Privacy Research Day 2025: discover the program of the 4th edition
The 4th edition of the CNIL's Privacy Research Day will be held on July 1st 2025, at the CNIL in Paris and online. This event bridges the gap between the academic world and data regulation, and is aimed at practitioners, academics, and public authorities.
Privacy Research Day: a major academic conference on data protection
The Privacy Research Day is an opportunity to build bridges between researchers from all disciplines and regulators. During the conference, experts from different fields will present their work and discuss its implications for regulation - and vice versa.
This interdisciplinary day is aimed at a wide audience familiar with privacy and data protection. Our objective is to create an exchange between legal experts, IT specialists, designers and social science researchers.
This event will also enable participants to discover innovative research: new challenges, new vulnerabilities and new solutions will be presented.
At last, the Privacy Research Day is an opportunity to create lasting partnerships between academia, the CNIL and other public bodies.
Tuesday July 1st 2025 from 9AM to 5.30PM
at the CNIL and online
You will be able to follow the event in its original version (English) or with simultaneous translation into French.
Program
Program in preparation. The names of the speakers will soon be posted online.
9 h 00 – 9 h 15
Introduction
9 h 9h15 – 10 h 20
Panel 1: User Risk Perceptions and Strategies
User perceptions play a significant role in their behavior and the strategies they employ to respond to situations. What measures do users take to protect their privacy? How can we equip diverse audiences and meet their expectations? What risks do people overestimate or underestimate? How does the perception of these risks influence their behavior and strategies?
- Christoph LUTZ (University of Lausanne, Suisse) - Visual Privacy: The Impact of Privacy Labels on Privacy Behaviors Online - Design
- Hiba LAABADLI (Duke University, États-Unis) - Exploring Security and Privacy Discourse on Twitter During the ‘Justice Pour Nahel’ Movement in France - Social sciences
- Miranda WEI (Université de Washington, États-Unis) - We’re utterly ill-prepared to deal with something like this": Teachers’ Perspectives on Student Generation of Synthetic Nonconsensual Explicit Imagery - Computer science
10 h 20 – 11 h 25
Panel 2: Protecting Data in the Age of Social Media
Social media has become a preferred means of communication, an extension of our intimate sphere, while simultaneously raising increasing distrust regarding the security of our personal information. What are users' expectations on social media? How do they perceive the protection of their data and privacy? How can researchers, particularly in the context of the Digital Services Act (DSA), use this data? What protection mechanisms should be implemented?"
- Aleksandra KOROLOVA (Princeton University, États-Unis) - Having your Privacy Cake and Eating it Too: Platform-supported Auditing of Social Media Algorithms for Public Interest – Computer science
- Kyle BEADLE (University College London, Royaume-Uni) - A Privacy Framework for Security Research Using Social Media Data – Computer science
- Alexis Shore INGBER (University of Michigan School of Information, États-Unis) - Understanding screenshot collection and sharing on messaging platforms: a privacy perspective - Social sciences
11 h 25 – 11 h 40
Break
11 h 40 – 12 h 45
Panel 3: Limits and Levers of Transnational Compliance
Despite the extraterritorial reach of regulations like the GDPR, ensuring consistent global data protection remains arduous. Varying definitions of essential terms (personal data, anonymization, PETs) constitute a major impediment. What assessment can be made of international compliance efforts? What legal levers could individuals use to exercise their rights? What are the divergences in definitions between the different concepts related to data protection technologies? How do these divergences hinder the implementation of the law?
- Michal CZERNIAWSKI (LSTS VUB, Belgique) - From the General Data Protection Regulation to the Artificial Intelligence Act: Improving Extraterritorial Enforcement Through Criminal Law - Law
- Ludovica ROBUSTELLI (Université de Nantes, France) - Guidance in anonymization: When Ambiguity Meets Privacy-Washing – Law and computer science
- Helena KASTLOVA (Princeton University, États-Unis) - Report on extraterritorial enforcement of GDPR - Law
13 h 00 – 14 h 15
Lunch break
14 h 15 – 14 h 40
Presentation of the 9th CNIL-Inria Prize and presentation of the winner
14 h 40 – 16 h 00
Panel 4: Data Protection Challenges in the AI era
Artificial intelligence systems are proliferating, offering immense potential but also risks of misuse or problematic applications. Therefore, documenting, analyzing, and auditing these systems are paramount. What specific problems are generated by the development of AI systems? What tools can be used to audit these systems and their use? How can countermeasures be developed to limit the risks these systems pose?
- Nina BARANOWSKA (Radboud University, Pays-Bas) - Equality Monitoring Protocol: using sensitive data in post-deployment monitoring of AI hiring systems (project FINDHR) - Law
- Clément LE LUDEC (Université Paris Panthéon Assas, France) - Qui rend lisibles les images ? L’intelligence artificielle au fondement d’une recomposition du travail de surveillance (Who makes images legible? Artificial intelligence at the heart of a new approach to surveillance work) – Social sciences
- Xinyue SHEN (CISPA Helmholtz Center for Information Security, Allemagne) - HateBench: Benchmarking Hate Speech Detectors on LLM-Generated Content and Hate Campaigns – Computer science
- Juliette ZACCOUR (Oxford Internet Institute, University of Oxford, Royaume-Uni) - Access Denied: Meaningful Data Access for Quantitative Algorithm Audits – Computer science
16 h 00 – 16 h 15
Break
16 h 15 – 17 h 20
Panel 5: Protecting Health Data
Because they are essential for personalized care, medical research, and improving public health systems, health data are increasingly digitized, shared, and analyzed. This digitalization opens up tremendous opportunities, but also exposes this sensitive information to new risks: cyberattacks, misuse, and confidentiality breaches.
How, then, can we reconcile the immense potential of this data with the absolute imperative of protecting patient privacy and ensuring trust? How is the health data protection framework specifically evolving? How can we inform the diverse individuals whose health data is collected? What are the perceived risks in using menstruation tracking applications, especially following the questioning of certain rights (such as the right to abortion)?
- Hiba LAABADLI (Duke University, États-Unis) - “I Deleted It After the Overturn of Roe v. Wade”: Understanding Women's Privacy Concerns Toward Period-Tracking Apps in the Post Roe v. Wade Era – Law and computer science
- Annagrazia ALTAVILLA (Espace Ethique PACA-Corse, France) - Children rights and data protection: from principles to practices in biomedical sector – Law and computer science
- Laurène ASSAILLY (Sciences Po Strasbourg, France) - Gouverner par le risque : les données de santé saisies par le droit européen (Risk-based governance: the regulation of health data by European law) - Social sciences
17 h 20 – 17 h 30
Presentation of the 1st CNIL-EHESS Prize
17 h 30
Closing words
