Future of EU Data Protection:Improving Governance, Enforcement and Accountability 

The EU's data protection framework, a comprehensive, and actively evolving system led by key legislation such as the General Data Protection Regulation (GDPR), the Digital Services Act, and the Artificial Intelligence (AI) Act, is seen as one of the most robust systems for protecting personal data anywhere in the world. The complex overlap of new regulations such as the AI Act and Digital Markets Act with existing ones like GDPR is a key challenge facing policymakers, however, as are the difficulty for businesses in meeting compliance obligations, the lack of resources and technical capacity for regulators to effectively enforce them, keeping pace with rapid technological changes, and ensuring public understanding and awareness of their rights.

In November 2025, the European Commission published its Digital Package designed to overhaul existing digital, data and A rules. The Commission is proposing to weaken some aspects of the GDPR and the AI Act to reduce compliance burdens and stimulate economic growth and AI development. The Commission’s proposals includes “a set of technical amendments to a large corpus of digital legislation, selected to bring immediate relief to businesses, public administrations, and citizens alike, and to stimulate competitiveness.” Key changes include making it easier for companies to use personal data for AI training without prior consent, providing clearer rules on sharing anonymised data, and updating cookie rules to reduce "consent fatigue". The UK, meanwhile, is also making changes to its data protection and AI rules to reduce burdens and encourage innovation, which has led to concerns it could be "undercutting" EU standards and risk its EU data adequacy status.

The Commission’s proposed changes have drawn significant criticism from privacy advocates who argue they amount to a "massive rollback" of digital protections and are a caving in to pressure from Big Tech and the Trump administration in the US. A coalition of 127 civil society groups and trade unions has pushed back on the European Commission’s proposed changes. The package is seen as gutting core provisions of the EU’s robust GDPR, as well as its ePrivacy Directive, Data Act and AI Act. The coalition of trade unions and civil society groups published an open letter decrying the Commission’s changes, arguing: “What is being presented as a ‘technical streamlining’ of EU digital laws is, in reality, an attempt to covertly dismantle Europe's strongest protections against digital threats. These are the protections that keep everyone’s data safe, governments accountable, protect people from having artificial intelligence (AI) systems decide their life opportunities and ultimately keep our societies free from unchecked surveillance.”

This international symposium offers an invaluable opportunity for key stakeholders in the public and private sectors to assess the latest data protection developments and their practical implications for individual privacy, the digital economy, and public security. Furthermore, the event will explore the interoperability of EU data protection rules with privacy frameworks worldwide and solutions for overcoming current incompatibilities and international pressures.

Programme