Key takeaways from CPDP Data Protection Day 2025
After a successful second edition of CPDP Data Protection Day, co-organised by CPDP, the Council of Europe and the European Data Protection Supervisor, it is worthwhile looking back at the proceedings to elaborate on some key takeaways from the panels and keynotes.
Although the conference was themed around new mandates, there was also much emphasis on continuity for data protection throughout the day. Broadly speaking, these took two forms:
Continuity of purpose: data protection has emerged as a safeguard and protector of democracy over the years, and its importance in this regard is expected to increase;
Continuity of institutions: although the challenges for the implementation of data protection legislation are plethora, enforcement has increased significantly over the years and can count on some strong institutions and mechanisms that will be harnessed and utilised in the years to come. National Data Protection Authorities and EDPS will continue to play a key role in guarding fundamental rights inside and outside the Union and in setting a positive example for the rest of the world, which makes the independence of the EDPS even more important than ever. It is up for debate whether or not the GDPR will be rewritten, and it will be enticing to follow developments around Convention 108+, which aims to be a global standard-setter and will do so by relying on the strong multilateral connections of the Council of Europe.
While new political mandates are taking shape in Europe and beyond, some emphasis on continuity seems far from misguided. As the historian Timoty Snyder has outlined, it has been a mistake too often repeated to think that democratic institutions will protect themselves in the face of authoritarian power.[1] Defending democracy against tyranny requires active participation in and interaction with institutions that safeguard democratic rights.
However, although the conference opened for fresh perspectives and discussions around new technologies, we cannot escape the fact that policy and legislation lag behind technological innovations. Challenges posed by neuroscience were discussed in depth, but the risks entailed by quantum sensing and other quantum technologies did not feature centrally, even though privacy legislation will have to address them soon, too.
Similarly, policymakers and policy enforcers are facing huge challenges because of the complexity of the legislation emerging from the EU. The few industry voices that participated in the panels repeatedly stressed that EU digital legislation is too complex and found broad agreement within the room. Data protection too often remains a complex subject that perplexes even the most knowledgeable lawyers and politicians.
For this reason and others, and this was also stressed by several panel participants, multidisciplinary perspectives are needed in the data protection community. As the mandate of data protection has evolved to the protection of democracy and of a wide set of fundamental rights beyond privacy, the question of its broader relevance to society must also be studied, influenced and promoted by a wide variety of agents. For example, as Professor Jo Pierson highlighted, social science can help to clarify how to make laws more actionable, that is, implemented to have the effects on society that they are intended to have.
Broad perspectives are what CPDP is about, and it is why we as a community will continue to bring different voices together in a spirit of critical, multidisciplinary and knowledgeable interactions. We look forward to the challenges that are coming our way and will be glad to work with the new Data Protection Supervisor once they have taken office, or to continue our successful, long-standing collaboration with Supervisor Wojciech Wiewiórowski.
Thank you to EDPS and the European Commission for providing the venue for this edition of CPDP Data Protection Day, which included around 400 in-person and several hundred online participants. Speakers and moderators represented 37 different institutions, universities, companies and other organisations.
Review the sessions via the Streaming Service of the European Commission!
The Gaspari room, Jenkins Room and the Mansholt Room.
Written by Joren Baillière
[1] Synder, Timothy (2017): On Tyranny: Twenty Lessons from the Twentieth Century. New York: Penguin Random House LLC, pp. 22-25.