On 24 January 2018, the CANVAS project hosted a panel at the 11th edition of the Computers Privacy and Data Protection Conference in Brussels (link to programme). The panel was titled: ‘My data was compromised: how am I supposed to fix it? Data breach notification and privacy’.

Personal data breaches have to be documented and in some cases notified by controllers to data protection authorities and individuals. In particular, the GDPR requires controllers to inform individuals whose data were subjected to a data breach about the likely consequences of the personal data breach and the measures taken or proposed to be taken by the controller to address the personal data breach. In preparation for the implementation of this new obligation in the EU, businesses organised many debates and even new business models have emerged. At the same time, the discussion about the actual impact on individuals’ rights and actions that they could take after receiving a notification has been on halt. In view of this background, the panel will consider the following questions:

  • How to ensure that the obligatory reporting of security breaches facilitates protection of individuals’ rights?
  • How could one evaluate risk occurring to individuals from a data breach?
  • How should damages be quantified in data breach claims?

Moderator: Esther Keymolen, Leiden University (NL)

Chair: Christian Wiese Svanberg, Danish National Police (DK)

Speakers:

  • Susan Gonscherowski, Independent Centre for Privacy Protection Schleswig-Holstein (DE)
  • Lina Jasmontaite, VUB-LSTS (BE)
  • Christiaan Alberdingk Thijm, Bureau Brandeis (NL)
  • Brian Honan, BH Consulting (IE)
  • The video of the session is going to be available after the conference.
2018/01/24: CPDP: “My data was compromised: how am I supposed to fix it? Data breach notification and privacy”