Regulation and Innovation: Catalysts or Antagonists?

As digital technologies evolve at a rapid pace, the interplay between regulatory frameworks and technological innovation has become a defining challenge for privacy and identity management. Regulation seeks to protect individuals’ rights, ensure accountability, and establish norms for data use, while innovation drives new capabilities in areas such as identity verification, AI-assisted services, and decentralized systems. Papers examining whether regulation and innovation act as mutual enablers - steering technology toward ethical and human-centric outcomes - or as opposing forces that constrain progress and limit competitive potential are encouraged. On the other hand, regulation can drive innovation by posing requirements to be translated into concrete technological development. Standards play an important role in this process, however their governance framework has recently come under criticism for potentially being captured by key industry players. By exploring case studies, policy approaches, legal frameworks, and emerging technologies, the summer school will shed light on how regulation and innovation interact, and how this interaction impacts future developments in law, social sciences, and computer science.

The 21st IFIP Summer School on Privacy and Identity Management aims to facilitate the exchange of knowledge and insights from the multiple disciplines that deal with privacy, data protection, and identity management. We invite papers that present relevant research in computer science, the law, the social sciences, or other relevant fields for presentation at the summer school and possible inclusion in the proceedings that will be published by Springer.

Submission Guidelines

The research paper presentations and the workshops focus on involving students, and on encouraging the publication of high-quality, thorough research papers by students and young researchers. To this end, the School offers a three-phase review process for submitted papers. In the first phase, submissions should be abstracts of 2-4 pages. Submissions within the scope of the call are selected for presentation at the School. For accepted submissions, the full papers of up to 16 pages in length, in Springer LNCS format, are to be submitted before the Summer School, and will appear in the (unreviewed) pre-proceedings. Before the second review phase, students have time to revise their papers taking into account (and clearly highlighting the results of) the discussion that took place at the Summer School. These revised, full papers are reviewed soon after the Summer School by Programme Committee members. Based on these reviews, papers might be accepted, conditionally accepted, or rejected. Accepted and (after satisfactory revision) conditionally accepted papers will be included in the Summer School’s proceedings, which will be published by Springer.

Workshops are expected to last one or two hours and must generate short papers that recapitulate the outcome and the kinds of discussion raised in the School, for inclusion in the post-proceedings. Proposals should contain a 2-page statement summarizing the topic(s) to be discussed and the expected contributions from the audience members, e.g. responding to a questionnaire or conducting a small experiment. Proposers should indicate whether any special equipment is needed for the workshop, such as audio-visual systems or computational equipment and support.

Tutorials are expected to last 1-2 hours. Proposals should contain a 2-page summary and state the level and background required for audience members to follow the tutorial.

List of Topics

Topics of interest include, but are not limited to:

• Technical and Organisational Measures, Methods, and Tools for Privacy and Data Protection that address:
  • Transparency and information provision to data subjects
  • Intervenability and control over personal data
  • Unlinkability and anonymization, including, e.g., EU Digital Identity Wallet
  • Confidentiality in generative AI tools
  • Accuracy in AI-generated personal data
  • Integrity of generative models
  • Explainability of AI models
  • Purpose limitation in data processing
  • Evaluation and performance assessment
  • Trustworthiness and Privacy by Design
• Law, Regulation and Governance:
  • Data Protection and/or privacy implications of recent political, legal and technological developments
  • European and other legislation on data and data governance (Data Act, Data Governance Act, Digital Services Act, Digital Markets Act, eIDAS II, Artificial Intelligence Act etc.) and the planned simplification thereof (Digital Omnibus Proposal)
  • The interaction of data protection with liability regulation (product liability reform) and/or AI (AI Act)
  • Governance institutions and policy processes, and regulatory bodies at different levels (e.g., national. regional, global)
  • Data justice, data fairness and equality
  • Digital human rights and accountability in technology and data practices
  • Certification and standardisation and the interplay of standards and legislation
  • Automated compliance and regulatory technology
• Effects and Impacts (negative or positive):
  • Discriminatory effects of technology
  • Technology-enabled social profiling and social exclusion
  • Digital divides, digital dividends, data sovereignty
  • Communities, societies, cultures, and technological mediation
  • Data practices, AI, and the Global South
• Socio-Technical Perspectives:
  • Awareness, attitudes, skills, and behavior of citizens and public and private organizations
  • Approaches for diversity, non-discrimination and democratic enhancement
  • Surveillance, surveillance pressures, chilling effects
  • Critical perspectives on data practices
  • Welfare, solidarity, and care
  • Data economy and ecosystems, new business models
  • Trade-offs, tensions and conflicts between participation in digital cultures and privacy aspects
  • Historical development of data practices
  • Training, awareness, and empowerment of end-users, focusing on educating and equipping them to recognize and address privacy issues in AI effectively

Publication

Post-proceedings will be published in Springer's IFIP AICT series.

Venue

The conference will be held at KU Leuven, Belgium.