Program 2020

MONDAY, 11 MAY 202008:30

Registration and welcome coffee

MONDAY, 11 MAY 202009:00

Opening remarks from euroforum and the conference chair

MONDAY, 11 MAY 202009:10

Privacy and Data Protection as tools to boost competitiveness

MONDAY, 11 MAY 202009:30

Q&A and discussion

MONDAY, 11 MAY 202009:40

GDPR on the eve of the evaluation process

MONDAY, 11 MAY 202010:00

Hong Kong Privacy Protection in the new decade


Chances and challeges in international data protection – ahead of the GDPR evaluation report

MONDAY, 11 MAY 202010:20

Coffee break

MONDAY, 11 MAY 202011:20

Smart regulators: the point of view of the Belgian data protection authority

MONDAY, 11 MAY 202011:40

In the crosshairs of cross-border processing: An update from the Irish Data Protection Commission on its role as a lead supervisory authority

MONDAY, 11 MAY 202012:00

Building privacy: from concept to reality

MONDAY, 11 MAY 202012:20

Compliance and accountability at Facebook

MONDAY, 11 MAY 202012:40

Building a culture of privacy and data protection accountability

MONDAY, 11 MAY 202001:00



What is the ROI of privacy programs and how to benefit from privacy investments beyond compliance?

MONDAY, 11 MAY 202002:30

Interoperability of global privacy laws

MONDAY, 11 MAY 202002:50

Building policy bridges that protect privacy and enable innovation

MONDAY, 11 MAY 202003:10

Global convergence in data protection


Global Data Transfers: How to ensure that the protection travels with the data?

MONDAY, 11 MAY 202004:10

Coffee break

MONDAY, 11 MAY 202004:40

ICO’s international strategy and priorities

MONDAY, 11 MAY 202005:00

ePrivacy – what we (don‘t) need for data protection


Cookies, tracking & ePrivacy: What the authorities expect and what the industry can offer

MONDAY, 11 MAY 2020


Join us as we celebrate the 10th European Data Protection Days in Berlin with our famous Trabi Safari. The Trabi (Trabant) was the most common vehicle in Eastern Germany (the former GDR). Experience Berlin‘s famous sights and enjoy a traditional Berlin „Currywurst“ after the tour!

TUESDAY, 12 MAY 202008:30

Registration and welcome coffee

TUESDAY, 12 MAY 202009:00

Opening remarks from Euroforum and the conference chair

TUESDAY, 12 MAY 202009:10

Operationalizing the CCPA: Learnings, challenges, opportunities to leverage GDPR – work, and the road ahead

TUESDAY, 12 MAY 202009:30

Q&A and discussion

TUESDAY, 12 MAY 202009:40

Data access requests – scope, limits, pittfalls

TUESDAY, 12 MAY 202010:00

Reputational risks behind GDPR: A Privacy-Consumer approach - beyond the data subject rights - privacy as a client satisfaction criteria

TUESDAY, 12 MAY 202010:20

Do your stakeholders trust your privacy program?

TUESDAY, 12 MAY 202010:40

Coffee break

TUESDAY, 12 MAY 202011:10

Data Privacy in M&A Transactions

TUESDAY, 12 MAY 202011:30

Data privacy risk assessment – using existing methodologies or creating new ones?

TUESDAY, 12 MAY 202011:50

Data Protection in the Clouds

TUESDAY, 12 MAY 202012:00

GDPR meets AI and biometrics to foster trust & safety


AI and privacy in practice: How to enable accountability?

TUESDAY, 12 MAY 202001:10


TUESDAY, 12 MAY 2020


  • Moderator:
    Bojana Bellamy

    President, Centre for Information Policy Leadership, Hunton Andrews Kurth LLP

    M&A and Data Protection
    • Asset Deal or Share Deal?
    • Target’s Data Protection Risks, Due Diligence and Data Subject Rights
    • Closing and Post-Closing Considerations
    Data Driven Health Research in times of GDPR
    Data Subject Rights and AI & Machine Learning
    • Scope of data subject rights, exceptions and practical solutions
    • Dealing with multi-chain scenarios (e.g. cloud offerings)
    • (Joint?) controller obligations between provider and customer
    GDPR and its extra-territorial effect from Chinese perspective
    • The positive effect of GDPR on China’s data protection scene: the adoption of the rules under GDPR and the contribution to awareness raising in China
    • The convergence and divergence between Chinese data protection rules and GDPR
    • How much companies can rely on GDPR-centric privacy management program
    Final discussion, Q&A
  • Moderator:
    Prof. Dr Ulrich Wuermeling LL.M.

    Visiting Professor, Queen Mary University of London, Latham & Watkins

    India‘s New Data Protection Bill: Based on GDPR, but different
    Dealing with data subject requests – experiences and learnings
    Learnings for companies from the developmens on data transfers
    • what can businesses do prepare for the new rules
    • Why Binding Corporate Rules? Building a pragmatic model
    • The impact oft he GDPR on data trnsfers, what to expect in practice
    AdTech – a data (protection) miracle?
    • What, why and how?
    • Short update on recent developments
    • Where next?
    Final discussion, Q&A
Workshop | WEDNESDAY, 13 MAY 2020

Two Years of GDPR –data privacy litigation, data breaches, access requests, mass damage claims and defense of GDPR fine proceedings

Data breaches: Handling cybersecurity incidents and other data loss scenarios efficiently and in compliance with the GDPR is a challenge. Companies need to observe notice obligations towards authorities and data subjects – and they should avoid investigation by data protection authorities of their notification and other processes, as well as damage claims by data subjects or contract partners.

Damage claims: Data privacy litigation is one major consequence of the GDPR. Data subjects can sue for immaterial damages in relation to actual or alleged data protection violations. They may claim that the burden of proof lies with the controller processing their personal data. Litigation funders have already identified such claims as a huge opportunity for mass claims. We will go through typical examples of such cases and describe how to avoid mistakes and subsequent litigation.

Subject access requests: Due to the vague wording of Art. 15 of the GDPR, data subjects often use access requests more and more often to request information to prepare lawsuits against controllers for matters not related to data privacy. We will demonstrate legal strategies to help you avoid having to comply with such fishing expeditions or discovery-like requests.

GDPR fines: EU data protection authorities have recently imposed considerable fines for violations of Art. 83 of the GDPR. We will discuss the approach taken by authorities and share our experience in defending against GDPR fines

Workshop | WEDNESDAY, 13 MAY 2020

Time frame:

8.30–9.00 Registration and welcome coffee
9.00–10.15 Slot 1
10.15–10.45 Coffee break
10.45–12.30 Slot 2
12.30–13.30 Lunch
14.30–15.00 Coffee break
16.00 End

Bojana Bellamy

Bojana Bellamy

CIPL, Hunton Andrews Kurth LLP

Bojana Bellamy is President of the Centre for Information Policy Leadership at Hunton Andrews Kurth. She has more than 20 years of experience and a deep knowledge of global data privacy and cybersecurity law, compliance and policy. She was a board member of the International Association of Privacy Professionals from 2008-2013, and was elected chair from 2011-2012. Bojana sits on the Advisory Board of the International Data Privacy Law Journal, participates in many industry groups and is a regular speaker at international privacy and data security conferences.

Wojciech Wiewiórowski

Wojciech Wiewiórowski


Wojciech Wiewiorowski is the European Data Protection Supervisor. He was appointed by a joint decision of the European Parliament and the Council on 5 December 2019 for a term of five years. Before his appointment, he served as Assistant European Data Protection Supervisor from 2014 to 2019 and as Inspector General for the Protection of Personal Data at the Polish Data Protection Authority, a position which he had held since 2010. He was also Vice Chair of the Working Party Article 29 Group.

Johannes Caspar

Prof. Dr Johannes Caspar

Federal State Hamburg

Since May 2009 Prof. Dr. Johannes Caspar is the Hamburg Commissioner for Data Protection and Freedom of Information. He received his doctorate in law from the University of Göttingen in 1992 with a dissertation on Jean-Jacques Rousseau’s philosophy of law and state. After his habilitation in constitutional law, administrative law and philosophy of law in 1999, he worked at the German Institute for International Educational Research in Frankfurt am Main. From 2002 to 2009 he was desk officer and later deputy head of the academic service at the Schleswig-Holstein state parliament.


Stephen Kai-yi Wong

DPA Hong Kong

Stephen Kai-yi Wong joined the Attorney General’s Chambers of the Hong Kong Government as a Crown Counsel in 1986. In 1991, he was seconded to the UN Human Rights Committee based in Geneva. In 1992, he became the Assistant Director of Public Prosecutions. From 1996 to 2014, he assumed the offices of Deputy Solicitor-General; Founding Director of Berlin Economic and Trade Office; and Secretary-General of the Hong Kong Law Reform Commission, responsible for human rights; cross-boundary legal affairs; Basic Law; legal policies; economic and trade affairs (Central and Eastern Europe) and law reform. His fields of legal practice also include commercial law, arbitration law, intellectual property and criminal law. He is also active in the community work, having been appointed as an adjunct professor of the School of Law, City University of Hong Kong; advocacy examiner of the Faculty of Law, University of Hong Kong; a director of the China Law Society and a Scout leader. He graduated from the University of Hong Kong, also holding an LLM from the London School of Economics. He also pursued management courses at Harvard and Wharton, USA.

Mr Wong was appointed as the Privacy Commissioner for Personal Data of Hong Kong in August 2015, having been in private practice as a barrister-at-law, specialising in public law. On top of overseeing a fair enforcement of data protection law, he has since been allocating additional resources in education and publicity, and engaging the related industry with a view to strengthening the culture of respecting others’ personal data privacy, as well as maintaining a proper balance between free flow of information and data protection without unduly compromising ICT and economic development.

Peter Fleischer

Peter Fleischer


Peter Fleischer works as Google’s Global Privacy Counsel.  His job is to ensure that Google protects its users’ privacy, meets all privacy legal obligations, and helps to raise the bar in terms of privacy protection on the Internet.  Peter is particularly committed to engaging with privacy stakeholders, advocates and regulators to ensure that Google is responsive to their privacy expectations.  He works closely with public policy makers around the world to help update data protection concepts for the Information Age.
Peter has over 20 years’ experience in the field of data protection, including his prior position as Microsoft’s privacy lead for Europe and Director of Regulatory Affairs.  Peter was educated in the US (Harvard College and Harvard Law School) and in Germany (LMU- Munich), and has worked for the last decade in Paris. He is also a high school drop-out.

Barbara Thiel

Barbara Thiel

DPA Niedersachsen

Barbara Thiel was elected by Niedersachsen’s Parliament as Data Protection Officer for Niedersachsen on the 18th December 2014 and has been appointed for eight years. Her task is to supervise the adherence to data protection rules by public authorities as well as by companies and other private organizations in Niedersachsen and to protect the right on informational self-determination by doing so. Barbara Thiel grew up in the town of Salzgitter. After she started her career with the community of Salzgitter, her law studies in Göttingen and legal clerkship in Niedersachsen she worked for the Ministery of the Interior in Niedersachsen, for the Central Auditing Authority of Niedersachsen and for the county of Wolfenbüttel. At last she was Head of Department at the region of Hannover.

David Stevens

David Stevens

DPA Belgium

Before becoming the first chairman of the GBA, David Stevens was Data Protection Officer at Telenet and Nielsen. David has more than 20 years of expertise in law and IT. He started his career as a researcher of the “Center for Intellectual Property and ICT Law (CiTiP)” at the Katholieke Universiteit Leuven. He defended his thesis in 2009 on the subject of the independence of the regulatory authorities in the telecommunications and media sector.

Anna Morgan

Irish Data Protection Commission

Anna Morgan is the Head of Legal and a Deputy Commissioner in the Irish Data Protection Commission (DPC), having been appointed in 2016. In her current role, Anna was the lead rapporteur for the EDPB Guidelines on Transparency and represents the DPC at plenary and subgroup meetings of the EDPB. In addition to her legal advisory role, Anna also oversees a large number of cross-border processing investigations into multinational companies which are being conducted by the DPC. Prior to her role at the DPC Anna worked in private practice, most recently as a Senior Associate in Litigation & Dispute Resolution at Arthur Cox.

Stephen Deadman

Stephen Deadman


Stephen joined Facebook as Global Deputy Chief Privacy Officer in January 2015 to lead global privacy policy for Facebook internationally. In May of this year, he assumed the position of Facebook’s first Data Protection Officer for Europe in accordance with GDPR.
Prior to joining Facebook, Stephen served as Global Privacy Officer and Head of Legal for Privacy and Security at Vodafone Group, where he founded the company’s global privacy program and won the IAPP Innovation Award for Privacy in 2012.
With over 18 years of experience in the technology and telecoms sectors, Stephen has worked on many emerging technology, policy and privacy issues including geo-location services, mobile advertising and analytics, identity, big data, law enforcement and human rights, and spoken at many industry, privacy and security conferences around the world.
Stephen has also played an active role in the protection of human rights in the technology and communications sectors since 2005, working closely with civil society organisations, academics and ethical investors.  He played an active role in the formation of the Global Network Initiative in 2008 and helped found the Telecoms Industry Dialogue on Human Rights, announced in February 2013.

Damien Kieran


Damien Kieran serves as Twitter’s Global Data Protection Officer and is a Legal Director and Associate General Counsel. Damien leads Twitter’s data protection team responsible for the company’s compliance with global data protection laws. Prior to becoming Twitter’s first Data Protection Officer, he was Global Litigation Counsel for Twitter and was responsible for managing non-U.S. litigation and regulatory matters for the company. He has testified before the U.S. Senate on Consumer Data Privacy and the European Commission on consumer protection. Before joining Twitter, Damien worked at the New York offices of Paul, Weiss, Rifkind, Wharton & Garrison, LLP, and Weil, Gotshal, & Manges LLP. His practice focused on complex contentious matters in the high-tech space. Prior to moving to the United States, Damien worked at Google, and a leading Irish law firm in Dublin. Damien received a Juris Doctorate, magna cum laude, from Northwestern University School of Law; a Master of Laws, summa cum laude, from University College Dublin; and a Bachelor of Laws, magna cum laude, from Nottingham Trent University. He served as Editor in Chief of the University College Dublin Law Review.

Lorena Marciano

Lorena Marciano


Lorena Marciano LL.M. is Director and EMEAR Data Protection and Privacy Officer at Cisco Systems. She is responsible for overseeing the risk management, data protection program implementation as well as external relationships for the region. Prior to joining Cisco, she has been working eight years for top tier national and international firms in Italy, Belgium and the US with main focus on Data Protection and Privacy, Intellectual Property and New Technologies. Lorena is an Italian qualified lawyer and holds a Law Degree from University of Rome and a LL.M. in Intellectual Property and Technology Law in the US.

Della Shea

Della Shea


Della Shea is an award-winning data strategist and a recognized authority on privacy and data protection. With nearly 20 years’ experience solving complex data challenges within and across the financial services industry, she has built a reputation of bringing the “art of the possible” to life by weaving ethical innovation practices into product development and operations. Della is currently the Chief Privacy and Data Governance Officer for Symcor Inc. where her work has been recognized internationally with the 2010 HP-IAPP Privacy Innovation Award. In 2013 she was named Canada’s Information Security Executive of the year and in 2019, she appeared before the House of Commons as an expert witness on “Privacy of Digital Government Services”. Prior to joining Symcor, Della was the Director of Privacy and Information Risk at the Royal Bank of Canada where she provided strategic direction that helped launch many of the Bank’s first digital initiatives. Passionate about the human side of data and corporate responsibility, Della’s work has been featured in various publications and she frequently speaks at prestigious academic and industry conferences including the MIT Chief Data Officer and Information Quality (MITCDOIQ) Symposium in Cambridge Massachusetts. Della holds a Masters of Business Administration degree from the Kellogg School of Management (Northwestern University) and from the Schulich School of Business (York University) and a Bachelor of Business Administration degree from Acadia University. She serves on several academic and industry boards including, the Analytics and AI Advisory Council (York University), Manning School of Business Advisory Board (Acadia University), Information Accountability Foundation Board of Directors, Council of Chief Analytics Officers Advisory Board (Conference Board) and the Council of Chief Privacy Officers Advisory Board (Conference Board). Della is also a former International Association of Privacy Professionals Advisory Board member (Canada) and conference chair.

Julie Brill

Julie Brill


In August 2017, Julie joined Microsoft in an executive leadership position at the forefront of many of the global regulatory issues that underpin digital transformation. She leads legal, regulatory and policy initiatives focused on privacy; data protection; internet governance; telecommunications; online safety and speech moderation; accessibility; and corporate standards. Julie spearheads Microsoft’s preparations for the European General Data Protection Regulation, as well as other privacy and regulatory mandates around the globe.
Prior to Microsoft, Julie joined the global law firm Hogan Lovells as Partner and Co-Director of its Privacy and Cybersecurity practice. She assisted clients with navigating the complex regulatory environment governing privacy, data breaches, cybersecurity, advertising and competition issues around the globe. Under her leadership, Hogan Lovells’ privacy and cybersecurity lawyers were named the top privacy practice in 2017 by Chambers. That same year, National Law Journal named Julie a ‘Cybersecurity Trailblazer’ for her thought leadership on these issues. Nominated by President Obama and confirmed unanimously by the U.S. Senate, Julie Brill served for six years as a Commissioner of the U.S. Federal Trade Commission.  As Commissioner, Julie worked actively on issues of critical importance to today’s consumers, including consumers’ privacy, appropriate advertising substantiation, financial fraud, and maintaining competition in industries involving health care and high-tech. Julie was named ‘the Commission’s most important voice on Internet privacy and data security issues,’ a ‘key player in U.S. and global regulations,’ ‘one of the top minds in online privacy,’ one of the top four U.S. government players ‘leading the data privacy debate,’ ‘one of the top 50 influencers on big data,’ and a ‘game-changer.’  Prior to becoming a Commissioner of the FTC, Julie served as Senior Deputy Attorney General and Chief of Consumer Protection and Antitrust for the North Carolina Department of Justice; and as Assistant Attorney General for Consumer Protection and Antitrust for the State of Vermont for over 20 years.  Julie graduated, magna cum laude, from Princeton University, and from New York University School of Law, where she had a Root-Tilden Scholarship for her commitment to public service.


James Sullivan

U.S. International Trade Administration

James M. Sullivan was named Deputy Assistant Secretary for Services, U.S. Department of Commerce, International Trade Administration in July 2017. In this role, Mr. Sullivan directs the U.S. Department of Commerce’s efforts to strengthen the global competitiveness of U.S. services firms, which account for 80 percent of the nation’s private sector economy. His primary areas of focus include the financial, digital and internet, supply chain, and professional and business services industries. Prior to joining Commerce, Mr. Sullivan was cofounder and president of TKOUT, a SaaS (software-as-a-service) provider of on-demand ordering solutions to ICT (information and communication technology) and digital media companies. Before that, he served as managing director and general counsel of Clover Investment Group, a private equity firm focused on lower middle-market hospitality and technology businesses. Previously, from 1999 to 2006, he practiced law in Washington, D.C., as a member of the white-collar defense teams at Morrison & Foerster and DLA Piper. Mr. Sullivan earned his BA in political science from the College of the Holy Cross, his JD from the Catholic University of America, and his MBA from Georgetown University. He is a member of the bars of the District of Columbia and the State of New York.

Bruno Gencarelli

Bruno Gencarelli

European Commission

Mr Gencarelli heads the newly created International data flows and protection unit at the European Commission (DG Justice and Consumers). He was in charge of the Commission’s work in the area of data protection in the decisive years of the legislative reform and the EU-US negotiations. In that capacity, he led the Commission’s delegation in the interinstitutional negotiations with the European Parliament and the Council that resulted in the adoption of the EU data protection reform (“General Regulation” and “Police Directive”). He was also one of the lead negotiators of the EU-US Privacy Shield and of the “Umbrella Agreement”. Mr Gencarelli previously served as a member of the European Commission’s Legal Service and as an assistant (référendaire) to a judge at the European Court of Justice after having practiced law in the private sector. He holds degrees in law and political science, and teaches EU Competition Law at Sciences Po Paris. He is the author of numerous publications on EU law.

Cecilia Alvarez

Cecilia Alvarez


Cecilia Alvarez is the EMEA Privacy Policy Director at Facebook since March 2019. From 2015 to 2019, she served as European Privacy Officer Lead of Pfizer, Vice-Chair of the EFPIA Data Protection Group and Chairwoman of IPPC-Europe. For an interim period, she was also the Legal Lead of the Spanish Pfizer subsidiaries. She formerly worked 18 years in a reputed Spanish law firm, leading the data protection, IT and ecommerce areas of practice as well as the LATAM Data Protection Working Group. Cecilia was the Chairwoman of APEP (Spanish Privacy Professional Association) until June and currently in charge of its international affairs. She is also the Spanish member of CEDPO (Confederation of European Data Protection Organisations) and member of the Leadership Council of The Sedona Conference (W-6). She is a member of the Spanish Royal Academy of Jurisprudence and Legislation in the section of the Law on Technologies of the Information and the Knowledge as well as Arbitrator of the European Association of Arbitration (ITC section).

Jörg Steinhaus

Jörg Steinhaus


Joerg Steinhaus is Group Data Privacy Officer of Merck KGaA. With his Team he manages and is responsible for compliance with data protection regulations for Merck worldwide. Prior to joining Merck, Joerg was Data Protection Officer for the Fresenius Group, where he focused on patient data protection and initiated the implementation of Binding Corporate Rules. He studied at the Universities of Muenster/Germany and Granada/Spain (Political Science) and the University of Mainz/Germany (Business Law), both with distinction. Joerg is a part-time lecturer at the Philipps-University Marburg/Germany, a member of the advisory board for a compliance magazine and heads the data protection group of a German company lawyers association.

Paula Hothersall

Paula Hothersall

Information Commissioner’s Office (ICO)

Marit Hansen

Marit Hansen

DPA Schleswig-Holstein

Since 2015 Marit Hansen is the State Data Protection Commissioner of Land Schleswig-Holstein and Chief of Unabhängiges Landeszentrum für Datenschutz (ULD). Before being appointed Data Protection Commissioner, she has been Deputy Commissioner for seven years. Within ULD she established the “Privacy Technology Projects” Division and the “Innovation Centre Privacy & Security”. Since her diploma in computer science in 1995 she has been working on privacy and security aspects.

Her focus is on “data protection by design” and “data protection by default” from both the technical and the legal perspectives. In September 2018 she became member of the Data Ethics Commission of the Federal German Government.

Dr Stefan Hanloser

ProSiebenSat.1 Media

Dr Stefan Hanloser is Vice President Data Protection Law at ProSiebenSat.1 Media SE, one of the largest independent media corporations in Europe, reaching 42 million TV households every day in the TV markets Germany, Austria, and Switzerland. Operating out of the company’s headquarter in Munich, Stefan oversees ProSiebenSat.1’s group-wide privacy legal program. Prior to joining ProSiebenSat.1, Stefan worked as Global Corporate Privacy Officer at Allianz Asset Management AG, the financial services holding of Allianz Group. Stefan has a background as an information technology lawyer with two international law firms in Munich, New York, and Washington, D.C.

Dr. Rob van Eijk

Dr. Rob van Eijk

Future of Privacy Forum

Dr. Rob van Eijk works at The Future of Privacy Forum (FPF) as Managing Director for Europe. In this role, Eijk implements FPF’s agenda in Europe, oversee its day-to-day operations, and manage relationships with stakeholders in industry, government, academia, and civil society. Eijk is a technologist with an M.Sc. from Leiden Institute of Advanced Computer Science and a Ph.D. from Leiden Law School. He worked at the Dutch Data Protection Authority (DPA) for nearly ten years and has since become an authority in the field of online privacy and data protection. He represented the Dutch DPA in (inter)national meetings and as a technical expert in court. He also represented the European Data Protection Authorities, assembled as the Article 29 Working Party, in the multi-stakeholder negotiations of the World Wide Web Consortium on Do Not Track.

Prof. Dr Ulrich Wuermeling LL.M.

Prof. Dr Ulrich Wuermeling LL.M.

Latham & Watkins

Ulrich Wuermeling is a Visiting Professor at Queen Mary University of London and an attorney at the law firm Latham & Watkins LLP. At Queen Mary University of London he teaches and researches in European data protection law. In his work as an attorney, he consults on data protection law and represents clients in data protection disputes. He has been hosting the Euroforum data protection congress since its year. Mr. Wuermeling obtained his doctorate on the subject ?trade barrier privacy? from the University of Würzburg and has published numerous articles on privacy law.

Dr Sara Hoffman


Dr Sára Gabriella Hoffman works on global privacy, data protection and cybersecurity matters for Stripe. Previously, she worked for an international law firm focusing on privacy, data protection and antitrust law. She is a cloud architecture expert. As Microsoft Fellow at Stanford, she studied technical and legal aspects of setting up data centers and protecting information from a data security perspective. Since 2013, she is a lecturer at the Freie Universität Berlin and Technische Universität Berlin, where she teaches classes on privacy engineering, data protection and competition law, as well as law & economics. She is a member of the Association for Computing Machinery (ACM).

Gabriela Krader

Deutsche Post DHL

Gabriela Krader LL.M is corporate data protection officer of Deutsche Post DHL (DPDHL), a global mail and logistics group with around 470,000 employees located in 220 countries. Krader is responsible for group-wide policies and strategy in the area of data protection and privacy and coordinates the worldwide DPDHL data protection organization. She is the author of publications in the fields of European/international data protection legislation, telecommunications surveillance and compliance regulations and also regularly speaks at national and international data protection and privacy conferences. Prior to her current function, Krader acted as senior legal counsel for Deutsche Telekom AG. She graduated from Marburg University in 1989 and obtained a master’s degree at London School of Economics in 1990.

Pierre Faller

Pierre Faller


Following several years as Data Protection Officer (DPO) within European institutions and agencies where Pierre gained experience and visibility on future data protection regulations, including GDPR, Pierre worked at PayPal between 2017 and 2019 as Privacy Counsel. There, he handled the implementation of various legal GDPR requirements. Now at Christian Dior Couture since 2019, as DPO, Pierre is fully involved in the implementation of a Privacy governance program, at global level. In his spare time, Pierre is an active member of the International Association of Privacy Professionals (IAPP), and organizes as co-chair of the Paris KnowledgeNet Chapter, conferences, debates and roundtables in the area of privacy, data protection and governance.

Caroline Louveaux


Caroline Louveaux is Chief Privacy Officer at MasterCard. Prior to joining MasterCard in 2007, Caroline worked in private practice, where she specialized in EU and Competition Law. She also worked at the CRID, a well-known research center for computer and law in Belgium, where she performed legal research in the area of new technologies.

Caroline holds a law degree from the U.C.L. (Belgium) and U.B.A. (Buenos Aires, Argentina) and a LLM degree in International Trade Regulation from the New York University (NYU). Caroline is admitted to the NY Bar.

Dr Axel Kessler LL.M.


Dr Axel Kessler, LL.M. is a specialized lawyer in the area of IT, new Media and Data Privacy since 1998. He is admitted to the German and the New York Bar. After starting his career with Hogan Lovells he took an in-house counsel position with Siemens in 2004. First he advised on IT matters and Outsourcing transactions, and then he was leading a M&A team responsible for internal restructurings. 2013 he took over the global position as Head of Data Privacy, being responsible for the Data Privacy program for all Siemens group companies and its 380.000 employees.

Eike Westermann

Hella Group

Eike Westermann is the Global Data Privacy Lead for the HELLA Group as well as the Global Head of Corporate Risk Management. He has been working in data privacy as a lawyer and consultant for more than twelve years and is a member of the VDA Working group on data privacy.

Prof. Christopher Millard

Prof. Christopher Millard

Queen Mary University of London

Christopher Millard is Professor of Privacy and Information Law in the Centre for Commercial Law Studies at Queen Mary, University of London. He has 30 years experience in technology law, in both academia and legal practice, and currently leads the Cloud Legal Project at CCLS. He has been Chairman of the Society for Computer & Law, President of the International Federation of Computer Law Associations and Co-Chair of the Technology Law Committee of the International Bar Association. He has published widely on technology and privacy law topics and co-edits the International Journal of Law and IT and International Data Privacy Law (both Oxford University Press). Before he joined Bristows as a consultant in 2008, Christopher was head of the global privacy practice at Linklaters and prior to that he was a partner at Clifford Chance.

Simon Hania


Simon Hania is Data Protection Officer at Uber, heading the global team that independently advises on and monitors Ubers compliance with GDPR. In the past Simon held the position of VP Privacy & Security at TomTom and before that various positions in IT service management. Simon is a trained engineer who has learned to love the law.

Ellis Perry

Ellis Parry


Ellis Parry joined the Information Commissioner’s Office in November 2019 as its first Data Ethics Adviser. Ellis Parry left BP in May 2019 where he was the Global Lead for Data Privacy for over eight years, prior to that he was Global Privacy Counsel at the pharmaceutical company AstraZeneca for eight years. Ellis is a solicitor with 19 years’ PQE, an MBA and is a contributing author to Sweet & Maxwell’s “Data Protection Law & Practice” 4th and 5th editions and its standalone guide to the GDPR. His experience encompasses all aspects of information rights laws with a particular focus on and interest in ethical implications of big data, artificial intelligence and machine learning and their intersection with the GDPR in particular in the field of bioethics.

Florian Thoma


Florian Thoma is Accenture´s Senior Director, Data Privacy. In this role – and leading the global data privacy team – he has responsibility to govern and oversee global data privacy compliance as well as provide opportunities support to the business, with a focus on Digital, Analytics, Internet of Things and Big Data. Florian also works closely with Accenture?s Government Relations team.
Accenture is a global management consulting, technology services and outsourcing company, with more than 358,000 people serving clients in more than 120 countries helping them become high-performance businesses.

A frequent speaker and author, Florian also works regularly with the IAPP ? where he served on the Board of Directors from 2010-2014 and on the European Advisory Board ? and other organizations including Bitkom, Germany?s IT, Telco and New Media Association.

Before joining Accenture, Florian was long term Siemens Chief Data Protection Officer with responsibility for global data protection strategy, governance and operations.

Florian graduated in Law at Regensburg University in 1994.

Michael Rubin

Michael Rubin

Latham & Watkins

Dr Friedrich Popp

Dr Friedrich Popp

Debevoise & Plimpton

Knut Mager

Knut Mager

Novartis International

Knut Mager is Novartis’ Head Global Data Privacy. Knut joined Novartis in 2003 as General Counsel, Head of Legal of the Sandoz Division. Since 2007, Knut held various leadership positions with Novartis Group Legal inter alia Head of Commercial Legal and Head Country Legal Organizations. He started his career as legal counsel at Schering AG (now Bayer) in Berlin, Germany where he also held the positions of Head of Patents and Head Corporate Strategy. Knut is a German attorney-at-law (Rechtsanwalt) and INSEAD certified international director (IDP-C).

Dr Fabian Niemann

Dr Fabian Niemann

Bird & Bird

Gil Zhang

Gil Zhang

Fangda Partners

Nikhil Narendran

Nikhil Narendran

Trilegal India

Nikhil Narendran is a Partner in Trilegal India in the TMT and general corporate practice area. Nikhil advises new age e-commerce and technology companies in India on their business models and regulatory issues including data protection. On the media sector, Nikhil has advised both traditional and new age content delivery services including those offering traditional cable services, triple play and dual play. He has advised some of the major OTT players with respect to their online content strategy in India and closed content delivery networks. Nikhil’s advise in the telecom regulatory sector ranges from mobile telephony to enterprise data to OSP and call centre related work. He was the winner of the ITechLaw Association’s (formerly Computer Law Association) Travelling Fellowship Award 2011 as a part of which he worked at six European firms specializing in TMT. He is currently the Co-Chair of ITechLaw Substantive Law committee on Interactive Entertainment & Media and is on the board of directors of the ITechLaw. He has been recognized in the Who’s Who Legal Telecommunication, Media and Technology.

Marc Placzek

Marc Placzek


Marc Placzek is PayPal’s International Data Protection Officer and Head of International Privacy.
He looks back on 11 years of legal experience with focus on Data Privacy. Prior to joining PayPal in 2016, he worked for a data protection consultancy advising on and rolling out privacy programs for companies with a global focus. He also worked in the legal department of the European Patent Office in its data protection and employment unit. He started his career at an Australian law firm based in Sydney. Marc studied law at the universities of Frankfurt, Barcelona and Munich.

Dr Anna Zeiter


Dr Anna Zeiter, LL.M. is Chief Privacy Officer of eBay Inc. She joined eBay in 2014 as the Head of Data Protection for the EMEA region. In March 2018 Anna Zeiter has been appointed as Chief Privacy Officer and is leading since then eBay’s Global Privacy Program. Before joining eBay Anna Zeiter graduated in 2014 with honors from the LL.M. Program in Law, Science & Technology at Stanford Law School. From 2009 until 2013 Anna has been working as a lawyer for two international law firms in Hamburg (DLA Piper and Norton Rose Fulbright), specializing in data protection, IT and ecommerce law. Before working as an attorney Anna Zeiter did her Ph.D. in the field of free speech and media law at the University of Hamburg. Besides that, Anna Zeiter is regularly giving speeches at international data protection conferences, teaches at universities (e.g. at the University of Geneva, the University of Göttingen and the University of California at Berkeley), and publishes regularly articles on current data protection issues, e.g. in the Stanford Transatlantic Technology Law Forum and other European Journals.

John Bowman

John Bowman

Promontory Financial Group (UK) Ltd.

Lennart Schüßler

Lennart Schüßler

Bird & Bird

Tim Wybitul

Tim Wybitul

Latham & Watkins

Tim Wybitul is a partner in the Frankfurt office of Latham & Watkins and a leading data protection lawyer in Germany, advising companies on complex data protection issues. He focuses on the implementation of the EU General Data Protection Regulation (GDPR) and employee data protection as well as internal investigations, data protection authority probes, respective litigation, and other data privacy-related legal disputes. Mr. Wybitul is regularly rated as one of the top data privacy advisors in the German market.