Summary of the BvD Fall Conference 2023

We were on-site at the BvD Fall Conference in Munich on October 18th and 19th, 2023, where we had the opportunity to attend various presentations on the main theme "Next Level Privacy - Fit for the Future".
The aim was to identify and discuss potential challenges in the coming years, as well as making data protection management sustainable and keeping it manageable.

Artificial Intelligence took center stage multiple times, i.e., when Dr. h.c. Marit Hansen outlined the many areas affected by AI, such as Judicial Systems, intellectual property law/copyright, competition law, IT security, data protection, and even democracy itself. In all cases, AI serves both as attacker and defender. While artificial intelligence's ability to analyze enormous datasets can strengthen IT security, it can also be used for more effective attacks.

In the section "Future-Proof Data Protection", Dr. Gregor Rutow described the development of a data protection maturity model, which is implemented successfully at Allianz Partners to advance the global data protection level and make it quantifiable and scalable for respective companies. The approach involves using extensive yet user-friendly questionnaires with weighted factors to evaluate the maturity level of data protection implementation in each company.

Equally interesting was the joint presentation by Dr. Jens Eckhardt and Dr. h.c. Marit Hansen, who, in a conceptual model, considered risk management in data protection in the context of a duty to implement safety precautions similar to traffic safety.

Of course, perennial topics such as handling data breaches and providing information under Article 15 of the GDPR were also an integral part of the conference.

Last but not least, it was time for the special feature of the BvD Autumn Conference: The heads of the supervisory authorities of Bavaria (Michael Will) and Baden-Württemberg (Prof. Dr. Tobias Keber) answered participants' questions.
One of the highlights was a discussion on the use of CCTV camera decoys. Both panelists agreed that no personal data is processed by the dummies, and therefore, there is no need for information or a legal basis under the GDPR. However, an attendee pointed out that in Rhineland-Palatinate, a separate law actually does require informing the individuals within the theoretical "field of view" of the fake camera. The panelists and attendees further discussed how while the GDPR may not apply, the fundamental rights of the individuals concerned are nevertheless affected, since people would still feel surveillance pressure from decoys. Therefore, decoys should not be used without a careful evaluation of interests.

We appreciated the engaging presentations and discussions and look forward to participating in the BvD Fall Conference again next year!