Privacy Research Day 2023: Watch the replay

16 May 2023

The CNIL will host Privacy Research Day Event on June 14th, 2023. During this multidisciplinary event, international researchers will present their work. Read the program and register (for free) to attend the event.

Privacy Research Day: a major academic conference dedicated to data protection

This conference will offer the opportunity to create bridges between researchers and regulators. During the day, expert in different fields will present their works and discuss their impact on regulation and vice-versa.

This interdisciplinary day is aimed at a broad audience who is familiar with privacy, data protection and regulation. The objective is to start a discussion between, legal experts, computer scientists, designers, researchers in social science. Researchers and experts from any field related to data protection are invited to attend and be part of the conversation.

For attendants, this is also the chance to discover innovative research: studies, tools and solutions will be presented to them which might inspire new ways of perceiving and fulfilling their missions and draw the contours of the tomorrow’s privacy.

The Privacy Research Day aims to provide the opportunity for lasting partnerships between researchers, the CNIL and other public agencies.

Watch the Replay

Morning Session


Afternoon Session


The program

9 a.m. to 9:15 a.m.

Greetings by Marie-Laure Denis, Chair of the CNIL

9:20 a.m. to 10:25 a.m.

Panel 1: Effects of regulation: between compliance and enforcement

The GDPR is celebrating its 5th anniversary. Its implementation has highlighted the complexity to adapt the same legal framework to a variety of situations. This panel will dig into to the work done by supervisory authorities to respond to local contexts and will discuss some of the effects of the regulation.

Moderator : Bertrand DU MARAIS – State Councillor and CNIL Commissioner

  • René Mahieu (Open University Netherlands) Law – Supervisory Authorities: From awareness programs to enforcement
  • Yana Dimova (KU Leuven, Belgium) – Computer science – Tracking the Evolution of Cookie-based Tracking on Facebook
  • Karel Kubicek (ETH Zurich, Switzerland) – Computer science – Compliance Effort Responses to Data Protection Statutes in Open Source Development

10:25 a.m. to 10:45 a.m.


10:45 a.m. to 11:50 a.m.

Panel 2: Inferrence and reidentification: from user expectations to real threats 

Sometimes considered as hypothetic threats, reidentification and inferrence attacks are now a reality. As we’ll see in this session, they create risks for end-user. How to avoid such attack? How does it match users fear with respect to data-protection? How do users attempt to remain anonymous? How to explain the existing threats to the users? The authors will present attacks and countermeasures and discuss user perception of some of these threats.

Moderator : Gwendal LE GRAND – Deputy Head of the European Data Protection Board (EDPB) secretariat

  • Karel Dhondt (KU Leuven, Belgium)Computer science – A Run a Day Won't Keep the Hacker Away: Inference Attacks on Endpoint Privacy Zones in Fitness Tracking Social Networks
  • Ana-Maria Cretu (Imperial College London, United Kingdom) Computer science – QuerySnout: Automating the Discovery of Attribute Inference Attacks against Query-Based Systems
  • Laurianne Trably (Université Paris Cité, France) – Sociology –  “Hiding what, from whom ?” – French adults’ perception of privacy on social networks

11:50 a.m. to 12:10 p.m.


12:10 p.m. to 1:15 p.m.

Panel 3: User Perspective: being a subject of data protection

In the last decade, users’ data protection has undeniably gained in traction. But how do data subjects themselves perceive the benefits of the GPDR on a daily basis? Similary, cookie banners have also been heavily debated, how are they perceived by the end-users? How to incorporate user research in legislations and regulation? How to integrate the large variety of users in design decisions?

Moderator : Valérie PEUGEOT – Researcher at Orange Labs, President of the Vecam association and CNIL Commissioner

  • Lin Kyi (Max Planck Institute, Germany) Design and Computer science – Investigating Deceptive Design in GDPR's Legitimate Interest
  • Sunny Consolvo (Google, USA) Media and communication – A Framework for Unifying At-Risk User Research
  • Karel Kubicek (ETH Zurich, Switzerland) – Computer science – Automating Cookie Consent and GDPR Violation Detection

1:15p.m. to 2:30 p.m.

Lunch break

2:30 p.m. to 3:50 p.m.

Panel 4: Privacy Enhancing Technologies (PETs)

Privacy Enhancing Technologies is providing effective data protection solutions. Technologies that until recently seemed purely theoretical are now being deployed widely: synthetic data, homomorphic encryption, Zero Knowledge Proof, etc. This panel will explore current and upcoming uses of these technologies and will discuss their practical and social impacts.

Moderator : Christian REIMSBACH-KOUNATZEPolicy and Economic Analyst, OECD Directorate for Science, Technology and Innovation

  • Shubham Jain (Imperial College London, United Kingdom) Computer science – “Perceptual hashing based client-side scanning: a well-intended but a flawed solution?
  • Maryline Laurent (Télécom SudParis, Institut Polytechnique de Paris, France)Computer science – PIMA: A Privacy-preserving Identity management system based on an unlinkable MAlleable signature
  • Arnaud Grivet Sébert (CEA-LIST, France) Computer science – Privacy in Federated Learning: Differential Privacy meets Homomorphic Encryption
  • Ero Balsa (Cornell University, USA) – Law Cryptography, Trust and Privacy: It’s Complicated

3:50 p.m. to 4:10 p.m.


4:10 p.m. to 5:15 p.m.

Panel 5: Artificial intelligence in practice

This panel will investigate data protection frame in AI learning. It will help better understand the way data is being collected, the incentive for people to share data as well as the way different regulations around AI are articulated. This panel will also seek what information can be inferred from an trained AI model and analyse the impact of this inference.

Moderator : Claude CASTELLUCCIA - Research Director at Inria Grenoble and CNIL Commissioner

  • Evgeniia Volkova (Université Toulouse, France) – Law – The apprehension of urban data altruism
  • Florent Guépin (Imperial College London, United Kingdom) Computer science – Correlation Inference Attacks against Machine Learning Models
  • Marvin van Bekkum (Radboud University, Netherlands)Law – Using sensitive data to prevent discrimination by artificial intelligence: Does the GDPR need a new exception?

5:15 p.m. to 5:30 p.m.

Concluding speech

Followed by a closing cocktail