Conference held in Bergamo, October 3 / 4, on Private Enforcement Of General Data Protection: Regulation New Chances, New Challenges


(Summary of the conference by Dulce Lopes, University of Coimbra, and Massimo Foglia, University of Bergamo)

Elisabetta Bani, Viviana Molaschi and Massimo Foglia, that welcomed the participants and emphasized the importance of the subject in the currant law debate, opened the Conference, that was immediately followed by a first session chaired by Radek Strugala. In this session some general issues were discussed, detailed and exemplified such as the autonomous interpretation of GDPR concepts (Agnieszka Guzewicz, University of Wroclaw) and the international law implications of the GDPR in several subjects such as private international law and international administrative law (Dulce Lopes and Geraldo Rocha Ribeiro, University of Coimbra). Federica Persano (University of Bergamo) followed and pointed out the insufficiencies of the GDPR in what regards children that are the most vulnerable group but also the main actor in the digital era.
The Second Session chaired by Dulce Lopes, continued with a two-fold debate on Patients and Privacy, both in Italy (Massimo Foglia, University of Bergamo) and in the Czech Republic (Petr Šustek, Tomáš Holçapek, Martin Šolc, Charles University). Data concerning health and the role of consent in medical records, clinical practice and biobanks were analysed crossing EU demands with national legislations and practices, showing that clarification in some areas is a necessity. Simon Taylor (University of Paris Nanterre) ensued directing the discussion to the private enforcement of the GDPR, giving note of some recent case law in the UK on non-pecuniary losses (one of which from the day previous to the Conference, Lloyd v. Google [2019] Court of Appeal, 2 October). Discussion that was resumed by Jonas Knetsch (University Jean-Monnet of Saint-Étienne) that focused on article 82.º of the GDPR, considering it to be a directly applicable provision but whose contours are ambiguous mainly in what refers to the assessment of the amount of damages, and called for a de minimis rules
On the second day of the Conference, under the moderation of Jonas Knetsch, Radoslaw Strugala (University of Wroclaw) decomposed the segments of article 82.º, concluding that the responsibility envisaged is irrespective of fault, but stated that responsibility imposed on the controller for acts of the processor is too burdensome and may lead to over deterrence. Albert Ruda-Gonzalez (University of Girona), pointed out that big data is “the new oil” full of possibilities but also challenges and analysed the current trend towards collective redress (for instance with the Cambridge Analytica case). Shaira Thobani (University of Torino) reflected on the privacy paradox (the fact that theoretically people care about data but do few to protect it) and asked therefore which should be the role of consent in data protection and if some questions should not be considered more of a consumer type issues and not a fundamental rights one.
The last session, chaired by Simon Taylor, was devoted to specific subjects that go beyond the RGDP but that influence or are influenced by it: Pelopidas Donos (Data Protection Officer of the European Investment Bank) analysed the influence of the mirror Regulation (EU) 2018/1725 on the organisation and practices of the BEI; Marco Rizzuti (University of Florence) debated the role of the right to be forgotten in legal history and contemporary legal though, analysing relevant case law that demonstrate that this right is nor permanent nor absolute; and Luca Ballerini (University of Trieste) dwelled on the post mortem protection of personal data, not included in the protection accorded by the GDPR.
All the sessions were highly debated and a publication is envisaged in a Special Issue of the European Journal of Privacy Law and Technologies (