Privacy Research Day: Join us for a day dedicated to research on privacy and personal data protection

28 May 2026

The fifth edition of Privacy Research Day will be held on 24 June 2026, as part of the G7 Data Protection Authorities meeting hosted by the CNIL. This international event aims at bridging the gap between the academic world and regulation stakeholders. Is is intended for experts, researchers, and government administrations.

5^th Edition of the Privacy Research Day

This fifth edition is organized in conjunction with the CNIL's hosting of the G7 of Data Protection Authorities in 2026. It will thus bring together G7 member countries – France, the United States, the United Kingdom, Germany, Japan, Italy, and Canada – as well as the European Union.

Held on the eve of the G7 Data Protection and Privacy Authorities Roundtable, the Privacy Research Day serves to build bridges between researchers from all disciplines worldwide and the representatives of the attending authorities.

The event is aimed at a wide audience familiar with the challenges of privacy and personal data protection. It seeks to foster a unique international exchange between legal experts, computer scientists, economists, interface designers (UI/UX), social science researchers and regulators As interdisciplinarity is at the heart of this meeting, research work that intersects multiple fields is particularly encouraged.

Like every years, this edition is definitely international. The CNIL specifically encourages researchers and experts from G7 member countries to attend the event.

Wednesday 24 June 2026
from 9:00 AM to 6:30 PM At the CNIL and online

The event will be broadcast for free on the CNIL website in English, with French subtitles provided.

The program

9:00 AM – 9:15 AM

Introduction by Marie-Laure DENIS, President of the CNIL

9:15 AM – 10:20 AM

Panel 1: Challenges and Limits of AI Regulation

This multidisciplinary panel explores the core tensions in AI regulation, sitting at the intersection of technical challenges, political strategy, and democratic expectations of regulation. The panel will discuss the intrinsic vulnerabilities of machine learning models through a systematic analysis of data reconstruction attacks, highlighting the urgent need for metrics to address memorization risks. This technical approach will be put into perspective by a critical analysis of the discourse used by major AI players, showing how the concept of safety is sometimes used to legitimize self-regulation and dilute legal responsibilities. Finally, the panel will confront these technical and discursive approaches with the reality of citizen expectations. Together, these contributions will question the ability of regulation to transform technology and rhetoric into effective, perceptible protection of fundamental rights.

Rui WEN, Yiyong LIU, Michael BACKES, Yang ZHANG – SoK: Data Reconstruction Attacks Against Machine Learning Models: Definition, Metrics, and Benchmark, 2025
- Presented by: Rui WEN, Institute of Science Tokyo, Japan (in person, to be confirmed)
Ankolika DE, Gabriel LIMA, Yixin ZOU – What is Safety? Corporate Discourse, Power, and the Politics of Generative AI Safety, 2026
- Presented by: Ankolika DE, Pennsylvania State University, United States of America (remotely), Yixin ZOU, Max Planck Institute for Security and Privacy, Germany
Gabriel LIMA, Gustavo GIL GASIOLA, Frederike ZUFALL – Yixin ZOU, Do Citizens Agree with the EU AI Act? Public Perspectives on Risk and Regulation of AI Systems, 2026
- Presented by: Gabriel LIMA, Max Planck Institute for Security and Privacy, Germany

10:20 AM

Break

10:35 AM – 10:45 AM

Presentation on smart glasses

10:45 AM – 11:50 AM

Panel 2: Science, Automation, and Polling: New Levers for Regulation

This panel explores how academic breakthroughs and new data collection methods can transform data protection regulation. It will first emphasize the need for open, interdisciplinary regulation to keep pace with rapid technological innovation. To this end, it will examine the implementation of new tools, such as the automated detection of dark patterns and the integration of opinion polls into the work of data protection authorities. Two surveys involving European regulators will compare the promises of these tools with actual field requirements. This panel will thus examine the conditions for successful regulation supported by new methods, fostering a dialogue between law, computer science, and social sciences.

Christian GROSS, Paul FRIEDL, Louisa SPECHT-RIEMENSCHNEIDER – Embracing the Potentials of Public Polling for Data Protection, 2025
- Presented by: Christian GROSS, BFDI, Germany
Arianna ROSSI, Simon PARKIN – ''What I'm Interested in is Something that Violates the Law'': Regulatory Practitioner Views on Automated Detection of Deceptive Design Patterns, 2026
- Presented by: Arianna ROSSI, Sant’Anna School of Advanced Studies, Italia, and Simon PARKIN, Tu Delft, Netherlands
Ido SIVAN-SEVILLA, Aurelia TAMÒ-LARRIEUX, Konrad KOLLNIG, Christian FIESELER – What is Lacking in Adaptive Regulation? Systematic mapping of the gaps in the literature
- Presented by: Ido SIVAN-SEVILLA, Hebrew University of Jerusalem, Israel, (remotely), Aurelia TAMÒ-LARRIEUX, Université de Lausanne, Switzerland, and Konrad KOLLNIG, Maastricht University, Netherlands

11:50 AM – 12:50 PM

G7 Data Protection Authorities "Research" Roundtable

This session brings together several G7 data protection authorities to examine the role of academic production as a regulatory tool. Participants will present their strategies for collaborating with the research world, including project funding, hosting researchers, and dedicated liaison structures. Through concrete examples, this roundtable will illustrate how scientific findings can inform daily regulatory practice, from drafting guidelines to enforcement decisions.

12:50 PM – 2:00 PM

Lunch Break

2:00 PM – 3:05 PM

Panel 3: Challenges of Tracking and Personal Data Exploitation

This interdisciplinary panel sheds light on the techniques used to track users – often without their knowledge – and how this tracking data is monetized and reused, particularly for telemarketing. A first paper will demonstrate how certain actors bypass Android protections to better track users. An investigation into the "lead marketing" ecosystem will allow the panel to trace the complete data lifecycle, from initial collection on the web to resale on opaque marketplaces. Finally, the panel will look at the feasibility of transposing the Global Privacy Control (deployed in California to opt out of data sales) to the European context. By crossing different sectors and regions, this panel offers a comprehensive overview of the challenges that tracking and data brokerage pose to privacy regulation.

Yash VEKARIA, Nurullah DEMIR, Konrad KOLLNIG, Zubair SHAFIQ – Understanding Data Collection, Brokerage, and Spam in the Lead Marketing Ecosystem, 2026
- Presented by: Zubair SHAFIQ, University of California, United States of America
Tim VLUMMENS, Aniketh GIRISH, Nipuna WEERASEKARA, Frederik ZUIDERVEEN BORGESIUS, Gunes ACAR, Narseo VALLINA-RODRIGUEZ – Bridges to Self: Silent Web-to-App Tracking on Mobile via Localhost, 2026
- Presented by: Tim VLUMMENS, KU Leuven, Belgium
Sebastian ZIMMECK, Harshvardhan PANDIT, Frederik ZUIDERVEEN BORGESIUS, Cristiana TEIXEIRA SANTOS, Konrad KOLLNIG, Robin BERJON – Can the GPC standard eliminate consent banners in the EU?, 2026
- Presented by: Konrad KOLLNIG, Maastricht University, Netherlands

3:05 PM – 3:25 PM

10^th CNIL-Inria Award Ceremony and presentation of the winner

3:25 PM – 4:30 PM

Panel 4: Protecting Vulnerable Users

This panel examines the notion of vulnerability beyond legal and technical frameworks, exploring how platform design, psychological triggers, and socio-economic contexts can place individuals in vulnerable positions and impact their decisions. Accounts from victims of financial scams will reveal how fraudsters exploit not only technical flaws but also powerful emotional levers, particularly with audiences in precarious situations. The panel will highlight the crucial yet ambivalent role of family circles in facing these threats. However, the issue is not limited to malicious actors; using the Canadian case as an example, the panel will show how services and platforms themselves use persuasive design for mass data collection, often leaving parents of young users feeling helpless. By crossing different approaches, this panel calls for a focus on "choice architectures," affective and relational dimensions, and the power imbalances that structure the digital space.

Yue DENG, Changyang HE, Yixin ZOU, Bo LI – “Auntie, Please Don’t Fall for Those Smooth Talkers”: How Chinese Younger Family Members Safeguard Seniors from Online Fraud, 2025
- Presented by: Yue DENG, Hong Kong University of Science and Technology (remotely), and Yixin ZOU, Max Planck Institute for Security and Privacy, Germany
Amelia HASSOUN, Jake CHANENSON, Tara MATTHEWS, Sunny CONSOLVO, Patrick GAGE KELLEY, Jessica MCCLEARN, Sarah MEIKLEJOHN, Abhishek ROY, Renee SHELBY, Kurt THOMAS – “It didn’t feel right but I needed a job so desperately”: Understanding People’s Emotions & Help Needs During Financial Scams, 2026
- Presented by: Sunny CONSOLVO, Google, United States of America
Maude BONENFANT, Thomas BURELLI – Jeu dangereux : la protection de la vie privée des enfants de moins de 13 ans dans les jeux mobiles, 2025
- Presented by : Maude BONENFANT, Université du Québec à Montréal (UQAM), Canada

4:30 PM

Break

4:45 PM – 5:00 PM

EDPS Keynote : “Tech Sonar” and “Tech Dispatch”

5:00 PM – 6:05 PM

Panel 5: From Theory to Implementation of Privacy-Enhancing Technologies (PETs)

This panel explores the scaling of Privacy-Enhancing Technologies (PETs) and the technical and social challenges surrounding their adoption. Before any deployment, the question of robustness arises. Focusing on differential privacy (a technique that adds statistical "noise" to prevent re-identification), the panel will explore tools that allow developers or regulators to detect malfunctions that limit privacy guarantees. While it limits the risk of breach, differential privacy also carries its own risks to civil liberties; through the American case, the panel will study how its implementation can introduce distortions harmful to marginalized populations. Finally, a Singaporean example will help demonstrate how academic research in PETs can be translated and transposed for use in practical regulation, particularly in AI.

Kwok-Yan LAM, Adeline TUNG, Xiangning WANG, Lee CHEIN INN, Linru ZHANG, Khalid AHMAD – Advancing Privacy-Enhancing Technologies for AI through Translational Research in Singapore, 2025
- Presented by: Adeline TUNG, PDPC, Singapore
Tamalika MUKHERJEE – Equitable Differential Privacy, 2024
- Presented by: Tamalika MUKHERJEE, Planck Institute for Security and Privacy, Germany
Aurélien BELLET, David ERB, Tudor CEBERE, Damien DESFONTAINES, Jack FITZSIMONS – Privacy in Theory, Bugs in Practice: Grey-Box Auditing of Differential Privacy Libraries, 2026
- Presented by: David Erb, Inria, France