Annual Privacy Forum (APF) 2025

Data Protection and Privacy in the Era of Technological Innovation

The Annual Privacy Forum 2025 takes place in Frankfurt am Main, Germany, organized by Goethe University Frankfurt, Karlstad University, and RSA Conference with active participation from the European Union Agency for Cybersecurity (ENISA), European Data Protection Supervisor (EDPS), and the European Cybersecurity Competence Centre and Network (ECCC). This premier academic and policy forum examines critical challenges in personal data protection and privacy as innovative technologies and business models continue to outpace legislative frameworks.

Forum Focus

The EU legal framework on personal data protection plays a key role in controlling personal data processing while ensuring adequate protection levels. However, even comprehensive legislative efforts struggle to match the pace of technological innovation and evolving business models that challenge how personal data is processed and privacy is protected across the EU and beyond. Against this background, APF 2025 brings together an interdisciplinary community to examine what is at stake and identify the origins of threats to data protection and privacy.

Call for Papers

APF 2025 invites papers presenting original work on data protection and privacy themes and their repercussions on technology, business, government, law, society, policy, and law enforcement. The forum seeks an interdisciplinary approach to bridge the gap between research, business models, and policy while proposing new models and interpretations. Submissions are welcome from researchers, academia, policymakers, implementers, data protection authorities, industry professionals, consultants, NGOs, and civil society representatives.

Full research papers must contain genuine content without overlap with previously published work, while opinion papers should reflect the author's perspectives. Submissions can be up to 8,000 words, excluding bibliography and well-marked appendices. Submissions can be made through EasyChair at the conference website.

Key Topics

The forum addresses critical areas in data protection and privacy:

• Technical Implementation: Data Protection by Design and Default, privacy enhancing technologies, anonymisation and pseudonymisation techniques
• Engineering and Standards: State of the art in privacy and data protection engineering, data portability and standardization
• Risk Management: Privacy risk management, impact assessments (DPIA, FRIA), personal data breaches
• Governance Frameworks: Data protection policies, trust management and accountability, certification and auditing
• Rights and Transparency: Consent management, data subject rights, transparency and intervenability
• Economic Aspects: Economics of privacy and personal data, data intermediaries and custodianship
• Regulatory Compliance: GDPR and ePrivacy implementation, EU Data Strategy (Data Act, Data Governance Act, Digital Services Act)
• Cybersecurity Integration: Privacy and data protection in EU cybersecurity policy and law (NIS2, DORA, Cyber Resilience Act)
• Emerging Technologies: AI and federated learning, 5G+ and 6G networks, Internet of Things, metaverse applications
• Digital Identity: EU Digital Identity Wallets, self-sovereign identity management concepts
• Vulnerable Populations: Data protection for vulnerable groups including child protection

What to Expect

This forum provides a platform for examining how data protection and privacy evolve alongside technological advancement and regulatory development. Participants will engage with cutting-edge research, policy discussions, and practical implementation challenges while contributing to the interdisciplinary dialogue necessary for effective data protection in rapidly changing digital environments.