Freedom AND Security

22 - 23 November 2018
  • Conference
Killing the zero sum process. #kill0sum. The Hague, 22-23 November 2018

In an era of globalized terrorism and ever increasing cybercrime the use of state-of-the-art investigative techniques and certain forms of surveillance by law enforcement and security services is absolutely crucial to safeguard security. At the same time individuals rightfully attach increasing importance to their right to personal privacy – including in the cyberspace. As a consequence, operations by law enforcement and other security authorities are frequently questioned in terms of data protection compliance. The sometimes heated public debate often follows an “either/or logic” suggesting that we can never have it all: if we turn up freedom, we get less security, and if we turn up security, we get less freedom. But is that really true?

At least the perception of a contradiction between freedom and security is these days probably stronger than ever: this is the framework in which this year’s EDEN conference “Freedom AND Security – Killing the zero sum process” will develop. Following the success of its 2016 predecessor (“Privacy in the Digital Age of Encryption and Anonymity Online”), this event is the result of the collaboration between the Europol Data Protection Experts Network (EDEN) and the Academy of European Law (ERA), and will be held at Europol Headquarters on 22-23 November 2018. Due to the high visibility of its speakers – coming from different sectors all over the world – and due to the relevance of its topics – from the implementation of the Police and Justice DP Directive to the end of the data retention regime – this conference represents a great opportunity for any relevant stakeholder interested in data protection matters in a law enforcement context. By discussing the impact that the processing of data in an interconnected and borderless cyber-world has for both the fundamental rights of citizens and the world of law enforcement and security authorities, the conference will aim to overcome the perceived contradiction between freedom and security.

Register to the event



Thursday, 22 November 2018

(H08:00) Arrival and check-in with security

(H09:00) Registration of participants

(H09:30) Welcome address of the Executive Director of Europol


Catherine De Bolle is the Executive Director of Europol. Before taking up her post as Europol’s Executive Director in May 2018, Catherine De Bolle served as General Commissioner of the Belgian Federal Police from 2012.  Prior to her appointment as Belgian Police Commissioner, Ms De Bolle was Chief of Police in Ninove. In January 2015 she has received the title of Public Manager of the year and since November 2015 she is a member of the Executive Committee of Interpol. Ms De Bolle studied law at Ghent University and then went on to graduate from the Royal Gendarmerie Academy in Belgium.

Keynote Speech – Moving away from the “Freedom vs. Security” tune

The notion of balancing ‘freedom vs. security’ constitutes a false dichotomy presenting a unitary dial: if we turn up freedom, we get less security, and if we turn down freedom, we get more security. Freedom and security are viewed as a zero sum trade-off. Although there is no doubt of a relationship between freedom and security, with changes in one sometimes affecting the other, it is often possible to increase security without decreasing our freedoms. Sometimes, for instance, a decrease in data protection rights leads to no meaningful increase in security.

This keynote speech will highlight the fact that the possibility of increasing security without decreasing data protection rights also forms the very basis of ‘data protection-by-design’ in a law enforcement context.


Wojciech Wiewiórowski is the Assistant Supervisor at the EDPS. He was appointed by a joint decision of the European Parliament and the Council on 4 December 2014 for a term of five years. Before his appointment, he served as Inspector General for the Protection of Personal Data at the Polish Data Protection Authority, a position which he had held since 2010. He was also Vice Chair of the Working Party Article 29 Group. Mr. Wiewiórowski is the author of numerous studies, publications and lectures in the field of personal data protection, IT law, e-government and legal informatics. His areas of scientific activity include, firstly, Polish and European IT law, the processing and security of information, legal information retrieval systems, informatisation of public administration, electronic signature and application of semantic web and legal ontologies in legal information processing. He is a member of the Polish Association for European Law.

Panel 1: Impact of GDPR on law enforcement: the WHOIS story

The General Data Protection Regulation 2016/679 (GDPR) came into force on 25 May 2018 and is part of the new data protection reform package, together with Directive 2016/618 in the police and criminal justice sector (Police and Justice DP Directive). GDPR explicitly excludes the processing of personal data by law enforcement authorities, which is regulated by the Police and Justice DP Directive. However, the response of some stakeholders to the entry into force of GDPR has had adverse effects on law enforcement, as the example of the WHOIS database shows. WHOIS is a publicly available and decentralised database of registration and contact information of the retailers (registrars) and owners (registrants) of domain names. Registries (wholesalers of domain names) and registrars have a contractual obligation with ICANN to store, process, and publish online the information that is used to register domain names online in the WHOIS database. For many years, law enforcement agencies (LEAs) have relied on WHOIS to investigate and attribute crime online. Since 2003 data protection authorities have, however, taken issue with the public availability of the personal data contained in WHOIS. ICANN has not evolved significantly, as the ICANN community has not managed to agree on a replacement policy. LEA access to the data had been largely unaffected up to 25 May 2018. GDPR foresees fines of up to €20 million, or 4% of the worldwide annual revenue, for non-compliance. Registries and registrars have therefore decided to remove personal data from the publicly available WHOIS. As a consequence, while the legitimacy of law enforcement access to registration data, including personal data, for investigation purposes is generally not challenged, LEA access to such data is seriously affected.

This panel will explore the practical implications of what may be deemed “GDPR collateral damage for LEAs” and discuss the possible way forward.


Wil van Gemert is the Deputy Executive Director of Europol and Head of the Operations Directorate. He manages a department of experts, specialists and analysts dealing with serious and organised crime, as well as terrorism and cybercrime. Previously, he was appointed Director of National Security at the General Intelligence and Security Service (AIVD) of the Dutch National Intelligence Service.



Philipp Amann is the Head of Strategy of the European Cybercrime Centre (EC3). Previously, he held management positions at the Organization for Security and Co-operation in Europe (OSCE), at the Organisation for the Prohibition of Chemical Weapons (OPCW), and at the International Criminal Court (ICC). He has worked for more than 17 years in the field of information and cyber security management, policy development, electronic evidence management, and intelligence analysis.

MIRKO MANSKE (Panellist)

Mirko Manske is the Teamlead of Cyber Intelligence Operations at the Bundeskriminalamt (BKA), the Federal Criminal Police Office of Germany. With more than 25 years of LE experience, during his career he served on a variety of positions in the field of Software Development, Counter-Money-Laundering operations, Hostage Situations and Counter Terrorism. His current team is the central intake for any international cybercrime-related matters in Germany.


Cecilia J.M. Verkleij is the Deputy Head of Unit Police Cooperation and Information Exchange at the Commission’s Directorate General Migration and Home Affairs (DG Home). She joined the then Directorate General for Justice, Freedom and Security in 2005. Her current area of responsibility is to facilitate access to information for law enforcement authorities and agencies within the European Union, with a particular focus on personal data collected by private companies to prevent and fight terrorism and serious crimes. She was a member of the EU teams that negotiated the Passenger Name Records (PNR) agreements for Canada, the US, and Australia. She also was a member of the EU team that negotiated the EU-US TFTP Agreement, and participated on behalf of DG Home in the negotiations with the US on a data protection framework agreement in the law enforcement sector.


Dr. Gregory Mounieris the Head of the Outreach and Prevention team at the European Cybercrime Centre (EC3). He is an experienced Policy Advisor with a demonstrated history of working in the law enforcement industry. He is a member of the GAC Public Safety Working Group of ICANN (PSWG) where he focuses on the reform of the WHOIS.

Panel 2: Data as the new oil? Risks and opportunity for citizens and law enforcement

The claim “Data is the new oil!” suggests that data is a valuable commodity with many different uses across many applications. It is commonly accredited to Clive Humby, a British mathematician who highlighted the fact that, although inherently valuable, data needs processing, just as oil needs refining before its true value can be unlocked. However, more recently there have also been voices criticising the analogy by highlighting important differences: oil requires huge amounts of resources (including oil itself) to be transported to where it is needed. Data, on the other hand, can be moved around the world at the speed of light, at very low cost, through optical fibre networks. While oil is a finite resource, data is effectively infinitely durable and reusable. Treating it like oil, i.e. hoarding it and storing it in siloes, has little benefit and reduces its usefulness. At the same time the unconditioned collection also raises serious data protection concerns.

This panel will highlight risks and opportunities of data usage in the private as well as in the public sector and will set the scene for this law enforcement centred conference.


Cornelia Riehle is the Course Director in Section III and Deputy Head of Section at the Academy of European Law. Previously, she worked as a lawyer at the Legal Service of Eurojust. Her expertise concerns Counter-terrorism and Criminal Justice.



PAUL DE HERT (Moderator)

Prof. Paul De Hert is full professor at the Vrije Universiteit of Brussels and associated professor at Tilburg University (Tilt). He is Co-Director of the Brussels Privacy Hub (BPH) and co-founder of the Privacysalon. His work addresses problems in the area of privacy and technology, human rights and criminal law.

I am moderating a fascinating panel questioning the image of data as (the new) oil. It is good to look at the devices and concepts we use when discussing things and this panel will probably, judging the excellent speakers, makes us more hesitant while using oil as a reference point in fundamental rights discussions



Ralf Bendrath was the Senior Policy Adviser of Jan Philipp Albrecht, MEP (Greens/EFA). He hacked the Commodore C-64 in the eighties, studied security policy and information warfare in the nineties, and researched internet privacy in the 2000s. His work focuses on digital civil liberties, including privacy and security. Since Jan Philipp Albrecht left the European Parliament in July, Ralf Bendrath continues his work as senior policy adviser of Romeo Franz MEP.

The challenge with big data for law enforcement is to prevent individual profiling and automated discrimination by all means.


Jyn Schultze-Melling is an Associated Partner at Ernst & Young Law in Berlin. He counsels his clients as a DPO Coach and a GDPR implementation strategy consultant. Previously, while he was Facebook’s Director for Privacy Policy for Europe, he steered the company’s policy efforts in data protection and privacy all over Europe.

BABAK AKHGAR (Panellist)

Prof. Babak Akhgar teaches Informatics at the Sheffield Hallam University. He is the director of CENTRIC and Fellow of the British Computer Society. He has extensive and hands on experience in development, management and execution of Knowledge Management (KM) projects and large international security initiatives, including combating terrorism and organised crime.

Legally optioned data is the corner stone of any intelligence lead policing for safety and security of citizens.

ELS DE BUSSER (Panellist)

Dr. Els De Busseris Assistant Professor Cyber Security Governance at the Institute of Security and Global Affairs at Leiden University. She is also Educational Director of the Cyber Security Academy at Leiden University, and an award winning researcher connected to The Hague Program for Cyber Norms. Her research is focused on cybersecurity, cyber governance, privacy, and data protection especially in the EU-US cooperation in criminal matters.

Panel 3: Data as the hostage – ransomware is still alive!

Ransomware remains one of the most prominent malware threats, overshadowing data stealing malware and banking Trojans. Ransomware is a malware which locks computers, for instance by clicking on a malicious link. All of the personal data on the computer is no longer available to the user. The cybercriminals demand a ransom, usually in the form of bitcoins, to unlock the computer – bitcoin being the most prominent cyber-currency and very hard to trace back. If the locked computer is full of family photographs with no backup anywhere else, the user may be willing to pay. Things get way more serious if this is not just about family photographs but about the IT infrastructure of a hospital holding the health data of hundreds of patients.

This panel will examine the current ransomware threat landscape, related law enforcement challenges, and ways to safeguard your personal data by protecting against infection.


Sonia de Sousa Pereira currently works as a specialist at the Data Protection Function of Europol. She is a former criminal lawyer and a researcher working on the implementation of victim-offender mediation and other restorative practices in Portugal. Sonia worked also in the legislative process of the Portuguese Government. Her areas of expertise include: data protection, law enforcement, penal law, restorative justice and the criminal justice system, gender equality.


Dr. Nicole S. van der Meulen works as Senior Strategic Analyst at the European Cybercrime Centre (EC3) where she leads the Strategy and Development team. She has worked as Advisor of Security Affairs at the Dutch Banking Association, and has led the cybersecurity side of Defence, Security and Infrastructure (DSI) team at RAND Europe in Cambridge. Prior to those engagements, she worked for the Dutch government where she was co-responsible for the development of the first Cyber Security Threat Assessment, before returning to academia at the start of 2012 as an Assistant Professor at the Department of Transnational Legal Studies at the VU University in Amsterdam.

RIK FERGUSON (Panellist)

Rik Ferguson, Vice President Security Research at Trend Micro, is one of the leading experts in information security. He is also a Special Advisor to Europol’s European Cyber Crime Centre (EC3),. In April 2011 Rik was inducted into the Infosecurity Hall of Fame. Rik is actively engaged in research into online threats and the underground economy. He also researches the wider implications of new developments in the Information Technology arena and their impact on security, both in the enterprise and for society as a whole.

While current statistics show that criminal interest in ransomware has plateaued, with only a 3% increase in ransomware related incidents in the first half of 2018 (compared to 2H 2017), it is important to remember that this plateau comes after years of exponential growth. Ransomware remains a real threat to data and to business continuity, and the criminal actors still innovating in this space are quick to adopt new tools and techniques into their malicious creations.


Francesca Bosco is Project Lead within the Cyber-Resilience team of the World Economic Forum’s Center for Cybersecurity. She worked for several years in the United Nations Interregional Crime and Justice Research Institute (UNICRI). She has been researching and developing technical assistance and capacity building programs to enhance cyber-resilience through creation of a dedicated workforce, as well as to ensure diversity and inclusion in cybersecurity; she has done research for a long period how to counter the involvement of organized crime within the field of cybercrime, as well as examining the legal implications and future scenarios of terrorist use of the internet and cyberterrorism.


Stefano Fantin is a Legal and Policy Researcher at the Centre for IT & IP Law (CiTiP) at the Catholic University of Leuven. He has worked as a civil servant in the British Government at the Cabinet Office, where he focused on compliance and policy making regarding GDPR implementation, national cyber security strategy and Brexit in the context of the Government Digital Service task-force. Currently, he researches in the cyber policy and data protection fields (intelligence, law enforcement and e-Government).

In tackling the spread of ransomware, we cannot forget the crucial role of policies aimed at coordinating a responsible handling and disclosure of software vulnerabilities. This is not a matter of cyber hygiene only. It’s rather a way to hold actors accountable in the cyberspace. From vendors to researchers, from the general public to Governments and security agencies, disclosure policies might truly help sharing responsibilities in Europe and globally.


Juraj Sajfert is a qualified lawyer in Croatia and has joined the Data Protection Unit of DG Justice and Consumers at the European Commission in 2014, moving from the position of a case-processing lawyer at the European Court of Human Rights. Ever since, Juraj works on the development and application of EU data protection law. Juraj has been closely involved in the process of drafting and negotiating the new EU data protection legislation, particularly focusing on the Data Protection Directive for police and criminal justice authorities, the Data Protection Regulation for Union institutions and bodies and data protection rules for the European Public Prosecutors’ Office and Eurojust. He is also the Commission lead expert in Schengen evaluations of Member States in the field of data protection. He publishes regularly on topical issues for data protection in the area of law enforcement.

These are decisive times for the development of data protection culture and high standards of privacy protection across the European law enforcement authorities.

Panel 4: The take-down of Hansa – at times the Darknet ain’t that dark!

Darknet markets are a key crosscutting enabler for other crime areas, providing access to – amongst other things – compromised financial data to commit various types of payment fraud, and fraudulent documents to facilitate fraud, trafficking in human beings, and illegal immigration. While an unprecedented number of users are now making use of Tor, the Darknet is not yet the mainstream platform for the distribution of illicit goods. However, it is rapidly growing its own specific customer base in the areas of illicit drugs, weapons, and child sexual exploitation material. Compared to more established Darknet market commodities, such as drugs, the availability of cybercrime tools and services on the Darknet appears to be growing relatively fast.

This panel will use the amazing example of Dutch law enforcement in taking down the Hansa marketplace in order to demonstrate that users cannot count on remaining anonymous online and committing a crime – even on the dark web.


Dr. Jan Ellermann works as Senior Specialist in the Data Protection Function (DPF) of Europol. He advises the organization in all matters concerning operational data protection. He has been research assistant at the University of Göttingen, lawyer in Hamburg, and public prosecutor in Flensburg.


Steven Wilson is the Head of European Cybercrime Centre (EC3) at Europol. He completed 30 years of service with Police Scotland, previously having served with Strathclyde Police, Scottish Crime and Drug Enforcement Agency and Her Majesty’s Inspectorate of Constabulary. He has worked in a wide range of Senior Detective Roles including major investigations, counter terrorism, covert policing, fugitives and witness protections. He had responsibility for all aspect of cyber and cyber enabled crime in Scotland.


Nils Andersen Röed is the Project Leader at the Dark Web Unit of the Dutch National Police. He is also the Project Leader of Operation Gravesac / Bayonet, consisting in the takeover and takedown of darknet markets Hansa Market and Alphabay. Previously, he has worked as Network Engineer at Tele2 Nederland.


Lodewijk van Zwieten joined the public prosecution service of the Netherlands in 2004 and has over 10 years of experience in criminal investigations and prosecutions of cybercrime. As National Prosecutor for cybercrime (2009-2015) he was responsible for all operations of the High Tech Crime Unit of the Dutch National Police, including such ground-breaking cases as the Bredolab takedown, the Diginotar Breach and Blackshades. From 2015 to 2018 he was seconded to Eurojust as cybercrime expert prosecutor, assisting EU Member States in their cases and working closely with Europol’s European Cybercrime Centre (EC3) and the J-CAT.


Dr. Victoria Baines is a leading author and speaker in the field of cybersecurity. Her areas of research include electronic surveillance and evidence gathering, the changing face of online identity, and the politics of cybersecurity. She serves on the Advisory Boards of Reliance ACSN and the International Association of Internet Hotlines (INHOPE), and is the Principal and Founder of Cartimandua Insight, a resource that helps governments and technology companies to navigate global cyber-diplomacy. For several years, Victoria was Facebook’s Trust & Safety Manager for Europe, Middle East and Africa. Before joining Facebook, Victoria led the Strategy & Prevention team at Europol’s European Cybercrime Centre (EC3), where she was responsible for the European Union’s cyber threat analysis. She designed and developed the iOCTA.

We know that criminals misuse all available technology in one way or another, and are among early adopters when new tech comes along. What does the future hold for dark spaces and where will cybercriminals inhabit next/

Panel 5: The death of data retention at EU level – the mass surveillance scandal fallout and its detrimental consequences for law enforcement.

Following the annulment of the Directive 2006/24/EC on Data Retention (DRD) by the Court of Justice of the EU (CJEU) in April 2014 due to a lack of proportionality (Digital Rights Ireland), and the Tele2 ruling in December 2016 (according to which also Article 15 of the ePrivacy Directive 2002/58/EC cannot serve as a legal basis for data retention), law enforcement and judicial authorities face enormous challenges in investigating online crime.

The present scattered data retention legal landscape has a serious impact on law enforcement operations. In the digital age, almost every form of “classic crime” has an online or communication component. Communications data is, in particular, a vital tool for cross-border investigations into terrorism, the migration crisis, and rising cybercrime, the latter having a high impact and increasingly low detection risk. Electronic communication data, such as IP addresses, is regularly the only starting point of an investigation. It is important to understand that there is often a gap in time between the moment a communication event occurs and the moment that law enforcement becomes aware of the relevance of related meta-data, due to the complexity of the investigations concerned. The reality is that due to the lack of mandatory data retention – in far too many cases – data is no longer available by the time law enforcement is able to request it.

The CJEU did not deem data retention to be non-compliant with fundamental rights. It highlighted that the fight against serious crime “genuinely satisfies an objective of general interest” and can hence also justify serious interferences with the right to private life and data protection.

This panel will look into the question of how a proportionate data retention regime at EU level, building on the criteria defined by CJEU, could be put into practice.


Dr. Jan Ellermann works as Senior Specialist in the Data Protection Function (DPF) of Europol. He advises the organization in all matters concerning operational data protection. He has been research assistant at the University of Göttingen, lawyer in Hamburg, and public prosecutor in Flensburg.


Dr. Christiane Hoehn is the principal adviser to the EU Counter-Terrorism Coordinator, for whom she has worked since 2010. Her previous assignments at the EU were transatlantic relations and non-proliferation and disarmament. Prior to joining Council of the EU in 2004, she was a researcher at the Max Planck Institute for International Law in Heidelberg and an affiliate at the Center for Public Leadership, Harvard Kennedy School of Government. Christiane holds a PhD in international law from Heidelberg University, an LLM from Harvard Law School and the two German State examinations in law. She has published a book and several articles in international law and international affairs.

BEN HAYES (Panellist)

Ben Hayes is a TNI fellow and researcher working on security, counter-terrorism, border control and surveillance. He previously set-up the counter-terrorism programme at the European Centre for Constitutional and Human Rights and worked with the civil liberties organisation Statewatch from 1996 to 2014. He has recently worked as a data protection legal advisor to both the UN Refugee Agency and the International Committee of the Red Cross before establishing his own data protection consultancy. He also works as an ethics advisor to the European Commission and European Research Council.

ILMARI VIRO (Panellist)

Ilmari Viro is the Head of Special Operation at the Telecommunication Unit of the National Bureau of Investigations of Finland. He has an established career in the world of law enforcement, working for the Finnish KRP in Vantaa for more than 14 years.


Prof. Gert Vermeulen teaches European and international criminal law, Cybercrime, technology and Surveillance and Data protection at Gent University and is the director of the Institute for International Research on Criminal Policy (IRCP). He is also Privacy Commissioner at the Belgian Data Protection Authority, and member of the Europol Cooperation Board. His scholarly and research expertise is mainly in the areas of European and international criminal law and policy, organised crime, terrorism, trafficking in human beings and (child) sexual exploitation, procedural rights, evidence and data protection.

Irrespective of later access or use restrictions, preventative data retention, collection or storage for protecting internal security or crime fighting must be sufficiently selective, in line with the standards set by the CJEU. The incumbent challenge is to identify selectors and discriminants to guide selective data retention, based on objective evidence, workable and feasible for law enforcement authorities as well as for industries concerned, manageable for oversight bodies, in full conformity with data protection standards, including as regards sensitive data and profiling rules, and not resulting in (either direct or indirect) discrimination. Searching for the Holy Grail or just a matter of more effort and creativity from law enforcement side?


Advocate General Henrik Saugmandsgaard Øe is in the Court of Justice since 7 October 2015. Previously, he was appointed by the Danish Government as consumer ombudsman, where he boldly brought cases against multinational companies. In the context of the joined cases C-203/15 and C-698/15, the Advocate General has stated in an Opinion that a general obligation to retain data imposed by a member state on providers of electronic communication services may be compatible with EU law, but that it is imperative that the obligation is circumscribed by strict safeguards.

Friday, 23 November 2018

(H08:00) Check-in with security

(H09:00) Conference registration

Panel 6: If you can make it there, you can make it anywhere – data protection by design for cooperation between law enforcement and intelligence services?

Both law enforcement agencies and intelligence services across the world hold valuable information which can facilitate the fight against terrorism. However, the willingness to enter into more intense cooperation is still limited. In the law enforcement community many intelligence services have a reputation of wanting to receive all available information – but not being willing to share anything in return. Even if “the need to share” became common practice, there would still be a lot of issues to be sorted out, many of which have a data protection component.

The aim of this panel is to build bridges between all stakeholders in order to enable the right choices on issues such as encryption and confidentiality of communication, purpose limitation and effectiveness of measures, bulk surveillance and deployment of the appropriate resources for independent and effective oversight of the activities of Intelligence Services and Law Enforcement Agencies.


Oldřich Martinů is the Deputy Executive Director of Europol, with specific responsibility for Governance matters. He joined the Czech Police in 1986 and was appointed Police President of the Czech Republic in 2007. He was the Czech Republic member of the Europol Management Board and a representative at the General Assembly of Interpol. Prior his appointment to Europol he worked at the Police Presidium of the Czech Republic, where his activities focused mainly on EU police cooperation matters.


Dr. Thorsten Wetzling heads the Stiftung Neue Verantwortung’s research on surveillance and democratic governance. He directs the European Intelligence Oversight Network and is responsible for the EU Cyber Direct project’s work relating to India. As an expert on intelligence and oversight, he was invited to testify before the European Parliament and the Bundestag on intelligence legislation. Recently, he became a member of the expert advisory board on Europe/Transatlantic of the Heinrich Boell Foundation in Berlin.


Prof. Joe Cannataci has been appointed UN Special Rapporteur on the right to privacy in July 2015. He is the Head of the Department of Information Policy and Governance within the Faculty of Media and Knowledge Sciences at the University of Malta. He is additionally Chair of European Information Policy and Technology Law with in the Faculty of Law at the University of Groningen.


Dr. Christof Tschohl is a ICT engineer and lawyer and serves since 2012 as Scientific Director of the Research Institute – Digital Human Rights Center in Vienna. He is primarily in charge of the development of research projects and publications on Human Rights and Information Technology and has been employed many years as a legal researcher for the Ludwig Boltzmann Institute of Human rights. He is the chairman of an NGO taking action against the comprehensive blanket data retention of traffic data records of all public communication services.


Mario Oetheimer, PhD(@MOetheimerFRA) is the Head of Sector Information Society, Privacy and Data Protection at the European Union Agency for Fundamental Rights (FRA). Among other projects, Mario managed the Agency’s research project on National intelligence authorities and surveillance in the EU. He coordinates the exchanges between the Agency and the Council of Europe. His areas of expertise include: data protection and freedom of expression; the European Court of Human rights. Previously, he worked for the Council of Europe for thirteen years – first with the Council of Europe human rights media division and then with the European Court of Human Rights research division.

Stronger intelligence oversight delivers stronger security. While intelligence sharing internationally and domestically is often vital for national security, we can only build trust in intelligence services through respecting privacy and data protection. This will lead to better data and analysis, and ultimately a safer society.

Panel 7: From law enforcement fiction to future – will there be any privacy left in 2030, anyway?

Science fiction (often shortened to Sci-Fi or SF) is a genre of speculative fiction typically dealing with imaginative concepts. Its readers are trained to anticipate the unexpected, and helped to face change in a future that will radically differ from the present. Rick Deckard, RoboCop, and Judge Dredd are only few examples of science fiction’s recurring inspiration from the world of law enforcement.

According to Arthur C. Clarke: “Science fiction seldom attempts to predict the future. More often than not, it tries to prevent the future.”

Whether they try to predict the future or prevent it from happening, the speakers of this panel are among the brightest visionaries. They will exchange views with one of the world’s most famous and influential privacy activists. 


Daniel Drewer is the Data Protection Officer and Head of the Data Protection Unit at Europol. He joined the Legal Service at Europol in 2003. He went on to become Confidentiality Officer with responsibility in the area of data security. In 2007 he became Head of the Information Integrity Unit. Since 2010 he fulfils the assurance function of Data Protection Officer and is the Head of Europol’s Data Protection Unit. Daniel Drewer publishes regularly in the Oxford Law Journal Computer Law & Security Review. He contributes as a speaker to international conferences and seminars on data protection. Since 2015 he champions the Europol Data Protection Experts Network (EDEN).

This conference is the next milestone of the EDEN network and Europol is proud to serve as the platform. In addition we will meet for the first time the colleagues appointed as DPO in the national forces to talk about “privacy on the ground”. We will take the opportunity to add value to the discussions on the successful implementation of the Police Directive.


Lodewijk van Zwieten joined the public prosecution service of the Netherlands in 2004 and has over 10 years of experience in criminal investigations and prosecutions of cybercrime. As National Prosecutor for cybercrime (2009-2015) he was responsible for all operations of the High Tech Crime Unit of the Dutch National Police, including such ground-breaking cases as the Bredolab takedown, the Diginotar Breach and Blackshades. From 2015 to 2018 he was seconded to Eurojust as cybercrime expert prosecutor, assisting EU Member States in their cases and working closely with Europol’s European Cybercrime Centre (EC3) and the J-CAT.


Dr. Miyashita is Associate Professor of Law, Faculty of Policy Studies, Chuo University, Tokyo, Japan. He specializes in Constitutional Law and Information Law. He served for the Office of Personal Information Protection in the Cabinet Office. He attended the OECD, APEC, APPA and Privacy Commissioners meetings as a Japanese delegate. He received Doctor in Law from Hitotsubashi University. He was a visiting scholar at Harvard Law School, Brussels Privacy Hub, Vrije Universiteit Brussel and CRIDS (Centre de Recherche Information, Droit et Société), University of Namur. He published four books on privacy and over 100 academic articles including many on privacy and data protection.

MIKA LAUHDE (Panellist)

Mika Lauhde works as Vice-President, Cyber Security & Privacy, Global PACD in Huawei Technologies Co., LTD. He leads public relations team to understand and provide insight of governments Cyber security and Privacy policy, public opinions, threads, technologies, laws, regulations, inside information, situation and trends. Previously, he worked in SSH Communications Security as VP, Government Relations and Business Development. Currently he is a member of ENISA (European Network and Information Security Agency) Permanent Stakeholder Group and Europol Cyber security and privacy adviser.

Race between LEA’s chasing cyber criminals can, and will, have collateral damages. How to protect privacy not to be one of those. What is the bigger picture globally.


Prof. Francois Pellegrini is a commissioner at the National Commission for Information Technology and Civil Liberties (CNIL), the French data protection authority. He is the Chairman of Europol Cooperation Board, and teaches informatics and law at the University of Bordeaux. He is an expert on data protection and on strategic and sustainable development issues for digital technologies.


Max Schrems is an Austrian activist and author famous for his campaigns against Facebook’s privacy violation. He is the founder and chairman of None of Your Business ( – European Center for Digital Rights, a non-profit organization based in Vienna. In 2013, age 25 Max filed complaints against Facebook Ireland Ltd with the Irish Data Protection Commissioner. He then has succeeded in his challenge against the "Safe Harbor" system at the European Court of Justice, based on the disclosures of Edward Snowden.


Kick-off meeting of EDEN Law Enforcement DPO Network (LE only) – because ‘problem solver’, ‘trust builder’ & ‘miracle worker’ are not official job titles! 

25 May 2018 not only marked the date of application of the GDPR, but also of the Police and Justice DP Directive. The Police and Justice DP Directive applies to both cross-border and national processing of data by Member States' competent authorities for law enforcement purposes. This includes the prevention, investigation, detection and prosecution of criminal offences, as well as the safeguarding and prevention of threats to public security. The Police and Justice DP Directive provides the common rules for the processing of personal data of individuals involved in criminal proceedings as suspects, victims or witnesses by taking into account the specific nature of the police and criminal justice field. The harmonisation of the data protection rules in the law enforcement sector, including rules on international transfers, will facilitate cross-border cooperation between police and judicial authorities, both within the EU and with international partners, and thus create the conditions for a more effective fight against crime. Member States were bound to adopt and publish, by 6 May 2018, the laws, regulations and administrative provisions necessary to comply with The Police and Justice DP Directive.

One of the requirements for the law enforcement authorities is to appoint Data Protection Officers. This kick-off meeting of EDEN Law Enforcement DPO Network is for law enforcement only and aims at a practical exchange of those who are already appointed or want to become problem solvers, trust builders and miracle workers - better known as Data Protection Officers!

Introductory remarks by: Christian Wiese Svanberg, Diana Alonso Blas, Daniel Drewer


22 - 23 November 2018