Use our global calendar of privacy events to locate an event near you.
Certification Training September 22-23
Workshops September 23
Conference September 24-25
About the Workshop
Over the past decades, a multitude of security and privacy enhancing technologies has been developed and brought to considerable maturity. However, the design and engineering of such technologies often ignores the organizational context that respective technologies are to be applied in. This workshop aims to bring together engineering and organizational/behavioral scientists active in the field of security and privacy in order to facilitate a better match between those – so far – largely disconnected perspectives. It’s explicit goal is to pave the way for technical security and privacy mechanisms and systems that match organizational needs and givens better than current ones.
Call for Papers
Over the past decades, a multitude of security and privacy enhancing technologies has been developed and brought to considerable maturity. However, the design and engineering of such technologies often ignores the organizational context that respective technologies are to be applied in. A large and hierarchical organization, for example, calls for significantly different security and privacy practices and respective technologies than an agile, small startup. Similarly, whenever employees’ behavior plays a significant role for the ultimate level of security and privacy provided, their individual interests and incentives as well as typical behavioral patterns must be taken into account and materialized in concrete technical solutions and practices. Even though research on security- and privacy-related technologies increasingly takes into account questions of practical applicability in realistic scenarios, respective approaches are typically still rooted in the technical domain alone, motivated by technical givens and constraints from the practice.
On the other hand, a substantial body of organization-related security and privacy research already exists, incorporating aspects like decision and governance structures, individual interests and incentives of employees, organizational roles and procedures, organizational as well as national culture, or business models and organizational goals. Nonetheless, these research activities are only seldomly translated into concrete technical mechanisms, frameworks, and systems.
This disconnection between rather technical and rather organization-related security and privacy research leaves substantial room for improving the fit between concrete technologies on the one and organizational practices on the other hand. Achieving a better fit between these two sides through security and privacy technologies that soundly incorporate organizational and behavioral theories and practices promises substantial benefits for organizations and data subjects, engineers, policy makers, and society as a whole.
The aim of this workshop is therefore to discuss, exchange, and develop ideas and questions regarding the design and engineering of technical security and privacy mechanisms with particular reference to organizational contexts. We invite papers from researchers and practitioners working in security- and privacy-related systems engineering as well as in the field of organizational science to submit their original papers to this workshop. Topics of interest include, but are not limited to:
- Security and privacy technologies consciously addressing different organizational structures
- Security and privacy technologies and individual behavior
- Security and privacy technologies and organizational / national cultures
- Security and privacy technologies for and in unusual organizational settings
- Engineering methods, frameworks, and assessment approaches for addressing the above subjects in novel ways
We particularly welcome papers explicitly translating findings and insights from organizational and behavioral theory into the concrete design and engineering of technical security and privacy mechanisms as well as papers evaluating, assessing, or scrutinizing existing security and privacy technologies against actual organizational and behavioral theories and/or givens from the practice. Papers without relation to concrete technologies are, however, not excluded in general.
Types of Papers
Besides regular (max. 16 pages) and short (max. 8 pages) papers, we also invite practical demonstrations, intermediate reports, and mini-tutorials on respective technologies currently under development. Such contributions should be consciously tailored to inspire more in-depth discussions. Submissions falling under this category should describe the proposed contribution to the workshop in no more than 4 pages and be explicitly marked as such during the submission process.
Accepted papers will be published in a joint LNCS proceedings together with two other ESORICS workshops. Additional publication opportunities for extended papers in a special issue of an Open Access Journal are discussed.
Authors of accepted papers must guarantee that their papers will be presented at the workshop. At least one author must register.
Submissions must be done via EasyChair at https://easychair.org/conferences/?conf=spose2019 (see also https://easychair.org/cfp/SPOSE2019). Submissions must be formatted according to the LNCS-Template.
Important dates (might be subject to change, depending on publication constraints)
- Submission deadline:
June 14, 2019extended to June 28, 2019 (23:59 CEST)
- Review deadline: July 19, 2019
- Notification to authors: July 26, 2019
- Camera-ready versions: August 16, 2019
- Workshop: September 26 or 27, 2019
Launched in 2016, AI Now’s annual Symposium brings together leading experts from industry, academia, civil society, and government to discuss the biggest challenges we face as AI moves further into our everyday lives.
The Symposium is free and open to the public and tickets will be made available this Summer through AI Now’s website.
For now, just take a minute to save the date on your calendar!
The Future of the COPPA Rule: An FTC Workshop will examine whether to update the COPPA Rule in light of evolving business practices in the online children’s marketplace, including the increased use of Internet of Things devices, social media, educational technology, and general audience platforms hosting third-party child-directed content. The COPPA Rule, which was enacted in 2000 and updated in 2013, requires certain Web site operators to obtain parental consent before collecting, using, or disclosing personal information from children under 13. Workshop topics will include:
- How the development of new technologies or business models, the evolving nature of privacy harms, and changes in the way parents and children use websites and online services, affect children’s privacy today;
- How the Rule should address parental consent for education technology vendors that collect personal information consented to by schools, following on discussions that occurred during the FTC’s Student Privacy and Ed Tech workshop in December 2017;
- Whether the Rule should include a specific exception to parental consent for audio files containing a child’s voice that website operators collect and then promptly delete;
- Whether the Rule should permit general audience platforms to rebut the presumption that all users of child-directed content are children, and if so, under what circumstances;
- Whether the revisions to the Rule made in 2013 have worked as intended or require modification; and
- Whether the Rule should be amended to better address websites and online services that do not include traditionally child-oriented activities, but that have large numbers of child users.
For a more detailed list of topics, see the Commission’s request for public comment on the COPPA Rule
The International Conference of Data Protection and Privacy Commissioners (ICDPPC) will hold its 41st annual meeting in Tirana, Albania in October 2019, announced John Edwards, Chair of the ICDPPC.
“The Conference has not previously met in the Western Balkans and we are delighted to have the opportunity to convene in Albania in two years’ time.
“As a Conference providing leadership at international level in data protection and privacy, it is appropriate to meet in a country that has transitioned to democracy and to learn from people who retain memories of the harshest communist dictatorship of Eastern Europe”, said Mr Edwards.
The event will be hosted by the Information and Data Protection Commissioner (IDP) of Albania.
The International Conference of Data Protection and Privacy Commissioners first met in 1979. It has been the premier global forum for data protection authorities for four decades. The Conference links 114 privacy and data protection authorities from across the globe.
The IDP is the independent data protection authority for Albania. It has been an accredited Conference member since 2010. More information on the IDP is available at www.idp.al.
The indicative dates of the 41st Conference are 10-13 October 2019, but these are subject to confirmation.
Selection of a host more than two years in advance has been a strategic goal for the Conference’s Executive Committee for some years, to enable hosts to have sufficient lead time to organize a major event. This has been achieved for the first time for the 2019 Conference, and is intended to become standard practice for future hosts.
Following the format of PLSC in the United States, PLSC Europe is a conference for discussing work in progress. There is no opportunity or obligation to publish connected to the conference. Our goal is simply to improve and provide support for in-progress scholarship. To do so, PLSC Europe assembles privacy law scholars as well as policy makers, practitioners and civil society experts from Europe and around the world to workshop and discuss papers. The conference is open to other than legal disciplines and values multi-disciplinary approaches.
The conference follows a format where a discussant, rather than the author, is assigned to kick off a discussion of the paper with the audience. We often pair junior scholars with senior colleagues in order to create mentorship opportunities. In the PLSC format, there are no panels or presentations by the authors. Instead, everyone is a “participant”, offering their best questions and insights to stimulate discussion on the draft scholarship.
This half day conference on Asian Data Privacy Laws and their impact on business will cover:
– The latest privacy law developments in Asia
– Significant developments expected across Asian jurisdictions
– Questions companies are asking and practical steps they are taking to adapt their operations
– Helping your company plan where to allocate resources according to your risk profile
– Data protection and privacy laws work very differently in Asia compared with Europe and North America. How do you address privacy challenges in this fast-growing region?
To what extent are the Asian laws responding to the EU Data Protection Regulation?
To what extent do the APEC Cross Border Privacy Rules have traction in the region?
In which countries should companies expect mediation to play a role?
This conference will provide you with your ideal update on privacy law developments in Asia and what may lie ahead.
The 2-day workshop will introduce you to the EuroPriSe certification scheme: You will learn about EuroPriSe criteria and procedures and train how to specify a target of evaluation (ToE) and to apply the certification criteria in the field. In addition, you will start to work on an exercise to be completed after the workshop, which is one important precondition for being admitted as a EuroPriSe Expert.
The workshop is a combination of classroom and group work and involves practical examples. You will deal with privacy use cases to apply what you have learned and to benefit from the professional exchange with other workshop participants.
Enjoy meeting other privacy professionals from around the globe and expand your professional network!
The powerful have long agreed: Poor and working people must be watched.
With the proliferation of digital monitoring and algorithmic management of gig economy and blue collar workers, it might seem like the expansion of workplace surveillance is a new trend. In reality, it is a centuries-old phenomenon that has shaped core aspects of modern privacy debates. From English Poor Laws, to the monitoring of 19th century coal miners and 20th century farmworker advocates, to contemporary efforts to track workers in the digital economy, this conference will follow the surveillance of poor and working people and those who advocate for them.
How has the myth of the untrustworthy pauper or worker transformed over time? What role has race and ethnicity played in justifying surveillance? Has this surveillance proven effective or not? How has technology normalized and propogated this surveillance? Finally, how are local communities, advocates, and artists responding to these challenges?
The Color of Surveillance addresses these questions and more, elevating the voices of working people, labor advocates, artists, and historians. The conference will take place on Thursday, November 7 in Hart Auditorium at Georgetown University Law Center, and is presented in partnership with Free Press and MediaJustice.
Stay tuned for more information on speakers, session details, and RSVPs (note: if you would like to RSVP without going through Eventbrite, please email us at [email protected]). For updates, subscribe to our newsletter.