About the Conference

Demonstrating compliance of privacy law (including GDPR in information sharing or data processing) remains difficult for organisations today. It involves multiple stakeholders, including software engineers, policy makers and business owners. Despite a nascent data protection engineering discipline, comprehensive privacy engineering standards (such as the OASIS Privacy Management Reference Model, NIST's Privacy Framework, MITRE's Privacy Engineering Framework), the necessary tools have not been available to support the design and implementation of integrated technical functionality necessary for systemic data protection assurance. Chains of systems, data flows and repositories, with heterogeneous data manage-ment, with sometimes incompatible practices and non-standardised data protection controls present huge challenges to organisations attempting to meet their real-time data protection obligations for business applications as well as visibility into their own data protection systems.

This workshop brings together software engineers, policy makers, lawyers, practitioners, technologists and independent data protection/privacy experts from industry, standards communities, regulators, government, and academia to share lessons learnt about data protection, discuss how to address challenges in today's society from a multistakeholder perspective. In this workshop, we hope to bring together new insights on the state of the art in real-time data protection service delivery, by identifying clear gaps common across various stakeholders that need to be filled, and promising industry and research initia-tives attempting to build solutions to hard problems.

The workshop will include expert presentations, panels, poster sessions and technical demonstrations addressing such issues as: privacy engineering, run-time compliance monitoring, means and methods to go from law to code. We will invite several panels but also encourage submissions for presentations and posters.

Day 1 agenda: 

  • Reviewing the problem statement.
  • State of the art review:
    -Presentations outlining lessons learnt from industry, government and academia.
    -Poster session - showing the state of the art in research.
  • Identify capability and capacity gaps across various sectors and use cases from multi-panel, multi-stakeholder discussions. 

Day 2 agenda: 

  • Identify possible solutions (both planned and in development now) across various sectors from multi-panel, multi-stakeholder discussions.
    Discuss feasibility of proposed solutions and their testability.
    Identify approaches for collaboration and fora going forward.


University of Oxford

The Department of Computer Science, University of Oxford has one of the longest-established Computer Science departments in the country. Formerly known as the Oxford University Computing Laboratory, it is home to a community of world-class research and teaching. Research activities encompass core Computer Science, as well as computational biology, quantum computing, computational linguistics, information systems, software verification and software engineering. The department is home to undergraduates, full-time and part-time Master's students, and has a strong doctoral programme. Read more.

OASIS Open Standards Consortium

OASIS is a nonprofit consortium that drives the development, convergence and adoption of open standards for the global information society. 

OASIS promotes industry consensus and produces worldwide standards for security, Internet of Things, cloud computing,  energy, content technologies, emergency management, and other areas. OASIS open standards offer the potential to lower cost, stimulate innovation, grow global markets, and protect the right of free choice of technology. 

OASIS members broadly represent the marketplace of public and private sector technology leaders, users and influencers. The consortium has more than 2,000 participants representing over 600 organizations and individual members in more than 65 countries.