The 14th Annual European Data Protection & Privacy Conference once again served as a vital platform for in-depth dialogue on the future of data protection and privacy across Europe.

 

Bringing together leading policymakers, industry executives, and over 200 in-person attendees, the conference provided a high-level forum for discussion, debate, and exchange.

This year’s edition focused on navigating the growing complexities at the intersection of privacy, security, and innovation in an increasingly data-driven world. Panel discussions explored key regulatory and technological developments, including the next phase of the GDPR, the expanding EU Digital Rulebook, AI governance, and the evolving relationship between privacy, competition law, and digital advertising.

Against this backdrop of growing regulatory complexity, the conference highlighted the importance of supporting innovation while upholding robust privacy standards. Keynote speeches from Michael McGrath, Commissioner for Democracy, Justice, the Rule of Law and Consumer Protection at the European Commission, and Anu Talus, Chair of the European Data Protection Board provided critical insights into Europe’s legislative priorities, enforcement strategies, and the evolving role of digital rights in shaping the next phase of the EU’s digital transformation.

 

‘’This conference is an opportunity to look back at the road we have traveled so far, look at what future challenges lie in our way and to explore how we can continue to strike a balance between protecting privacy and enabling the development of new technologies. At the heart of today's discussions will be an essential [question]: how can we build a digital future that respects fundamental rights, fosters trust and facilitates economic growth?’’

Anu Talus, Chair of the European Data Protection Board.

 

At a time of intense debate and accelerated regulatory change, the conference reaffirmed that data protection and privacy remain central to Europe’s digital future-anchoring innovation in trust, transparency, and accountability.

 

It is a great pleasure to join you at the 14th Data Protection and Privacy Conference to talk, of course, about data protection, the GDPR and its relationship with the expanding body of EU digital legislation. This is my first Data Protection and Privacy conference. Certainly not the last, hopefully the first of many over the coming years. 

Michael McGrath, Commissioner for Democracy, Justice, the Rule of Law and Consumer Protection, European Commission.

 

Commissioner for Democracy, Justice, the Rule of Law and Consumer Protection, Michael McGrath addresses the audience.

 

Following Ms Talus’ opening keynote, the conference began with a panel examining the GDPR and the broader EU Digital Rulebook, offering a timely reflection on the regulation seven years after its adoption. Olivier Micol (DG JUSTICE, European Commission) joined MEP Markéta Gregorová and industry representatives to assess the GDPR’s continued role as a cornerstone of individual protection in the digital age. While its enduring significance was affirmed, the discussion also candidly acknowledged the ongoing challenges in implementation, enforcement, and adaptation to emerging technologies.

 

Does the GDPR hamper innovation…? I have always said I believe in it - GDPR is not the problem. The GDPR is complicated, but if we do it in the right way, with all the guidance etc, it can also provide legal certainty, upholding our values and that is the important thing.

Hielke Hijmans, President of the Litigation Chamber - Member of the Executive Committee, Belgian Data Protection Authority.

 

Taking a more holistic view, the panel saw participants explore the EU’s evolving "digital rulebook", and how new legislative frameworks interact with core GDPR principles. Participants discussed the implications of this expanding regulatory landscape on data governance, consumer trust, and the capacity for innovation within a rapidly changing digital economy:

 

When you reopen Pandora’s box, you don't know what will come out of it. But we have to be, again, very sober, very down to earth, very pragmatic, about how to make things work. We should be looking at the mechanics and helping enforcement - guiding compliance.

Olivier Micol, Head of Unit for Data Protection, DG JUSTICE, European Commission.

 

Building on the morning’s momentum, the day’s second panel shifted focus to a critical and evolving issue: law enforcement access to personal data in the digital age. The European Commission’s Ignacio Gómez Navarro joined Chloé Berthélémy (EDRi), Lorelien Hoet (Microsoft), and other experts to discuss the e-Evidence package, its transformative impact on cross-border data access, and how it interfaces with existing instruments such as the Law Enforcement Directive (LED), the Europol Regulation, and broader EU legal frameworks.

Reflecting on the findings of the EU's High-Level Group (HLG) on access to data for effective law enforcement, Ignacio Gómez Navarro, (Security in a Digital Age, European Commission) noted: 

 

Law enforcement authorities need additional resources to perform this task. The techniques are becoming increasingly complex. So they need more skills, they need more resources to decrypt communications, to conduct digital forensics on these devices, to analyse the huge amounts of data. 

Ignacio Gómez Navarro, Team Leader, E-evidence and Cybercrime, Security in the Digital Age Unit, European Commission. 

 

Anu Talus, Chair of the EUPB, delivers her keynote address at the 14th Annual European Data Protection & Privacy Conference. 

 

In a timely fireside chat, Apple’s Gary Davis and Bianca-Ioana Marcu of the Future of Privacy Forum (FPF) discussed the future of the digital economy. As digital markets continue to evolve, the conversation delved into the complex interplay between privacy, competition, and advertising technology.

Against a backdrop of growing regulatory demands and shifting consumer expectations, the pair explored emerging challenges and approaches to achieving regulatory coherence, sustaining consumer trust, and driving innovation in an increasingly data-driven and competitive landscape. Their dialogue offered valuable insights into how companies and regulators alike can navigate the next phase of digital transformation - where privacy and innovation are not at odds, but co-dependent pillars of sustainable growth.

 

I think everybody in this room is united, I believe, by a desire to ensure that users get to make the choice and are better protected.

Gary Davis, Senior Director, Regulatory Legal, Apple.

 

Following an afternoon keynote speech from Commissioner McGrath, the focus shifted to the regulatory challenges posed by the AI revolution and its implications for data privacy. In a panel featuring Yordanka Ivanova (EU AI Office, DG CNECT), MEP Michael McNamara, and Juraj Čorba (OECD/GPAI), speakers explored the interplay between AI governance and existing frameworks such as the GDPR and the EU AI Act. Discussions addressed regulatory overlap, compliance hurdles, and the need for privacy rules to adapt - ensuring innovation can thrive while safeguarding fundamental rights.

 

Despite its [the GDPR’s] success… our key takeaway is the need for greater support to businesses, especially SMEs, in their compliance efforts, and to address this, the Commission has called on national data protection authorities and the European Data Protection Board to provide more tailor made guidance and tools to assist them.

Michael McGrath, Commissioner for Democracy, Justice, the Rule of Law and Consumer Protection, European Commission.

 

Offering a critical assessment of how privacy frameworks must adapt to ensure both innovation and fundamental rights protections, Juraj Čorba (AIGO OECD) reflected: 

 

Given our dependency on technologies from the outside world, how our rules and expectations and requirements interact in real time with requirements and expectations in the other corners of the world, and what it means to us, I think this is absolutely crucial these days.

Juraj Čorba, Co-Chair of The Global Partnership on AI and acting Chair of OECD Working Party on Governance of AI (AIGO OECD). 

 

Panel 3: Aligning Data Privacy and AI Governance - Yordanka Ivanova (DG CNECT) and Michael McNamara (MEP) in conversation with Juraj Čorba (Co-Chair, AIGO OECD); Nicolas de Bouville (META); and Rigo Van den Broeck, (Mastercard). The session was moderated by Bojana Bellamy, President of the CIPL. 

 

In the penultimate panel of the day, Maria Rautavirta, Head of Data Policy at Finland’s Ministry of Transport and Communications, joined fellow experts to explore the transformative role of technology in empowering individuals through personal data. As data grows in value within the digital economy, the discussion focused on how individuals, businesses, and regulators can harness its potential to drive innovation and tackle emerging challenges. In a data-driven world, how can technology help answer some of today’s most pressing questions? Answers were dynamic and thought-provoking. 

Bringing the 14th Annual European Data Protection & Privacy Conference to a close, the final panel explored the evolving global landscape of data protection and efforts to harmonise cross-border data flows. Titled “Bridging Borders: Towards the Interoperability and Convergence of Data Privacy Rules Worldwide?” the session offered a comprehensive look at regulatory alignment strategies that aim to balance privacy, trust, and economic growth. Irena Moozova, Deputy Director-General at DG Justice (European Commission), joined fellow experts to discuss the EU’s growing network of adequacy decisions, recent updates to Standard Contractual Clauses (SCCs), and international frameworks including the Data Free Flow with Trust (DFFT) initiative and the Cross-Border Privacy Rules (CBPR) system. Pointing to how interoperability and regulatory convergence can enhance privacy protection while ensuring seamless data flows across the world, Monika Tomczak-Górlikowska, (Prosus) highlighted reasons for optimism: 

 

The challenges remain and there's still a lot of fragmentation and a lot of complexity that companies worldwide need to deal with. But we also see signs of optimism by the ability to have access to simpler, more usable instruments and also the willingness of different stakeholders in countries globally to look at it from that interoperability lens.

Monika Tomczak-Górlikowska, Group Head of Privacy, Digital & Regulatory, Prosus. 

 

Markéta Gregorová speaks in our opening panel, titled: The GDPR and the broader EU Digital Rulebook: What does the next chapter hold for innovation and privacy? She is joined by Olivier Micol (DG JUSTICE); Hielke Hijmans (Belgian Data Protection Authority); Ilias Chantzos (Broadcom); and Maryant Fernández Pérez (BEUC). 

 

With a distinguished lineup of policymakers, regulators, industry leaders, and privacy experts, the conference provided a valuable platform for networking, knowledge-sharing, and collaboration at the forefront of data protection and privacy governance.

Forum Europe extends its sincere thanks to all attendees, speakers, and partners who contributed to the success of this year’s event. Special recognition goes to our platinum sponsors - Broadcom, META, Microsoft, Prosus, RiskRecon, and Workday - as well as to the European Commission and our media partners at MLex.

Stay connected and be the first to hear about upcoming events across your sectors of interest - including Digital Economy and Technology, Wireless Connectivity, Space and the future of global and European policy - by signing up for our email updates here.