400+ privacy professionals gathered at Münchenbryggeriet in Stockholm for the third annual Nordic Privacy Arena in November. We look forward to seeing you again in September. More information will be published shortly.

Nordic Privacy Arena 2018:

Program (PDF)

Click here and here for photos and illustrations.


Online advertising – What’s wrong and how do we fix it? Keynote by Raegan MacDonald, head of EU public policy, Mozilla.

Ad tech and privacy – panel discussion with:

Michael Hopp, Plesner
Anna Colaps, EDPS
Per Meyerdierks, Google
Annie Ståhl, Schibsted
Daniel Westman, independent researcher and advisor

Harmonisation and supervision – panel discussion with:

Magnus Sjögren, Bisnode
Eija Warma, Castrén & Snellman
Albine Vincent, CNIL
Viljar Peep, The Estonian Ministry of Justice

Keynotes by:

  • Anne Berner, Minister of Transport and Communications (FIN)
  • Helena Haapio, Associate Professor, University of Vaasa and Contract Innovator, Lexpert (FIN)
  • JoAnn Stonier, Chief Data Officer, Mastercard worldwide (US)
  • Max Bleyleben, Managing Director and Chief Privacy Officer, SuperAwesome (UK)
  • Nicolas de Bouville, Privacy Policy Expert, Facebook (FR)
  • Sarah van Hecke, Legal Design Adviser, Houthoff (NL)
  • Raegan MacDonald, Head of EU public policy, Mozilla (US)
  • Robert Bond, Partner at Bristows (UK)

Speakers, panelists and moderators:

  • Albine Vincent, Head of data protection officers department, CNIL (FR)
  • Alli Abdulla, Lawyer, the Swedish Data Protection Authority (SWE)
  • Anna Colaps, Policy Assistant to the Supervisor, EDPS
  • Anna-Karin Strömqvist, Senior legal and policy counsel, Swedish Trade Federation (SWE)
  • Annie Ståhl, Head of Business Operations, Schibstedt Media (SWE)
  • Caroline Olstedt Carlström, Partner, Lindahl, Chair of The Swedish Data Protection Forum (SWE)
  • Daniel Westman, Independent legal advisor and researcher (SWE)
  • Durgesh Gupta, Global head of database and infrastructure program management, Nasdaq (US)
  • Eija Warma, Partner, Castren & Snellman (FIN)
  • Erik Dahlberg, Economic Adviser, the National Board of Trade Sweden (SWE)
  • Eva Jarbekk, Partner, Schjødt (NO)
  • Filip Johnssén, Klarna, vice chair, The Swedish Data Protection Forum (SWE)
  • Francesca Lagioia, Postdoctoral Fellow, European University Institute, Florence (ITL)
  • Georg Philip Krog, Co-founder & Chief Data Protection & Privacy Officer, Signatu (NO)
  • Hans Hedbom, Karlstad University (SWE)
  • Helena Silling, DPO, Qliro Group (SWE)
  • Henrik Bengtsson, Partner, Delphi (SWE)
  • Henrik Rubæk Jørgensen, Chief Privacy Officer, LEO Pharma (DK)
  • Heikki Tolvanen, Chief Legal Engineer, PrivacyAnt (FIN)
  • Jacob Dexe, Researcher in Public Policy and ICT at RISE SICS (SWE)
  • Johan Thörn, Senior Associate, DLA Piper (SWE)
  • Johan Wullt, Head of Press at The European Commission’s Representation in Stockholm (SWE)
  • Josefin Grauers, Legal advisor and insurance law expert, SEB (SWE)
  • Karl Fredrik Björklund, Partner, Carler and Vice Chair of The Swedish Data Protection Forum (SWE)
  • Lars Frösslund, Senior Advisor, Frösslund & Far (SWE)
  • Leena Kuusniemi, Legal Adviser, Leegal Oy (FIN)
  • Lena Lindgren Schelin, Director, The Swedish Data Protection Authority (SWE)
  • Magnus Sjögren, Group General Counsel, Bisnode (SWE)
  • Magnus Sundqvist, Head of Digital Services, Synch (SWE)
  • Maria Holmström Mellberg, Partner, Lindahl and Vice Chair, The Swedish Data Protection Forum (SWE)
  • Michael Hopp, Partner, Plesner law firm (DK)
  • Michael Kallens, Associate General Counsel, Nasdaq (US)
  • Michaela Angonius, Group DPO, Telia Company (SWE)
  • Nadia Arnaboldi, Coordinator of the Scientific Committee, ASSO DPO (ITA)
  • Pekka Lampelto, CEO, Privacy Ant (FIN)
  • Per Meyerdierks, Senior Privacy Counsel, Google (GER)
  • Rula Sayaf, Senior consultant in information security, privacy and AI, Capco (BEL)
  • Sinan Akdag, Digital Expert, Swedish Consumers’ Association (SWE)
  • Steinunn Birna Magnusdottir, Lawyer, The Icelandic Data Protection Authority (ISL)
  • Stewart Dresner, Chief Executive, Privacy Laws & Business (UK)
  • Tobias Bräutigam, Senior Counsel, Bird & Bird (FIN)
  • Viljar Peep, Vice-Chancellor of the Estonian Ministry of Justice (EST)

Dinner speaker: Aral Balkan, Cyborg rights activist and Founder of Ind.ie (UK)

Key topics:

  • The DPO role and the job market – trends and opportunities
  • Data breach reporting
  • Ad tech
  • Children, advertising and privacy
  • Legal design for privacy pros
  • Privacy enhancing technologies
  • The future of loyalty schemes
  • Litigating privacy cases
  • Data transfers
  • Data protection impact assessments
  • Consumer attitudes towards data processing
  • Health data
  • Harmonisation, supervision and sanctions
  • Taming the online platforms – reforms on the horizon?
  • Information security and standardisation
  • Privacy and data governance
  • Six months with the GDPR – and the year ahead


Monday 12 November

08:00-09-00 Registration and coffee
Don’t forget your tickets – we can check you in without them but providing a ticket with a QR code will help us keep queues at a minimum. Note that breakfast will not be served.

09:00-09:10  Welcome
Caroline Olstedt Carlström, The Swedish Data Protection Forum and Lindahl
Practical information, and a warm welcome to the third installment of Nordic Privacy Arena.

09:10-09:40 Six months with the GDPR
Stewart Dresner, Privacy Laws & Business

Eija Warma, Castrén & Snellman
Eva Jarbekk, Sjødt
Lena Lindgren Schelin, The Swedish Data Protection Authority
Michaela Angonius, Telia Company

Legislators promised harmonisation within the EU, more control over personal data for individuals, increased transparency and cost savings for businesses. Have these goals been achieved? Representatives from law firms, businesses and data protection authorities discuss their experiences after the first six months with the GDPR.

09:40-10:00 Now what?
Keynote speaker: Sarah van Hecke, Houthoff

Who has actually read any of the e-mails that were sent out to consumers around the 25th of May 2018? Sarah van Hecke, legal design advisor at Dutch law firm Houthoff, on the aspect of behavioural design. Having your policies in place is great, but what’s the value if behavior is lacking behind?


10:30-11:00 From compliance to Progressive Data Protection – How to Promote Privacy and Innovation
Keynote speaker: Anne Berner, Minister of Communications, Finland

11:00-11:30 Harmonisation and supervision
Moderator: Magnus Sjögren, Bisnode

Eija Warma, Castrén & Snellman
Albine Vincent, CNIL
Viljar Peep, The Estonian Ministry of Justice

How do companies and legal advisers perceive the work carried out by various data protection authorities throughout the EU? Are there differences in means and approaches?

11:35-12:00 We need to talk about online advertising – What’s wrong and how do we fix it?
Keynote speaker: Raegan MacDonald, Mozilla

Advertising is the dominant business model of the internet today, and it has fueled the development of a range of quality user-focused products and services. However, the ecosystem that underpins it is unwell. Today, the online advertising ecosystem is defined by pervasive cross-site tracking, ad fraud and data leakage, and acute centralisation.

In 2018, we are starting to see the real impacts of this unsustainable approach. Citizens’ trust in the internet is at an all-time low, epitomised through statements such as “if you’re not paying, then you’re the product’. While online advertising is not a problem in and of itself, something about the ecosystem needs to change.

Luckily, we can envisage a sustainable, healthy internet ecosystem, where advertising-based online business models and user trust are not traded off against each other. A mix of technological innovation (e.g. smart tracking protection), legislation (e.g. the GDPR), and brand pressure can address some of the chronic issues that are leading users to install ad blockers in record numbers. This keynote will kick off that conversation.

Sponsor: DataGuidance

13:00-13:30 Transparency and control
Keynote speaker: Nicolas de Bouville, Facebook

13:30-14:00 Ad tech and privacy
Moderator: Michael Hopp, Plesner
Anna Colaps, EDPS
Annie Ståhl, Schibsted Media
Daniel Westman, Independent legal advisor and researcher
Per Meyerdierks, Google

We discuss the issues outlined by Nicolas de Bouville and Raegan MacDonald in their respective keynotes, and how companies such as Schibsted have approached advertising and tracking in the light of the GDPR.


14:20-14:50 Consumer attitudes towards data processing
Moderator:Michaela Angonius, Telia Company
Helena Silling, Qliro Group
Jacob Dexe, RISE SICS
Sinan Akdag, Swedish Consumers’ Association

To what extent do consumers understand and exercise their “new” rights? Has consumer behaviour changed, and if so – how does this affect businesses and privacy departments? Is further information and education needed, and if so – who is responsible for this? Researchers Jacob Dexe and Jonas Ledendal discuss the GDPR from the consumer’s point of view with Michaela Angonius (Telia Company) and Sinan Akdag (The Swedish Consumers’ Association).

14:50-15:20 Data Transfers post GDPR and Brexit
Keynote speaker: Robert Bond, Bristows

Robert Bond gives us an update on the current state of international data transfers, and on Privacy Shield and Brexit as well as the expanding privacy regulations in jurisdictions such as California, Japan, China, India and Brazil.

15:20-15:40 Data transfers post GDPR, Brexit and the “Fifth freedom”
Moderator:Michaela Angonius, Telia Company

Erik Dahlberg, National Board of Trade Sweden
Leena Kuusniemi, Leegal Oy
Johan Wullt, The European Commission Representation in Stockholm
Robert Bond, Bristows

A discussion on the issues brought up by Mr Robert Bond in his keynote, and on the coming regulation on non-personal data.

15:40-16:00 Coffee        

16:00-16:30 Taming the online platforms
Moderator: Tobias Bräutigam, Bird & Bird

Johan Wullt, The European Commission Representation in Stockholm
Anna Colaps, EDPS
Raegan MacDonald, Mozilla

In his keynote speech at last year’s Nordic Privacy Arena, professor Marc Rotenberg discussed online disinformation, algorithmic transparency and democracy. Since then, a number of breaches and other scandals have led legislators around the world to consider their options.

The US Chamber of Commerce suggest principles along the lines of the GDPR. California has passed a consumer privacy act. New rules have been proposed and in some cases entered into force in Germany, India and China. The European Commission has drafted a code of practice on online disinformation and fake news and rules on content related to terrorism. In France, CNIL and Google are battling it out over the right to be forgotten. And in October at the Data Protection Commissioners Conference in Brussels, Apple called upon the White House for a comprehensive data privacy legislation also in the US, joined by also Google and Facebook in that request.

Is self-regulation and improved algorithms enough to manage the challenges associated with the data processing carried out by the online platforms – or are there further reforms on the horizon?

16:30-17:10 The job market for privacy pros – trends and opportunities
Moderator: Tobias Bräutigam, Bird & Bird

Nadia Arnaboldi, ASSO DPO
Anna Forsebäck, Schibsted
JoAnn Stonier, MasterCard

Last spring, the Swedish Data Protection Forum carried out the first survey on salaries and attitudes aimed at Swedish data protection specialists. We discuss the findings of this survey and a global survey recently carried out by IAPP, and the current and future job market for privacy pros.

17:10-17:15 Closing remarks
Speaker: Caroline Olstedt Carlström, Klarna and The Swedish Data Protection Forum

17:15-18:30 Drinks and networking

18:00 – 21:00 Dinner
Dinner speaker: Aral Balkan, Ind.ie


Tuesday 13 November

08:00-09:00 Registration and coffee

09:00-09:20 The future of loyalty schemes
Moderator: Caroline Olstedt Carlström, The Swedish Data Protection Forum and Lindahl

Eva Jarbekk, Sjødt
Johan Thörn, DLA Piper
Anna-Karin Strömqvist, Swedish Trade Federation

09:20-09:50 Breach reporting – how to get it right
Moderator: Caroline Olstedt Carlström, The Swedish Data Protection Forum and Lindahl

Alli Abdulla, The Swedish Data Protection Authority
Durgesh Gupta, Nasdaq
Nadia Arnaboldi, ASSO DPO

09:50-10:20 The expanding role of Privacy and Data Governance
Keynote speaker: JoAnn Stonier, Mastercard Worldwide

10:20-10:40 Coffee

10:40-11:00 Legal design for better privacy communication
Keynote speaker: Helena Haapio, University of Vaasa and Lexpert

Let’s face it: current privacy communication is not working. Most privacy notices and terms are written by lawyers for lawyers. They are too long and overly legalistic, unhelpful for the users. Legal Design seeks to change this. It is an umbrella term for merging design thinking with forward-looking legal thinking, applying human-centered design to prevent or solve legal problems. It puts the user in the center and seeks to provide better legal communications, systems, services, and solutions.

When we view our policies and terms through the users’ eyes, we can start to simplify content and how it is presented. This keynote illustrates, with examples, how legal and privacy professionals can borrow from engineers and designers the idea of design patterns: solutions to recurring problems. Well thought-out design solutions and design pattern libraries already exist that can help make policies, notices, and terms accessible to users and help them make sense of complex messages. Working together, developing and sharing new solutions, we can make privacy communication more human-centered and effective, through the use of design.

11:00-11:30 Panel discussion: User-friendly privacy policies
Moderator: Lars Frösslund

Helena Haapio, University of Vaasa and Lexpert
Georg Philip Krog, Signatu
Michael Kallens, Nasdaq

11:30-12:00 Next-gen privacy enhancing technologies
Moderator: Lars Frösslund

Francesca Lagioia, Claudette
Durgesh Gupta, Nasdaq
Heikki Tolvanen, PrivacyAnt

12:00-12:50 Lunch   

12:50-13:20 Who is protecting our children? The state of kids’ privacy online
Keynote speaker: Max Bleyleben, Managing Director and CPO, SuperAwesome

170 000 kids go online for the first time every day. SuperAwesome, one of the fastest growing tech companies in the UK, has developed tools that help children and parents control how data is used and businesses to comply with data protection laws. Managing director Max Bleyben guides us through “Zero Data” and contextual advertising, legitimate interest under “GDPR-K”, China’s new cybersecurity law and best practices for advertisers and publishers.

13:20-13:50 Children and the GDPR
Moderator: Lars Frösslund

Max Bleyleben, SuperAwesome
Leena Kuusniemi, Leegal Oy
Steinunn Birna Magnusdottir, The Icelandic Data Protection Authority
Henrik Rubæk Jørgensen, LEO Pharma

13:50-13:55 Break

13:55-14:30 Pitch session – legal design and privacy enhancing technologies
Short, to the point presentations of forward thinking legal design and reg tech solutions for increased transparency and privacy followed by a short discussion. Four minutes each. With representatives from:

The Legal Design Alliance
Privacy Ant


14:50-15:10 Health data in the insurance industry
Moderator: Karl-Fredrik Björklund, Carler and The Swedish Data Protection Forum

Rula Sayaf, Capco
Josefin Grauers, SEB

Access control is a fundamental security mechanism that mitigates unauthorised access to data. It is a key ingredient in information security and data protection compliance programmes to ensure confidentiality and integrity.

We will discuss the utilisation of access control to protect health data internally within an organisation, and externally when disseminating data to other parties. How to control access to health data and authorise only correct recipients? How to secure the electronic transportation of such data? How to legally, from a data protection point of view, technically and practically achieve and enforce access control? How to detect unauthorised access, whether by logging access to data and auditing, or performing random access tests? These questions will be tackled, and followed by an example of how insurance businesses have approached this issue — a business heavily reliant on access and sharing of health data.

15:10-15:30 How can standardisation and information security help in a GDPR context?
Speaker: Hans Hedbom, Karlstad University

There are a nummer of international ISO standards with in information security that could be of help in the GDPR area. This talk will focus on some of these standards that are either published or soon to be published and discuss to what benefit they could be used.

15:30-15:50 Data protection impact assessments and high risk data processing
Maria Holmström Mellberg, Lindahl and The Swedish Data Protection Forum
Viljar Peep, The Estonian Ministry of Justice

The identification of what constitutes high risk processing has been a much debated topic within the circles of the European Data Protection Authorities and the representatives from the member states. What is the status at the moment, and what further developments can we expect? A fireside with Maria Holmström Mellberg and Viljar Peep, one of the leading voices of the development of the current EDPB guidelines.

15:50-16:10 Coffee

16:10-16:30 Litigating privacy cases
Speaker: Henrik Bengtsson, Delphi

16:30-16:50 The year ahead
Moderator: Filip Johnssén, Klarna and The Swedish Data Protection Forum
Stewart Dresner, Privacy Laws & Business
Daniel Westman, Independent advisor and researcher
Eva Jarbekk, Schjødt

16:50-17:00 Closing remarks
Caroline Olstedt Carlström and Fredrik Svärd, The Swedish Data protection Forum



Certification training - 15 % off

We are happy to announce that Think Privacy AB will give all conference delegates a 15 % discount on the CIPP/E, CIPM and CIPT certification training held in conjunction with the Nordic Privacy Arena. All three courses are held November 14-15 – for more information and registration, click here.

General information

The Data Protection Forum is a non-profit organisation established in 2012. Currently it has five local regional communities in different counties in Sweden. The Forum regularly arranges seminars and training days. We provide the Swedish DPA and other regulators with input and give opinions on proposed legislation to the Swedish government. The board consists of ten well-reputed privacy professionals from various industries and public-sector bodies.

Graphic recording
Frida Panoussis – www.fridarit.com

Jens Reiterer – www.jensdesign.se

Get in touch
Feel free to email us suggestions and speaker pitches to info@dpforum.se.

Join the discussion at #NordicPrivacyArena

Note that all sessions will be filmed. The conference will be held entirely in English.

Highlights from Nordic Privacy Arena 2017

Nordic Privacy Arena 2017 was a massive success with around 50 speakers and nearly 300 visitors. A big thank you to everyone who made this possible from us at DP Forum.

Read more here. 

Videos from a few select keynotes and panel discussions below.

Professor Joe Cannataci, special privacy rapporteur for the United Nations, professor Marc Rotenberg, president Electronic Privacy Information Center, professor Cecilia Magnusson Sjöberg, Stockholm university, and member of the European Parliament Max Andersson on privacy legislation.

Finn Myrstad, director at the Norwegian Consumer Council, on connected toys, smartwatches, dating apps and privacy.

Panel discussion on AI, transparency and privacy with Per Meyerdierks (Google), Mikael Haglund (IBM), Rebecka Cedering Ångström (Ericsson) and Stanley Greenstein (Stockholm University).

Data protection authorities – resources, approaches and harmonization, panel discussion with Kari Laumann (The Norwegian Data Protection Authority), Paul Breitbarth (Nymity) and Hans-Olof Lindblom (The Swedish Data Protection Authority).

Safe Cities – keynote by Gemma Gordon Clavell, founder of Eticas Research and Consulting and finalist for the EU Prize for Women Innovators 2017.


Logga in

Ej medlem? Registrera dig

Återställ lösenord

Bli medlem

Medlemmar går gratis på våra seminarier och till rabatterat pris på Nordic Privacy Arena.

Studentmedlemskap upphör automatiskt efter ett år, därefter behövs ny ansökan. Ange också ert mecenatkortnr i meddelandefältet.

Ordinarie medlemskap: 1445 kr per år exklusive moms
Student: 400 kr per år inklusive moms


Go to cart