Paradise lost? Policing in the age of data protection. 3rd EDEN Conference on Data Protection in Law Enforcement.

19 - 20 September 2019
  • Conference


The aim of this conference is to explore the practical implementation of EU data protection rules within the law enforcement sector and highlight some of the challenges that data protection experts face in light of developments in policing, society as a whole, and a rapidly changing criminal environment.

The conference will bring together internationally renowned practitioners from law enforcement and security authorities with privacy experts, academics and representatives from private industry and civil society.

Who should attend?

Law enforcement officials, data protection officers, members of Europol's Data Protection Experts Network (EDEN), data protection professional in the private and public sector, lawyers and other advisers in the area of data protection and compliance, academics.

Key topics

  • Predictive policing: policy and technical measures to respect fundamental rights
  • The retention of telecommunication data – EU policy state of play and effect on criminal investigations
  • The use of open sources in investigations in the digital space
  • Data protection by design: Passenger Name Record (PNR)-data and how to build a compliant mass-surveillance system
  • The globalization of criminal evidence: The CLOUD Act and eEvidence and their effects on private business and data protection obligations
  • Cooperation with third state authorities in the law enforcement sector: what are the limits?

Register to the event

Thursday, 19 SEPTEMBER 2019

08:00 - Arrival and registration of participants

09:00 - Welcome and opening speech

Panel 1 (09:30): A take on predictive policing

“Knowledge forbidden? Suspicious, reasonless. [...] Can it be a sin to know? Can it be death?”

Prediction is a core part of policing: where should law enforcement resources be deployed to deter future crime? Where is a fugitive/suspect likely to be apprehended? Who is a potential next victim in need of protection? At the same time, there is justifiable concern over just how far to take prediction when backed by sophisticated computer analytics – when do you go too far in effectively trying and condemning an individual based only on a computer-calculated probability that a crime will be committed?

In this panel, we discuss the nuances of prediction in policing and the policy and technical measures that can help us respect fundamental rights.

10:45 - Networking coffee break

Panel 2 (11:00): Behind the scenes: The journey of the Danish National Police towards a data-driven police force

“Our torments also may in length of time Become our Elements.”

How does an organisation implement a data-driven approach?
This presentation will focus on the challenges to governance and organisation when pushing a traditionally analogue institution into the digital data-driven age.

Panel 3 (11:30): Building a mass surveillance system – the case of PNR

“Ah, why should all mankind for one man’s fault, be condemned, if guiltless?”

Since the entry into force of the EU PNR Directive in May 2018, EU law enforcement authorities have collected personal data of more than 350 million flight passengers. This information is i.a. used to identify “unknowns” – criminals, who are not yet known to law enforcement – using profiling and rules-based targeting. Critics claim that this “mass surveillance” of mostly innocent citizens violates the fundamental right to privacy.

In this debate, we explore what is arguably the most advanced example of big data analytics designed to meet the highest standards of data protection.

12:15 - Lunch

Panel 4 (13:15): Retention of telecommunication data

After having been on the agenda for more than a decade, the utility and lawfulness of retained telecommunications data is still being debated in court rooms and legislatures across Europe. Some argue that this is creating a mosaic of different national practices, hindering the transnational prevention and investigations of serious crime and terrorism. For others, this mosaic reflects a state of play where EU citizens cannot rely on their fundamental rights being equally protected in all EU member states.

In this panel, we will discuss the state of play and way forward. We explore how criminal investigations have been affected in Germany, which has severely restricted the use of communications data by the police.

14:30 - Networking coffee break

Panel 5 (14:45): Q & A with The Ethical Hacker – What is the price of privacy?

"For so I created them free and free they must remain."

Panel 6 (15:15): Using open sources while investigating in the digital space

"What is dark within me, illumine."

A stolen bike sold on Ebay – may the police save information about sellers and buyers? What about all public information on Ebay? Or what about a database of hacked Gmail-accounts which has been published on the so-called Dark Web? In this panel, we will discuss real life examples of the use of open sources in digital investigations. To what extent does data protection legislation apply to information which is already public? How can organisations like law enforcement tackle the technical obstacles of using open source information and work with large data sets?

16:30 - Closing of day one and social event

Friday, 20 September 2019

08:00 - Check-in and conference registration

Panel 7 (08:30): Privacy challenges in cross-border sharing of e-evidence

"Solitude sometimes is best society."

The globalisation of criminal evidence is creating significant challenges for law enforcement. Traditional cross-border mechanisms such as Mutual Legal Assistance Treaties are too slow and not suited to the type of evidence requested. Recently, the US and the EU Commission responded with legislation which will equip law enforcement authorities with the powers to gather data outside their territories.

This panel explores the conflicts of laws that might arise when police seek to obtain data subject to foreign jurisdictions. Specific emphasis will be placed on the consequences for private companies caught between competing jurisdictions of national data protection regulation blocking disclosure of data and legal mandates compelling them to provide personal information to foreign law enforcement authorities.

09:30 - Networking coffee break

Panel 8 (09:45): Law enforcement cooperation with third states 

Transnational crime requires transnational cooperation between law enforcement authorities both inside and outside the territory of the EU. While EU law enforcement authorities receive personal data from partners outside the EU, they are reluctant to share data with those partners. EU data protection legislation requires either an EU Commission adequacy decision or that partners guarantee essential data protection standards. However, the EU Commission has not passed any adequacy decision that includes law enforcement yet. How does this legal void affect long-standing law enforcement working relationships with essential partners in the fight against transnational crime and terrorism? How can law enforcement ensure transnational cooperation going forward?

11:00 - Closing session

11:15 - Takeaway lunch 

Closed session (12:00) – Law enforcement only


  • Everyday challenges in the life of a law enforcement DPO: workshop on the practical implementation of the Law Enforcement Directive
  • Data protection by design – the ADEP-project
  • Pro-active auditing of data processing in interoperable information systems


Courtney Bowman, Privacy and Civil Liberties Specialist, Palantir Technologies, Palo Alto

Tjabbe Bos, Policy Officer, Cybercrime Unit, DG Migration and Home Affairs, European Commission, Brussels

Daniel Drewer, Data Protection Officer, Europol, The Hague

Ralph Echemendia, “The Ethical Hacker”, Los Angeles

Nico van Ejik, Professor of Media and Telecommunications Law and Director of the Institute for Information Law, University of Amsterdam

Jan Ellermann, Senior Specialist, Data Protection Office, Europol, The Hague

fukami, Senior Security Consultant, Chaos Computer Club, Brussels

Stefano Fantin, Researcher, Catholic University Leuven

John Grant, Privacy and Civil Liberties Engineer, Palantir Technologies, Palo Alto

Peter Kimpian, Data Protection Unit, Council of Europe, Strasbourg

Hiroshi Miyashita, Associate Professor of Law, Chuo University, Tokyo

Nora Ni Loidean, Lecturer in Law and Director of the Information Law and Policy Centre, Institute of Advanced Legal Studies, University of London

Cornelia Riehle, Deputy Head of Section, European Criminal Law, ERA, Trier

Jana Ringwald, Public Prosecutor, Cybercrime Center, Frankfurt am Main Prosecutor General’s Office, Gießen

Sophie in't Veld**, MEP, Brussels/Strasbourg

Christian Wiese Svanberg, Data Protection Officer, Danish National Police, Copenhagen

*additional speakers will be added


19 - 20 September 2019