Day 1: Wednesday October 15th, 2025

13:00 – 14:00 Registration Opening, Lunch & coffee break

14:00 – 14:15 – Congress Opening by Pierre-Yves Lastic – General Secretary of  EFDPO and EHDPC Chairman

This session will explain the data protection issues that DPOs need to be aware of and potentially to approve when AI systems for use by clinicians or patients are being adopted by a healthcare organisation. These issues include checkpoints at the time of procurement and points to be included in service level agreements.

Data protection concerns include the access provided to the AI algorithm from the EHR system and where that processing will take place, including possibly at he patient’s home or at the developer’s site which might be in another country.

Machine learning and AI improvement requires data feedback loops to the developer of the patient level outcome from the AI outputs, which normally needs to be pseudonymised and not anonymised data. The legal basis for these processing steps and flows will be discussed, including the data use and security safeguards to be required of AI developers. DPOs might also need to be involved in the local monitoring arrangements and handling breach and escalation policies related to AI systems.

Transparency and good practice in explainability to patients and clinicians will also be discussed.

14:15 – 16:00 – Opening Plenary Session : Anonymization and pseudonymization in practice

14:15 – 15:15 : Introductory presentations

– Anonymization and pseudonymization case law. Patrice Navarro (Clifford Chance)

-The EDPB 2025 pseudonymisation guidance.  Giuseppe D’Acquisto (Italian Data Protection Authority)

15:15 – 16:00 : Panel discussion

« Navigating EDPB Guidance, Health Data Realities, and Case Law »

16:00 – 16:30 – COFFEE BREAK AND NETWORKING

16:30 – 18:00 – Plenary 2 – How will EHDS Health Data Access Bodies anonymise and pseudonymise and synthetize data sets?

The EHDS Regulation extends the legal rights under GDPR to authorise Health Data Access Bodies, appointed by each EU country, with powers to perform anonymisation and pseudinymisation of health data sets in order to make them available for research or other secondary uses. This means that they will be legally permitted to anonymise data sets e.g. from a hospital, that have NOT been de-identified at source. Even if this is permitted under extended GDPR, healthcare providers might need assurance of the capability of HDABs to perform this to a suitable high standard and to give immunity to the healthcare data source for any data breaches or compaints that arise.

18:00 – 19:00 – ORAL COMMUNICATIONS

18h00 – 18h10 : Navigating Muddy Data-Streams: PETs and EU Data Protection Laws in Secondary Health Data Use

Kartik Chawla, Dayana Spagnuelo, Simon Dalmolen

18h10 – 18h20 : Recommendations for Assessing Re-Identification Risks in the secondary use of Health Data 

J Maurer, PHD, S Oesterle, PhD, JL Raisaro, PhD, K Kalt, M Egli, PhD, J Kiss Blind, J Armida, PhD, TR Geiger, PhD

18h20 – 18h30 : Health Data as a weapon : Addressing Group-Level Risks in an era of Expanded secondary use 

 Author: S Pandit (FIP).

18h30 – 18h40 : AI-POWERED Anonymization and pseudonymization to enhance healthcare data Security 

Baka DIOP, CIO, Global Ambassador AI for France, Multiaward nominee, Top women in cybersecurity worldwide, CEO Stealth AI

18H40 – 18h50 : From raw to synthetic : Enabling Privacy Enhancing data sharing in the european health data space 

19:15 – 20:30 – COCKTAIL AND NETWORKING at CLIFFORD CHANCE Headquater

1 rue d’astorg 75008 Paris

Shuttle BUS leaving at 19H15 in front the musée de la marine.