Privacy and Data: Law and Practice (2025)

09:00     Introduction
Speaker: Professor Amanda Harcourt, UCL

09:45    Session 1: The Forum Internum: The freedom to think.  
In human rights law, the forum internum is our right to keep our own thoughts in our own minds, irrespective of what these thoughts might be or whomever they might upset or enrage. How has this concept developed and to what extent is it being eroded by today’s technologies and government policies?
Speaker: Louise Hooper, Garden Court Chambers

10:45    Session 2: Privacy, Reputation and the Public Interest    
An overview of current and developing case law governing celebrity, personal privacy, the press and other mainstream media.
Speaker: Andy Lee, Partner, Brandsmiths LLP

11:45    Refreshment break

12.00    Session 3: Whistleblowing   
While organisations might prefer that their wrongdoings be kept secret, often they can be exposed to the disinfectant effect of sunlight.  Such revelations in the public interest are permitted and most people are protected by law if they make such a qualifying disclosure.  Who is protected and to what extent?
Speaker: Edward Kemp, Barrister, Matrix Chambers

13.00 Lunch Break

14.00    Session 4: Data Broking       
An examination of the methods by which private companies make profits by collecting the public’s personal data, from both public sources and private sources, and selling and licensing our data to third parties for a host of uses.
Speaker: Professor Amanda Harcourt, UCL

15.00    Session 5: Investigatory Powers Legislation       
This session will introduce students to the key themes of the recently-amended Investigatory Powers Act 2016, from the perspective of a telecommunications operator potentially facing obligations under it, and give practical tips on what one might do if one is on the receiving end of a request for assistance.
Speaker: Neil Brown, decoded.legal

16:00     Refreshment break

16.15    Session 6: Calling Big Tech to account: A US Update   
Each year we receive an update from a US-based victim rights legal practice that has made it its business to challenge through the US courts the abuses of Big Tech and powerful predators.  The firm has a particular focus upon stalking, revenge porn, child sexual exploitation and similar modern crimes.
Speaker: Naomi Leeds, GA Goldberg Law, NYC

17:15    Day 1 ends

09:00    Session 7: Personal Data and International Security   
Europol, a long-time contributor to this course, supports both EU Member States and many non-EU partner states and international organisations.  Data security and accuracy is absolutely vital in Europol’s work to prevent and combat all forms of serious international and organised crime, cybercrime and terrorism.
Speaker: Daniel Drewer, Europol

10:00    Session 8: AI Legislation   
As AI technologies gain ground in all areas of our modern lives, governments struggle to keep up in framing a regulatory structure.  This slot will review such legislative attempts across a variety of jurisdictions.
Speaker:  Ashley Winton, Winton and Winton

11:00    Refreshment break

11:15    Session 9: The Regulation of Personal Data & Data Transfers    
In a global marketplace the rules regulating the international sharing of personal data and preventing the misuse of private information are complex.    We examine current case law and the international regulatory regime that affects us all.
Speaker: Jacob O’Brien, Brandsmiths

12:15    Session 10: Privacy International Current Cases   
Governments and corporations are using technology to exploit us. Abuses of power can threaten our freedoms and the very things that make us human.  Privacy International is a non-profit body that challenges such abuses in the courts, both domestic and international.  We review their current case load, past successes and some failures.
Speaker: Ioannis Kouvakas, Senior Legal Officer and Assistant General Counsel, Privacy International

13.15    Lunch break

14.15    Session 11: Biometric Data & its Governance       
Whether it is facial recognition systems, our fingerprints, our DNA, our voices or even our gait, all allow third parties to identify us.  In some, if not most instances, this may be unexceptionable, but the use of our unique identifying characteristics should be collected, stored and used with caution.  We examine the regulatory regime affecting the use of our biometric data.
Speaker: Professor Amanda Harcourt, UCL

15:15     Refreshment break

15:30    Session 12: Ad Sales           
The delivery of advertising and marketing has undergone a digital transformation in the last 20 years. Digital media is now at the heart of any successful campaign but brand owners and agencies are also increasingly dependent on technology platforms to control the development, delivery and targeting of digital content.  How does this mysterious technology work and what contractual standards are there for the procuring and supply of ad tech and digital advertising?
Speaker: Mark Hersey, Lewis Silkin

16:30    KEYNOTE: Operational and Technical Surveillance Capabilities
Speaker: Malcolm Taylor, Blue Highway Advisory

Each year there is a keynote speaker who closes the event. Past speakers have included the computer scientist, visual artist, computer philosophy writer, technologist & futurist, Jaron Lanier; blogger, journalist, and science fiction author Cory Doctorow; the journalist/researcher into competition policy, the philosophy of computing, behaviourism and techno-utopian cults, Andrew Orlowski and writer, actor and comedian Harry Shearer.   

17:30 Course ends

Neil Brown
Neil Brown is an experienced Internet, telecoms and tech solicitor, and he runs English law firm, decoded.legal.  Many lawyers claim to be "cybersecurity" experts — but how many have substantial real-world experience in this area?  Neil spent several years as head of privacy for the UK operating company of a global communications provider, helping to design cutting edge products and services, as well as being responsible for the privacy rights of almost 20 million communications customers.  Neil has advised a major communications company’s technology security team, with experience advising on both strategic and operational risks, from network security planning and deployment and security testing strategies through to advice on dealing with in-progress cyberattacks and engaging with law enforcement. Since then, he has helped companies and in-house privacy teams protect the privacy rights of their customers, and meet their legal obligations, across the full spectrum of data protection issues. This has included substantial GDPR implementation activity, helping bring companies up to speed with the new(ish) framework, as well as day-to-day advice and guidance, and operational issues such as handling questions from customers and complaints from the UK's privacy regulator.  In addition, Neil has acted as a specialist communications lawyer to a NATO cyberwarfare exercise, and he runs the Cybersecurity for Lawyers wiki (also as a Tor onion service).

Daniel Drewer
Daniel is Data Protection Officer and Head of the Data Protection Function at Europol.  He holds a Master of Law from the University of Hamburg and followed his further professional training at the Hanseatic Court for Intellectual Property Law, at the Data Protection Authority of the City of Hamburg, at the international corporate law firm Heuking as well as at the German Desk at Eurojust. He has worked as a contract lawyer for one of Europe’s largest advertising agencies then joined the Legal Service of Europol in 2003. He set up the Confidentiality Desk and went on to become Confidentiality Officer with responsibilities in the area of data security. He served as Secretary to the Europol Security Committee. In 2007 he was selected as Head of Unit, responsible for data protection and data security compliance in the newly established Information Integrity Unit. In 2010 the Management Board appointed him as Europol’s first ever Data Protection Officer.  He is founder of the Europol Data Protection Experts Network (EDEN), a community that includes more than 800 members stemming from law enforcement, industries, academia and non-governmental organisations aiming at exploring cutting-edge topics at the intersection of law enforcement and emerging technologies. Daniel contributes as a speaker to international data protection conferences, including CPDP, IAPP and Privacy Symposium. He is co-founder of the Certification Course for Data Protection Officers at the European Institute for Public Administration (EIPA) and lecturer at the Summer schools on criminal and data protection law at the Academy for European Law (ERA).  He is Senior Fellow of the European Centre on Privacy and Cybersecurity at the Law Faculty of the University Maastricht and a member of the CEPOL Expert Group on Fundamental Rights and of the AI alignment committee at Europol.

Amanda Harcourt
Course convenor and chair, Amanda Harcourt is an Honorary Professor of Practice at IBIL and has been designing the course programme since its inception in 2017.  Amanda has for nearly thirty years led a boutique IP law and business consultancy serving the copyright industries, predominantly advising US & European authors & performers working within the audio-visual and music industries.  She recently led the litigation and the PR support teams in US federal litigation in relation to the rights in a cult film of international reputation, overseeing an historic settlement which saw the film and all associated IP rights returned to the original creators the movie studio by the movie studio.  Her particular expertise is collective management of IPR.  This originated in her work on behalf of Irish rock band U2 on a global audit of the band’s royalties from CMOs worldwide in relation to both authors’ and neighbouring rights administration.  Later equivalent reviews were performed for other rock legends. She is currently retained by the creators of a revolutionary new software system that can read and analyse over 250 different royalty payor accounting statements and formats. The system’s unique capabilities enable the cleansing of copyright metadata and detailed identification and tracking of the copyrights’ exploitation worldwide. She had a longstanding senior consultancy role at global powerhouse Fremantle Media where, inter alia, she acted as legal gatekeeper for the global roll out of the multi-billion dollar music television sensation, Idol.    She has advised on UK legislation in relation to IPR and prepared submissions to governments in both the UK and the USA on behalf of talent bodies in the film and music industries.  She spent nine years as an Adjunct Professor at a US Top Tier law school, designing an ABA-accredited entertainment law syllabus and designed the UK Government’s National Skills Council Syllabus on Copyright and Related Rights.  

Mark Hersey
Mark Hersey is a Managing Associate in Lewis Silkin's Data, Privacy & Cyber Group. He works alongside their Digital, Commerce and Creative team on a range of data and/or privacy rich commercial and technology matters.  He advises on a range of data protection and commercial matters, although he has a particular specialism in helping brands, advertising agencies and ad-tech service providers navigate data privacy issues in respect of online advertising (including programmatic and custom audience advertising) and direct marketing activities, advising on complex data sharing arrangements, and commercial contracts that have a privacy focus.  He is an IAPP Certified Information Privacy Professional (Europe) and frequently deliver training and seminars to clients on the General Data Protection Regulation (GDPR) / Data Protection Act 2018 and the ePrivacy Directive / Privacy and Electronic Communications Regulations 2003 (PECR).

Louise Hooper
Louise Hooper is a human rights and public law barrister at Garden Court Chambers.  She contributed a chapter on AI and Human Rights in ‘The Law of Artificial Intelligence’, Hervey and Lavy, 2nd Ed, 2024.   She is an expert to the Council of Europe Committee of Experts on Artificial Intelligence, Equality and Discrimination (GEC/ADI-AI).  She is also frequently engaged in work on the digital dimensions of violence against women and domestic violence, reviewing legislation and practice of member states and providing training on the topic.  She has worked with the Digital Futures Commission and 5Rights in the UK on EdTech and regulation and UNICEF in the Balkans on child data and digital rights in education. She was an independent gender advisor to ITFLOWS, an EU funded consortium developing migration prediction technology and is currently on the advisory board of PROBable Futures, a four-year interdisciplinary research project looking at probabilistic AI systems in Law Enforcement.  She also works as an advisor assisting tech start-ups implement human rights risk assessments.

Edward Kemp
Edward Kemp, from Matrix Chambers,  has a broad cross-disciplinary practice in employment and equality, private international, human rights and commercial law.  He is ranked as a leading junior in legal directories including Legal 500 UK – tier 1 for employment; Legal 500 EMEA – tier 1 for commercial disputes in the Middle East;  Chambers UK – for employment; Chambers Global – expertise based abroad for Dubai International Financial Centre (“DIFC”) and Abu Dhabi Global Market (“ADGM”) litigation in the United Arab Emirates.  In  2023, Edward was highly commended for Junior Counsel of the Year at the inaugural International Employment Lawyer Awards. He was shortlisted for Employment Junior of the Year in the Legal 500 Awards 2020.

Edward has a strong practice as both a trial and appellate lawyer. He has been instructed as sole or leading counsel in many appellate cases in the EAT and the Court of Appeal. He has also been led twice in successful appeals before the Supreme Court, having appeared as counsel at every level of court and tribunal below. Edward also has experience of drafting applications and interventions before the European Court of Human Rights.  Edward has appeared as counsel in the following domestic and overseas cases in whistleblowing law: Erhard-Jensen v Rogerson [2024] WLR (D) 452 (whistleblowing and judicial proceedings immunity of overseas body), Mahmood v Standard Chartered Bank [2021] DIFC CFI 044 (meaning of whistleblowing in DIFC law), Dobbie v Felton [2021] IRLR 679 (public interest test), Khalifa v Swift [2020] DIFC CA 005 (whistleblowing in DIFC law), Green v Sig Trading [2019] IRLR 123, CA (Article 10 ECHR and international whistleblowing).

Ioannis Kouvakas
Ioannis Kouvakas is a Senior Legal Officer and Assistant General Counsel for Privacy International (PI). He leads PI’s work on data and competition, and he also litigates before courts and regulators. Ioannis holds a law degree from the University of Athens (Greece) and an LL.M. in Human Rights Law (University College London).

Andrew Lee
Andrew Lee is an experienced litigator with boutique firm Brandsmiths which specialise in intellectual property, sport and media law. Brandsmiths act for well-known brands such as Microsoft, BMW, Rolls Royce, Missguided, Speedo and Umbro and for high profile individuals including Gordon Ramsay, Mo Farah, David Haye and others in the public eye.   Andrew has extensive experience in advising clients in respect of the protection of their reputations and the protection of confidential and private information. This includes obtaining pre-publication undertakings and/or injunctions against the press, and helping clients in difficult personal situations where there is a threat by others to disclose private information. He has particular experience of dealing with problems arising on the internet such as individuals (often anonymously) posting defamatory allegations or undertaking campaigns of harassment, identifying those individuals and obtaining relief for clients.   

Naomi Leeds
Naomi Leeds is the lead associate at C. A. Goldberg LLP in New York, working with the firm’s founder in several of the firm’s most ambitious cases against big tech, including one case involving a suicide product sold by an online retailer, four families whose children died from fentanyl-laced pills purchased online, and A.M. v. Omegle, a platform that matches predators and children for video livestream. She’s also worked with the firm’s founder Carrie Goldberg in the case Estate of Bianca Devins v. Oneida County, in which the firm is suing the District Attorney for sharing child sexual abuse material of deceased 17 year old, Bianca Devins.  Naomi work entails putting her clients back in control of their lives, which takes determination, persistence and enormous sensitivity as clients are often in a very vulnerable state. She has a unique insight into how everyday technology is weaponized, and she has proven adept at diffusing volatile abusers, and securing urgent Orders of Protection in an extremely efficient way, often advocating with the family court system to keep her clients safe.
   
Jacob O’Brien
Jacob O’Brien is a Partner at boutique law firm Brandsmiths, which specialises in intellectual property, sport and media law. Brandsmiths acts for well-known brands such as Microsoft, BMW, JD Sports, Speedo and Umbro, as well as for high profile individuals including Gordon Ramsay, Mo Farah and David Haye.  Jacob has extensive experience advising clients in respect of their data protection obligations. As General Counsel of Missguided in 2018, Jacob worked with internal stakeholders in the build-up to the introduction of GDPR to ensure the business’s compliance with its obligations. Jacob works with clients to manage and implement data protection processes, as well as assisting with ICO investigations and complaints.

Malcolm Taylor
Malcolm Taylor built his professional reputation by delivering against some of the most demanding and sensitive security challenges faced by the United Kingdom over the course of the last three decades.   He applies expansive expertise and ingenuity in all forms of information acquirement and assessment to law firms and their most needful clients, to clients facing masked adversarial attack campaigns, to non-profits, educational institutions, corporations and to individuals.

Malcolm is one of a select few British intelligence officers to have honed operational skills in Signals Intelligence (Sigint), Human Intelligence (Humint) and Open Source Intelligence (OSint). His previous roles in government included complex Counterterrorism, Serious Crime and Geo-Political analysis and operations. He served in several overseas postings during his years of government service, including in Baghdad, Iraq; Islamabad, Pakistan, and Kabul Afghanistan, where he was accountable for all UK intelligence operations for the period covering UK troop drawdown and the Afghan elections of 2014.  Malcolm left UK government service in 2016 to play a key role in building and selling a Cyber Security consultancy, before filling a senior leadership role in a successful Managed Security Service Provider (MSSP). In 2020, he took on a role leading an intelligence team of 100 analysts charged with online safety for some of the world's biggest social media companies.

Ashley Winton
A former computer designer, Ashley Winton leads his own specialist firm.  He advises on financial regulation, encryption and export control, data protection, privacy and cyber security matters with an emphasis on Blockchain, virtual currencies, and payment systems.  He advises extensively on the impact of privacy and information security law on cloud services, financial technology, telecommunications and international data transfers and has a particular focus on the intersection of competing laws, which can occur in the context of lawful interception of data, corporate investigations, government investigations or international litigation. For many years Ashley has advised the online behavioral advertising industry in Europe and has represented that industry in relation to its dealings with the European Commission, the Article 29 Working Party, the European Parliament and various national governments.  Ashley is a Ponemon Institute Fellow and for many years has been the Chairman of the Data Protection Forum, the largest independent data protection group in the UK. He regularly speaks at industry and academic conferences.  He was formerly a fintech and privacy Partner within the Data Group of Mishcon de Reya’s Innovation Department.

Each year the course is preceded by a public lecture on a related subject.  Past speakers have included cyber security expert Mikko Hypponen and Max Schrems.  The guest speaker for 2025 will be announced shortly.

Standard fee = £800 (early bird fee until 10 December - £700)
UCL Alumni discount = £650
UCL IBIL Sponsor firms = £650
Concession Fee for Academic Institutions / NGOs / Government workers = £450
Non-UCL Students = £200

Click here book your place

UCL student will be able to apply for free tickets for this course which is head in Reading Week. Details will be circulated via email in the new year 2025.

What is included in the fee:
The fee includes all refrshments and lunch on both days of the course, plus electronic access to the materials presented as part of the course.

Corporate Bookings:
Companies wishing to book delegates and be invoiced for the fees please email lisa.penfold@ucl.ac.uk

If you have queries about this course, please email lisa.penfold@ucl.ac.uk