LIBRe @ IoT Adventure Forum 2018, Sofia

IoT Adventure Forum 2018 brings together early adopters, seasoned traditional businesses, start-ups, explorers, developers and IoT strategists eager to discover the potential of the connected world and exchange best practices and knowledge.

The Conference is organized in 6 dedicated tracks, cases studies, workshops covering the entire Internet of Things ecosystem including smart transportation and cities, developing for the IoT, connected industry, consumer IoT, IoT innovations and technologies and privacy and security; and is acompanied by Expo zone and the IoT Adventure 2018 Awards.

LIBRe Foundation partnered the organization of the Conference and Alexandra Tsvetkova, Director of the Foundation, was part of the IoT Adventure 2018 Awards Committee. Also, two of the organization's experts presented on topics in the ICT Law field.

Alexandra Tsvetkova covered 'Privacy by design: a gateway to the GDPR?'.

Even though privacy by design was enshrined as a legal obligation with the GDPR, the idea of having fundamental rights enforced and ‘hard coded’ in technology dates back to the 1980s. Despite a few decades of heated discussions and the development of numerous technical measures, privacy by design remains largely a theoretical concept.

On the one hand, this is exacerbated by the fact that technical solutions, such as privacy enhancing techniques (PETs) often reduce the right to privacy to over simplistic and often naive explanations. On the other hand, the inherent vagueness of legal provisions, required to provide the law with the necessary flexibility to address a wide range of situations, creates further challenges before the proper implementation of privacy by design.Privacy by design plays a central role in the GDPR.

It could be seen as a gateway obligation which ‘unlocks’ the potential of the regulation for data controllers. Temporally situated at the ‘design’ stage, the obligation of privacy by design is an emanation of the risk-based approach of the GDPR which runs through the very fabric of the regulation’s underlying principles enshrined in Article 5.

How should data controllers and processors approach this overarching obligation and why the ‘information security’ mindset cannot be applied here? What are the challenges and is privacy by design an attainable goal in the first place?

This session will look at the obligation of privacy by design as a gateway provision which unlocks the principles of data protection and provides a guidance on how to achieve compliance. It will look at the relationships and dependencies between privacy by design (Art. 25), data protection impact assessment (Art. 35) and the security of processing (Art. 32) as the key to understanding the rationale of the GDPR.

Ivo Emanuilov, legal expert, gave a speech on 'Data in intelligent transport: lost in the labyrinth of law?'.

Autonomous intelligent transport systems promise to deliver faster, safer and more secure means of transportation. Self-driving cars, drones and autonomous ships and trains are now powered by sophisticated artificial intelligence systems. Recent advances in machine learning driven by the exponential growth of computational power and the wide availability of data have triggered new legal and ethical concerns.

Who “owns” the data stored, processed and generated by these systems?

Who is liable for the unsafe behavior of these systems making decisions based on noisy data if we don’t know who the owner of these data is?

How to make sure these systems are safe and predictable if they are non-deterministic by definition?

As different legal frameworks applicable to data overlap and sometimes contradict each other, developers and investors face growing legal uncertainty which threatens the innovation potential of emerging technologies in safety-critical domains such as transportation. This session will look at some recent developments in machine learning, such as generative adversarial networks, and will provide insight into the legal and ethical implications of the rights on data.