Privacy and Data: Law and Practice (2025)
17 February 2025–18 February 2025, 9:00 am–6:00 pm
A two-day course with a cross-disciplinary approach to privacy, data protection and data security.
Event Information
Open to
- All
Organiser
-
UCL Laws Events
Location
-
Hong Kong Alumni Room, UCL Faculty of LawsBentham House, Endsleigh GardensLondonWC1H 0EG
About this course
For the ninth year in succession, the Institute of Brand and Innovation Law’s highly regarded, privacy and data course will be held at the Faculty of Laws on 17th and 18th February 2025.
The course takes a cross-disciplinary approach with a combination of law and practice that is critical for taking the practical implementation of privacy, data protection and data security seriously. Some themes feature every year in the course and others are introduced in response to legal and policy developments and current events.
In 2025 our world-class speakers will address the following topics:
- The Forum Internum: The freedom to think
- Privacy, Reputation and the Public Interest
- Whistleblowing
- Data Broking
- Investigatory Powers Legislation
- Calling Big Tech to account: A US Update
- Personal Data and International Security
- AI Legislation
- The Regulation of Personal Data & Data Transfers:
- Privacy International Current Cases
- Biometric Data & its Governance
- Ad Sales
Places are limited so early booking is advised
- The Programme
DAY 1 – 17 February 2025
09:00 Introduction
Speaker: Professor Amanda Harcourt, UCL09:45 Session 1: The Forum Internum: The freedom to thin.
In human rights law, the forum internum is our right to keep our own thoughts in our own minds, irrespective of what these thoughts might be or whomever they might upset or enrage. How has this concept developed and to what extent is it being eroded by today’s technologies and government policies?
Speaker: Louise Hooper, Garden Court Chambers10:45 Session 2: Privacy, Reputation and the Public Interest
An overview of current and developing case law governing celebrity, personal privacy, the press and other mainstream media.
Speaker: Andy Lee, Partner, Brandsmiths LLP11:45 Refreshment break
12.00 Session 3: Whistleblowing
While organisations might prefer that their wrongdoings be kept secret, often it can be exposed to the disinfectant effect of sunlight. Such revelations in the public interest are permitted and most people are protected by law if they make such a qualifying disclosure. Who is protected and to what extent?
Speaker: tbc13.00 Lunch Break
14.00 Session 4: Data Broking
An examination of the methods by which private companies make profits by collecting the public’s personal data, from both public sources and private sources, and selling and licensing our data to third parties for a host of uses.
Speaker: Professor Amanda Harcourt, UCL15.00 Session 5: Investigatory Powers Legislation
This session will introduce students to the key themes of the recently-amended Investigatory Powers Act 2016, from the perspective of a telecommunications operator potentially facing obligations under it, and give practical tips on what one might do if one is on the receiving end of a request for assistance.
Speaker: Neil Brown, decoded.legal16:00 Refreshment break
16.15 Session 6: Calling Big Tech to account: A US Update
Each year we receive an update from a US-based victim rights legal practice that has made it its business to challenge through the US courts the abuses of Big Tech and powerful predators. The firm has a particular focus upon stalking, revenge porn, child sexual exploitation and similar modern crimes.
Speaker: Naomi Leeds, GA Goldberg Law, NYC17:15 Day 1 ends
DAY 2 – 18 February 2025
09:00 Session 7: Personal Data and International Security
Europol, a long-time contributor to this course, supports both EU Member States and many non-EU partner states and international organisations. Data security and accuracy is absolutely vital in Europol’s work to prevent and combat all forms of serious international and organised crime, cybercrime and terrorism.
Speaker: Daniel Drewer, Europol10:00 Session 8: AI Legislation
As AI technologies gain ground in all areas of our modern lives, governments struggle to keep up in framing a regulatory structure. This slot will review such legislative attempts across a variety of jurisdictions.
Speaker: Ashley Winton, Winton and Winton11:00 Refreshment break
11:15 Session 9: The Regulation of Personal Data & Data Transfers
In a global marketplace the rules regulating the international sharing of personal data and preventing the misuse of private information are complex. We examine current case law and the international regulatory regime that affects us all.
Speaker: Jacob O’Brien, Brandsmiths12:15 Session 10: Privacy International Current Cases
Governments and corporations are using technology to exploit us. Abuses of power can threaten our freedoms and the very things that make us human. Privacy International is a non-profit body that challenges such abuses in the courts, both domestic and international. We review their current case load, past successes and some failures.
Speaker: Dr. Ilia Siatitsa, Programme Director & Senior Legal Officer, Privacy International13.15 Lunch break
2.15 Session 11: Biometric Data & its Governance
Whether it is facial recognition systems, our fingerprints, our DNA, our voices or even our gait, all allow third parties to identify us. In some, if not most instances, this may be unexceptionable, but the use of our unique identifying characteristics should be collected, stored and used with caution. We examine the regulatory regime affecting the use of our biometric data.
Speaker: Professor Amanda Harcourt, UCL15:15 Refreshment break
15:30 Session 13: Ad Sales
The delivery of advertising and marketing has undergone a digital transformation in the last 20 years. Digital media is now at the heart of any successful campaign but brand owners and agencies are also increasingly dependent on technology platforms to control the development, delivery and targeting of digital content. How does this mysterious technology work and what contractual standards are there for the procuring and supply of ad tech and digital advertising?
Speaker: Mark Hersey, Lewis Silkin16:30 KEYNOTE:
Each year there is a keynote speaker who closes the event. The 2025 keynote speaker will be announced soonPast speakers have included the computer scientist, visual artist, computer philosophy writer, technologist & futurist, Jaron Lanier; blogger, journalist, and science fiction author Cory Doctorow; the journalist/researcher into competition policy, the philosophy of computing, behaviourism and techno-utopian cults, Andrew Orlowski and writer, actor and comedian Harry Shearer.
17:30 Course ends
- About the speakers
Neil Brown
Neil Brown is an experienced Internet, telecoms and tech solicitor, and he runs English law firm, decoded.legal. Many lawyers claim to be "cybersecurity" experts — but how many have substantial real-world experience in this area? Neil spent several years as head of privacy for the UK operating company of a global communications provider, helping to design cutting edge products and services, as well as being responsible for the privacy rights of almost 20 million communications customers. Neil has advised a major communications company’s technology security team, with experience advising on both strategic and operational risks, from network security planning and deployment and security testing strategies through to advice on dealing with in-progress cyberattacks and engaging with law enforcement. Since then, he has helped companies and in-house privacy teams protect the privacy rights of their customers, and meet their legal obligations, across the full spectrum of data protection issues. This has included substantial GDPR implementation activity, helping bring companies up to speed with the new(ish) framework, as well as day-to-day advice and guidance, and operational issues such as handling questions from customers and complaints from the UK's privacy regulator. In addition, Neil has acted as a specialist communications lawyer to a NATO cyberwarfare exercise, and he runs the Cybersecurity for Lawyers wiki (also as a Tor onion service).Daniel Drewer
Daniel is Data Protection Officer and Head of the Data Protection Function at Europol. He holds a Master of Law from the University of Hamburg and followed his further professional training at the Hanseatic Court for Intellectual Property Law, at the Data Protection Authority of the City of Hamburg, at the international corporate law firm Heuking as well as at the German Desk at Eurojust. He has worked as a contract lawyer for one of Europe’s largest advertising agencies then joined the Legal Service of Europol in 2003. He set up the Confidentiality Desk and went on to become Confidentiality Officer with responsibilities in the area of data security. He served as Secretary to the Europol Security Committee. In 2007 he was selected as Head of Unit, responsible for data protection and data security compliance in the newly established Information Integrity Unit. In 2010 the Management Board appointed him as Europol’s first ever Data Protection Officer. He is founder of the Europol Data Protection Experts Network (EDEN), a community that includes more than 800 members stemming from law enforcement, industries, academia and non-governmental organisations aiming at exploring cutting-edge topics at the intersection of law enforcement and emerging technologies. Daniel contributes as a speaker to international data protection conferences, including CPDP, IAPP and Privacy Symposium. He is co-founder of the Certification Course for Data Protection Officers at the European Institute for Public Administration (EIPA) and lecturer at the Summer schools on criminal and data protection law at the Academy for European Law (ERA). He is Senior Fellow of the European Centre on Privacy and Cybersecurity at the Law Faculty of the University Maastricht and a member of the CEPOL Expert Group on Fundamental Rights and of the AI alignment committee at Europol.Amanda Harcourt
Course convenor and chair, Amanda Harcourt is an Honorary Professor of Practice at IBIL and has been designing the course programme since its inception in 2017. Amanda has for nearly thirty years led a boutique IP law and business consultancy serving the copyright industries, predominantly advising US & European authors & performers working within the audio-visual and music industries. She recently led the litigation and the PR support teams in US federal litigation in relation to the rights in a cult film of international reputation, overseeing an historic settlement which saw the film and all associated IP rights returned to the original creators the movie studio by the movie studio. Her particular expertise is collective management of IPR. This originated in her work on behalf of Irish rock band U2 on a global audit of the band’s royalties from CMOs worldwide in relation to both authors’ and neighbouring rights administration. Later equivalent reviews were performed for other rock legends. She is currently retained by the creators of a revolutionary new software system that can read and analyse over 250 different royalty payor accounting statements and formats. The system’s unique capabilities enable the cleansing of copyright metadata and detailed identification and tracking of the copyrights’ exploitation worldwide. She had a longstanding senior consultancy role at global powerhouse Fremantle Media where, inter alia, she acted as legal gatekeeper for the global roll out of the multi-billion dollar music television sensation, Idol. She has advised on UK legislation in relation to IPR and prepared submissions to governments in both the UK and the USA on behalf of talent bodies in the film and music industries. She spent nine years as an Adjunct Professor at a US Top Tier law school, designing an ABA-accredited entertainment law syllabus and designed the UK Government’s National Skills Council Syllabus on Copyright and Related Rights.Mark Hersey
Mark Hersey is a Managing Associate in Lewis Silkin's Data, Privacy & Cyber Group. He works alongside their Digital, Commerce and Creative team on a range of data and/or privacy rich commercial and technology matters. He advises on a range of data protection and commercial matters, although he has a particular specialism in helping brands, advertising agencies and ad-tech service providers navigate data privacy issues in respect of online advertising (including programmatic and custom audience advertising) and direct marketing activities, advising on complex data sharing arrangements, and commercial contracts that have a privacy focus. He is an IAPP Certified Information Privacy Professional (Europe) and frequently deliver training and seminars to clients on the General Data Protection Regulation (GDPR) / Data Protection Act 2018 and the ePrivacy Directive / Privacy and Electronic Communications Regulations 2003 (PECR).Louise Hooper
Louise Hooper is a human rights and public law barrister at Garden Court Chambers. She contributed a chapter on AI and Human Rights in ‘The Law of Artificial Intelligence’, Hervey and Lavy, 2nd Ed, 2024. She is an expert to the Council of Europe Committee of Experts on Artificial Intelligence, Equality and Discrimination (GEC/ADI-AI). She is also frequently engaged in work on the digital dimensions of violence against women and domestic violence, reviewing legislation and practice of member states and providing training on the topic. She has worked with the Digital Futures Commission and 5Rights in the UK on EdTech and regulation and UNICEF in the Balkans on child data and digital rights in education. She was an independent gender advisor to ITFLOWS, an EU funded consortium developing migration prediction technology and is currently on the advisory board of PROBable Futures, a four-year interdisciplinary research project looking at probabilistic AI systems in Law Enforcement. She also works as an advisor assisting tech start-ups implement human rights risk assessments.Andrew Lee
Andrew Lee is an experienced litigator with boutique firm Brandsmiths which specialise in intellectual property, sport and media law. Brandsmiths act for well-known brands such as Microsoft, BMW, Rolls Royce, Missguided, Speedo and Umbro and for high profile individuals including Gordon Ramsay, Mo Farah, David Haye and others in the public eye. Andrew has extensive experience in advising clients in respect of the protection of their reputations and the protection of confidential and private information. This includes obtaining pre-publication undertakings and/or injunctions against the press, and helping clients in difficult personal situations where there is a threat by others to disclose private information. He has particular experience of dealing with problems arising on the internet such as individuals (often anonymously) posting defamatory allegations or undertaking campaigns of harassment, identifying those individuals and obtaining relief for clients.Naomi Leeds
Naomi Leeds is the lead associate at C. A. Goldberg LLP in New York, working with the firm’s founder in several of the firm’s most ambitious cases against big tech, including one case involving a suicide product sold by an online retailer, four families whose children died from fentanyl-laced pills purchased online, and A.M. v. Omegle, a platform that matches predators and children for video livestream. She’s also worked with the firm’s founder Carrie Goldberg in the case Estate of Bianca Devins v. Oneida County, in which the firm is suing the District Attorney for sharing child sexual abuse material of deceased 17 year old, Bianca Devins. Naomi work entails putting her clients back in control of their lives, which takes determination, persistence and enormous sensitivity as clients are often in a very vulnerable state. She has a unique insight into how everyday technology is weaponized, and she has proven adept at diffusing volatile abusers, and securing urgent Orders of Protection in an extremely efficient way, often advocating with the family court system to keep her clients safe.
Jacob O’Brien
Jacob O’Brien is a Partner at boutique law firm Brandsmiths, which specialises in intellectual property, sport and media law. Brandsmiths acts for well-known brands such as Microsoft, BMW, JD Sports, Speedo and Umbro, as well as for high profile individuals including Gordon Ramsay, Mo Farah and David Haye. Jacob has extensive experience advising clients in respect of their data protection obligations. As General Counsel of Missguided in 2018, Jacob worked with internal stakeholders in the build-up to the introduction of GDPR to ensure the business’s compliance with its obligations. Jacob works with clients to manage and implement data protection processes, as well as assisting with ICO investigations and complaints.Dr Ilia Siatitsa
Dr Ilia Siatitsa a human rights lawyer and author. She is currently Programme Director and Senior Legal Officer at Privacy International. She leads PI’s work on state accountability for surveillance practices and is responsible for ongoing PI legal cases. As a human rights expert, she explores the impact of new technologies on human rights beyond the right to privacy. She holds a PhD in International Law from the University of Geneva. Her book on Serious violations of human rights: On the emergence of a new special regime was published with Oxford University Press in 2022.Ashley Winton
A former computer designer, Ashley Winton leads his own specialist firm. He advises on financial regulation, encryption and export control, data protection, privacy and cyber security matters with an emphasis on Blockchain, virtual currencies, and payment systems. He advises extensively on the impact of privacy and information security law on cloud services, financial technology, telecommunications and international data transfers and has a particular focus on the intersection of competing laws, which can occur in the context of lawful interception of data, corporate investigations, government investigations or international litigation. For many years Ashley has advised the online behavioral advertising industry in Europe and has represented that industry in relation to its dealings with the European Commission, the Article 29 Working Party, the European Parliament and various national governments. Ashley is a Ponemon Institute Fellow and for many years has been the Chairman of the Data Protection Forum, the largest independent data protection group in the UK. He regularly speaks at industry and academic conferences. He was formerly a fintech and privacy Partner within the Data Group of Mishcon de Reya’s Innovation Department.- Annual Privacy Lecture
Each year the course is preceded by a public lecture on a related subject. Past speakers have included cyber security expert Mikko Hypponen and Max Schrems. The guest speaker for 2025 will be announced shortly.
- Course fees and booking
Standard fee = £800 (early bird fee until 10 December - £700)
UCL Alumni discount = £650
UCL IBIL Sponsor firms = £650
Concession Fee for Academic Institutions / NGOs / Government workers = £450
Non-UCL Students = £200Click here book your place
UCL student will be able to apply for free tickets for this course which is head in Reading Week. Details will be circulated via email in the new year 2025.What is included in the fee:
The fee includes all refrshments and lunch on both days of the course, plus electronic access to the materials presented as part of the course.Corporate Bookings:
Companies wishing to book delegates and be invoiced for the fees please email lisa.penfold@ucl.ac.uk- Queries
If you have queries about this course, please email lisa.penfold@ucl.ac.uk