modern societies to be less prepared to accept risks and uncertainty. New threats such as terrorism, cyber-crime or environmental catastrophes have been added to more traditional threats such as disease or crime.
• Modern technology creates its own risks, or worsens existing risks, while at the same time providing the means to prevent those risks by accessing large amounts of information. A flow of knowledge that too often takes its toll on privacy.
• Security stands out as one of the great values of our day. At present, however, the rendering of security services has undergone significant transformations.
• Security goes technical
• Security goes private.
• Security goes international
• Information technology provides means, methods and techniques that facilitate the task of subjects, whether public or private, who provide security services. However, it is a highly invasive technology that jeopardises the right to private life and the protection of citizens’ data, and it requires that assessments be made and that decisions be taken to establish a balance in the conflict between privacy and security.
• The progress of technology foretells the appearance of new surveillance and control tools—these will surely be more efficient but they may also be more prone to delving into personal data.
• A number of questions arise ……
• What limits should be applied in the use of private surveillance cameras?
• What principles should govern the use of video-surveillance by security forces?
• Traveller traceability (PNR, airport scans). Are too many data requested or transferred? How can security and privacy be reconciled?
• Data retention in electronic communications and geolocalisation (Patriot Act, EC Directive 2006/24). Have the secrecy and privacy of communications been killed off?
• DNA databases, biometrics, face recognition… Should one’s own body be used as an instrument of control?
• Where is the borderline between security being guaranteed as a public benefit and the development of social control techniques that are unsuitable in a democratic society??

Return

13�15h. - 14�15h.: LUNCH

• Where is the Internet going? Is Internet only possible with little or no privacy? Internet feeds on an essential element: personal information. From the original collaborative and libertarian network available for researchers and scholars we went on to e-commerce and then today it has become the Web 2.0, the Internet of social networks. Throughout this transition, personal information and the knowledge it provides have increasingly become more valuable.
• In the stage when the Internet was spreading it sufficed to add on large volumes of anonymous information. The end user was not yet relevant. It was sufficient to arrive at general profiles, or at best customised advertising was channelled towards anonymous web surfers. With the advent of the Web 2.0 a change regarding privacy was introduced. In the blogosphere, in gaming environments, in virtual communities and in social networks, web surfers tend to behave like citizens in the physical world: they identify themselves. They are interested in sharing their hobbies, relating with others, catching up with old friends or publishing their photographs and videos.
• At the same time, Internet environments are becoming much more user friendly. One does not need a great deal of knowledge to create a network of friends, upload videos or photos or write a blog.
• A growing number of people are drawn into taking advantage of the opportunities provided by the Internet, but in many cases they are unconcerned about the wealth of information they provide and quite often they are neglected the benefit of choice. It is very easy to accept the general terms and conditions and the privacy policies, regardless of their contents, and to activate the default configuration of the environments. And in most cases this option is done at the expense of privacy, the rules of the game being “take it or leave it.”
• The Internet will continue to evolve and it will provide increasingly useable, interesting and sophisticated services. In the immediate future, we shall witness an extension of aspects such as locating without GPS, universal portability of clinical records, or the configuration of agenda proposals according to a user’s profile and habits. Users have not faced the need to pay any amounts whatsoever for these services and this gives rise to a market of privacy in which those selling the goods (privacy), the web surfers, are not in a position to negotiate.
• Are the legal terms and conditions and privacy policies on the Internet really effective and transparent?
• Install our search engine, use our email service… Your data are not used by an individual or a company. They are read by a machine that with no human intervention offers you advertising or customised service. But do we guarantee your privacy?
• How can the right to oblivion be guaranteed?
• Do services such as geolocalisation, display of images and videos, hosting of clinical records, personal and professional agendas comply with the principles of privacy and/or data protection?
• How should service providers respond in the event of security failures (loss of passwords) and other risks (spoofing)?
• When new services are offered such as the location of information on individuals based on images, should prior privacy controls be imposed before they are offered on the market?
• How do social network providers protect individuals from things such as profiling, viral marketing, spoofing or cyber crime?

Return

16�15-16'30 h.: COFFEE BREAK

A) Oopsss!!!!! Where did I leave my computer? Prevention and reaction in the light of security breaches

• On a daily basis there is news in relation to security in the custody of personal information—loss or theft of portable computers or DVDs incorporating millions of customer or taxpayer data, thousands of court or administrative records thrown in the garbage, security breaches on Internet pages, workers or entrepreneurs who universally and candidly share their data via Peer to Peer programs.
• These events raise two major questions:
• First of all, how can the loss of data be avoided? Thanks to the advancement of information and communication technology, it is increasingly easier to process huge amounts of data. A portable computer and an Internet connection allow one to access files with the personal information of thousands or millions of citizens. A small pen drive, even a tiny micro-SD card, makes it possible for one to carry hundreds of files of a company. Processes that just a few years back were confined to a company’s or an organisation’s facilities and central computers can currently be done anywhere in the world using a variety of equipment such as the portable computer of an employee who takes work home or the services of companies specifically dedicated to hosting information on thousands of customers.
• In this scenario, one may wonder whether it is truly possible to avoid security risks and how to do it. How valuable are technological security measures? Are administrative procedures establishing protocols for handling information more suitable? Is a combination of several systems more efficient? How must we face the future challenges that will be posed by new and more powerful information processing technologies?
• On the other hand, the fact that security ruptures occur nearly every day leads to the question of what is the best way to react against them. The various domestic and international regulations incorporate formulas for the protection of privacy. Security is an essential value, and respect for security should be a part of the intrinsic guarantees of these rights. However, generally domestic and international regulations do not go as far as attributing rights in respect of subjects’ awareness of security incidents involving their data. The latest trends seem to defend the need for citizens to be informed of any incidents involving their data.
• Are security rules and regulations required or is it enough to use the existing technical standards?
• Is it a strategic task for the DPAs to make society aware of these issues?
• How to react to security incidents. Are subjects entitled to know about security incidents?

Return

B) We cannot help you. Your data are in international waters. Determining the applicable law in a world of globalisation

• A web surfer registers for a service provided by a company whose domain “.tv” corresponds to Tuvalu Islands. After checking a register with domain names it turns out that the owner of the domain is a company with headquarters in a third country, which in turn is different from that of the servers where the information is kept, most likely contracted by a third company providing hosting or housing, and also different from the country of the user that has just registered. In the event of any disputes, what would be the applicable law?
• Do international rules used to determine jurisdiction and applicable law work on the Internet?
• Does the Internet require new specific rules to determine the applicable law?
• What procedures could be used to guarantee web surfers’ rights in all cases and particularly those relating to their personal data?

Return

Return

17�45h.-18�00h.: COFFEE BREAK

A) Companies, privacy and international data flows.

• In a globalised economy, the universal circulation of personal data is a must. Cross-border data flows take place within multinational groups of companies and between individual companies. Things as simple as the repair of white goods or purchasing a product on the Internet trigger a complex logistical display in which, starting from the time of purchase, continuing with the payment and the effective delivery of the goods, the data may be used by different companies in different countries.
• Personal data may be processed in a number of different countries and the split up of computing procedures may even mean that the same processing takes place simultaneously or successively in more than one place. Also, the speed with which services are contracted finds a strong bureaucratic hindrance in specific data protection regulations.
• Is it necessary to ease the authorisation processing conditions for international data transfers?
• Would a universally accepted international privacy standard facilitate transfers?

Return

B) Intellectual property and privacy: Profiles of a conflict.

• Exchanges of files using Peer to Peer programs are part of the universal culture on the Internet and they have deeply affected the culture industry. Occurrences that lacked any economic importance in the physical world, such as lending a book or sharing a video, are magnified on the Internet, where users can share contents with thousands of individuals.
• The basic original process consisting of copying a CD and ‘uploading’ it on the web has been accompanied by other practices linked to the possibility of digitally registering audiovisual content. Thus, for instance, there has been a popularisation of the digital recording of television episodes that are subsequently shared on the Internet.
• New legal challenges arise in terms of making those rights compatible with the privacy of the users responsible for such forms of conduct.
• Can the producers of contents freely identify Internet users in order to prosecute unlawful practices?
• Should service providers hand over the data of the users who are involved in these practices?
• Should a court order or an order from the relevant government body be requested?
• What role should national data protection authorities play?

Return

• Spanish Data Protection Agency.

Content of the SPANISH SESSION

• The Spanish Data Protection Agency (AEPD) has produced a number of guides (for security and video-surveillance controllers) that are meant to provide basic information for an adequate application of the Organic Act on Data Protection (LOPD). Experience has made it advisable to publish a new guide with the purpose of assessing in a detailed manner many instances of data protection needs within businesses.

Return

THURSDAY, 5TH NOVEMBER

• The operation of the market economy in the information society requires the processing of huge volumes of personal data for a variety of purposes. It is not only a matter of obtaining data from customers, suppliers and workers, but of the various uses provided by information technologies. Data processing has gone beyond the traditional model pertaining to consumer or labour relations and now personal information is enhanced and provides feedback and profiles. It is also susceptible of being used for one’s own purposes, but also by others, it allows the use of loyalty building and marketing techniques and, among other applications, it makes it possible to assess one’s credit history.
• The new data processing possibilities, the volume of information and the global operation of the economy turn businesses into strategic elements in the system of guarantees of the right to data protection.
• The protection of private life in business activities was seen, up until not too long ago, as a complex and costly obligation, justified only by legal mandates. However, many organisations have started to value this from a new perspective. Designing management procedures based on the intensive use of information technology and the processing of personal data that respects the privacy of the users or employees of the company may become a competitive advantage. Privacy impact assessment policies, privacy by design, the establishment of self-regulation policies, or the hiring of data protection experts, whether external advisors or staff members, are an inescapable requirement nowadays.
• How will the integration of privacy within business activity develop in the future?
• Is a privacy policy included in the strategic design of business management models?
• Are these models efficient? Do they comply with privacy policies?
• What role should business self-regulation codes play?
• Should privacy policies only be assessed within the framework of corporate social responsibility programs?
• Is it necessary to have a data protection officer?

Return

11�30h. - 12�00h.: COFFEE BREAK

• Data of minors are something that many are interested in: governments, companies, Internet service providers or even their parents. Information on minors is valuable in economic and commercial terms because it provides many different profiles:
• Minors are consumers. Our children are first-rate consumers in the market of traditional products such as books, toys and clothing, as well as of new generation products such as videogames and mobile telephony, plus all types of products associated to the use of personal computers.
• The other important environment in which minors develop is their family. Children are not only a source of information on their family but they are also subject to parental control. Access to school images provided by cameras in the classroom or geolocalisation are examples of cases where the disproportionate use of means of surveillance may jeopardise the private life of minors.
• In many of these areas minors act as web surfers. Children are digital natives and the Internet is part of their social environment. They learn how to use office automation tools but they do not receive a sound training in this field comparable to what they are taught in areas such as road safety, healthcare or hygiene. All of this makes them especially vulnerable to risks present on the web.
• The protection of the rights of minors as regards the processing of their personal data is essential, and it will increasingly be so if we are to be prepared for future technology developments and their impact on the behaviour of children and of those relating with them. The importance of maintaining the privacy of minors applies to their families, to public authorities, to businesses and of course to data protection authorities.
• Is there a sufficient level of training in the use of information technologies?
• Should training in data protection be included in school curricula?
• What action should data protection authorities take to increase awareness among teachers, parents and children?
• Should service providers articulate more demanding policies in respect of minors?
• How can the ‘checking’ of a minor’s age be guaranteed?

Return

14’00h. - 15’00h.: LUNCH

A) Smile! There’s a camera behind the ad! Or “Send it to a friend”: Privacy in light of new advertising techniques.

• Technology developments are changing the conventional setting for advertising activity, which increasingly moves away from messages sent to a non-descript audience and adapts to its recipients via highly diversified channels.
• The “Send it to a friend” option has almost become a classic. The service provider offers its own means to generate messages to be sent to people recommended by a user and these are considered exempted from complying with the regular legal requirements. Other methods are linked to techniques in which a subject’s profile is made with the purpose of providing customised advertising to those who have been defined as “friends” on a social network.
• In another field, mobile telephony offers customised and contextualised advertising possibilities through value added services provided by means of geolocalisation or by the use of Bluetooth or infrared receivers and terminals. Last of all, Radio Frequency Identification (RFID), adequately linked to an identified buyer, provides easily predictable marketing and advertising possibilities.
• The possibilities are apparently unlimited. But something common to many of the new advertising models is that they are based on the personal information of their potential targets. It can be expected that future advancements in this field may follow the same path; therefore it is also reasonable that the question be raised of how to establish sufficient privacy protection criteria to strike a balance between corporate interests and citizens’ rights to the protection of their data.
• What new advertising techniques are we facing?
• Are the current principles in the field of personal data protection sufficient?
• Is prior self-regulation by producers of advertising contents or by campaign designers required?
• What control capacity is left for the recipients of advertising?

Return

B) Digital journalism and journalist citizens: Challenges for private life.

• The birth of the blogosphere has signified a revolution in the right to information. By simply registering with a provider of these kinds of services and after a few minutes setting up the predefined presentation that is usually provided, a new media form arises. To offer news one no longer requires a given economic and professional capacity or a business structure. Today citizens can exercise their freedom of speech with the only restriction being whether anybody reads what they publish.
• At the same time, the contents disseminated by those same citizens can be obtained in a very easy manner that could not even be imagined in the recent past. A domestic video camera provides an image quality and technical characteristics that allow the immediate use of recordings on the web. A commentary by a web surfer in a Pacific Ocean country can be known and conveyed immediately by a user living by the Mediterranean Sea.
• On the other hand, the agility of the digital means used by information companies generates a new kind of journalism, which is subject to the demands of truthfulness and public interest of the news but also to the pressure of immediacy. News has to be served in real time with an agility near those of television or radio and it often occurs that the sources of lots of the information of journalistic interest are no longer the traditional sources—the news may originate in the world of bloggers or citizens who witness an event and share it with others on a social network or by uploading a video on a suitable platform.
• Against this backdrop, the risks that go in hand with rumours, hoaxes, and libel are multiplied. In addition, from the standpoint of the protection of private life, citizens are not only passive subjects but they are now active protagonists. As such, they do their own processing and publish information.
• What are the main risks for private life linked to the blogosphere?
• Should bloggers be required to be as accurate and truthful as journalists?
• How should personal data protection standards be applied in digital media?

Return

Return

16�30h. - 16�45h.: COFFEE BREAK

A) Do you have private life at your workplace?

• The workplace is an environment that is increasingly subject to control. Although at times this is due to the security guarantees pertaining to a job in hazardous activities, or to the security requirements of certain companies such as banks or jewellery stores, in most cases it is the result of a business control decision.
• In recent years, there has been a consolidation of the use of computer terminal monitoring techniques. Workers’ surfing habits, their email, their space on the hard disk or the work conducted with certain programs is registered and subject to scrutiny. Moreover, along with this goes the well-known use of video-surveillance.
• On the other hand, working from home and the geographical mobility of certain jobs have introduced new factors that need to be considered. In the first of these cases, the confluence of what is public and what is private raises serious questions regarding business control and the projection of this control on the worker’s family. In the second case, the use of geolocalisation techniques linked to a telephone terminal or the company car have raised a serious debate on the scope and contents of those controls.
• Besides this, the development of technology continues—biometrics, RFID, and sensors that are able to detect one’s physical or emotional state are increasingly becoming available.
• What should be the limits applying to the implementation of corporate controls?
• Are the currently available means disproportionate in relation to the goals that are sought?
• What capacity do workers have in terms of controlling their personal information?

Return

B) Sub-national or federate data protection authorities and Public Administrations: Experiences and proactive strategies in education and healthcare.

• Sub-national or federate data protection authorities are first-rate protagonists in the fostering of the principles of protection of personal data and respect for privacy. Their nearness to citizens and to federal, regional or territorial authorities gives them a great capacity of influence in their closer environment.
• The actions taken by these authorities are usually of a proactive nature and they usually carry out an important task in fields such as the training of those in charge of the public sector and creating awareness. On the other hand, the existence of federal or quasi-federal states in which power has been decentralised in such sensible areas such as healthcare or education allows action to be taken in fields that are essential for the protection of the private life of citizens wherever there are sub-national authorities.

Return

Return

20.00h.: GUIDED TOUR TO THE PRADO MUSEUM.

22.00h.: GALA DINNER AT THE WESTIN PALACE MADRID.

FRIDAY, 6TH NOVEMBER

• It often occurs that the protection of personal information is not taken into account when designing procedures in an organisation or its information and communication systems
• It is often stated that “the law lags behind reality” and that rules do not take into account the advances taking place in the real world, therefore that reality can hardly be adapted to rules that do not regulate all of its aspects.
• However, it can be asserted that what really happens is that technology products, equipment, and the procedures in which they are used are designed or applied taking into account other priorities such as cost, efficiency or simplicity of use.
• The question, therefore, is how to get the protection of personal information to become part of the business culture and of the catalogue of issues to be solved by designers and managers.
• In fact, the same technology developments that enable increasingly extensive and intensive data processing also allow this to be done in a manner suited to the criteria of data security or of maintaining the truthfulness of the information.
• So the question is how to carry forth the use of protocols and technologies contributing to guarantee privacy thanks to their source and design.
• At what point in time in the design of an application should private life be considered?
• What methodology should be followed?
• Are the existing standard references sufficient?
• How can professionals be influenced?
• Should design respectful of privacy be incorporated to the business culture?

Return

10�15h. - 10�45h.: COFFEE BREAK

• Guaranteeing private life is increasingly becoming a value shared by all cultures. There are no systems purporting to be respectful of the rights of citizens and their freedoms, and committed to people’s development, in which the guarantee of privacy is not an essential element.
• The various regions of our planet have been moving towards the goal of privacy from cultures and approaches that differ in many areas but which coincide in what is essential. Human beings, living in society, need a reserved world of their own; they need to have control over their private life and their personal information. This is something that has been called privacy, intimidad, vi� priv�e, riservatezza, informational privacy, informational self-determination, or the fundamental right to data protection. But regardless of dogmatic categories, all of these terms express a common objective.
• Globalisation, however, places us before an inescapable challenge. Those distant and even diverging cultures, which seek a common goal, must find a point of dialogue. In a world without frontiers and without any time barriers, information flows must be guaranteed and in order for this to be possible a minimum common denominator is required. A point of balance must be found allowing the protection of private life and at the same time the circulation of information.
• How will standards influence the actions taken by companies?
• Is privacy by design possible without standards?
• Can the existence of standards influence future technology designs?
• What legal force should these standards have?

Return

12�30-12�45 h.: PRESENTATION OF THE AUTHORITY ORGANISING THE 2010 CONFERENCE

12�45- 13’00 h.: CLOSURE

Co-financed by:

• Contact US
• Privacy Policy
• Legal notices