Skip to content

The Role of Regulatory Authorities in the Governance of Data Protection


The institution of privacy and data protection commissioners has developed into a veritable success since its introduction with the Hessian Data Protection Act of 1970. Data Protection Authorities (DPAs) get involved in societal processes of discussion and interpretation, analysis and critique, negotiation and revision of data protection and data protection law. Their expertise is sought after in legislative processes, and their power of interpretation is dreaded by controllers. They are praised as defenders of fundamental rights in the information society and cursed as enemies of progress and blockers at the same time. However, they rarely have been an object of scientific investigation themselves so far.

Our interdisciplinary workshop aims at bringing together scholars and practitioners to shed light on the role of DPAs in the governance of privacy and data protection. We especially want to focus on processes: the cooperation across borders, the exchange and debate with data controllers, politics and civil society, the negotiation, interpretation and implementation of standards and laws. In particular, we want to debate how DPAs act in the various social discussion and negotiation fora, and how their action is enabled, enhanced or limited by their legal and institutional form, their staff and disciplinary backgrounds, the infrastructure and individuals who – like Spiros Simitis or Ann Cavoukian – are particularly visible as data protection commissioners. A special focus is on the new General Data Protection Regulation, both in terms of the DPAs’ contribution in the process of its creation as well as the future role of supervisory authorities. The question is, in what areas and fora DPAs are more successful so far in exerting influence than in others, whether there are differences between DPAs with regard to their influence, and which legal or institutional conditions and/or strategies might explain these differences. Moreover, it remains to be discussed, which role DPAs play in negotiating and shaping regulatory regimes – from “traditional” top-down regulation to (regulated) self-regulation –, what their objectives are and to what extent these objectives reflect the institutional interests of the regulators themselves.

We furthermore will pay special attention to the challenges that arise for DPAs from the multidisciplinarity of the privacy problem, the increasing self-limitation of the debate to expert circles, and the need for imparting the problem and possible solutions to a (legal as well as technical) lay audience.

We look forward to your contributions to one or more of the following or related areas:

  • the DPAs’ self-perception, and its formulation and communication
  • the national, regional and global cooperation between data protection authorities (Conference of Data Protection Commissioners of the Federal Republic and the Federal States, Düsseldorfer Kreis, Article 29 Working Party, International Conference of Data Protection and Privacy Commissioners, Global Privacy Enforcement Network (GPEN))
  • the DPAs’ communication with the public and in public, with stakeholders from businesses and the public administration, from politics and civil society, from science and practice
  • the DPAs’ regulatory strategies between sanctioning and constructive cooperation
  • the DPAs as experts and as stakeholders in legislative processes on the national and European level, in research and development projects
  • the DPAs’ practice: controlling, examining, evaluating procedures (systems, processes, data)
  • the DPAs as first instances (and “trend-setters”?) for interpreting laws and norms
  • the DPAs as actors in scholarly, especially interdisciplinary debates
  • competences, structures and processes in DPAs enabling and limiting monitoring and controlling data processing
  • European perspectives, i.a. the representation of member states, regions and their peculiarities and interests in the future European Data Protection Board (EDPB)

Please submit your contribution (or a draft thereof) no later than April 30, 2016, as a PDF via e-mail to

  • full paper: 8 to 10 pages, approx. 2,000 words
  • short paper: 4 to 6 pages, approx. 1,000 words
  • draft paper: max. 2 pages, approx. 400 words (please indicate whether you are aiming for a short paper or a full paper)

All accepted contributions will be made available to the workshop participants in advance.

The workshop will take place May 20, 2016, in Berlin, Germany.

The keynote address will be delivered by Marit Hansen, Data Protection Commissioner of the German state of Schleswig-Holstein. Moreover, we have won Alexander Dix, Spiros Simitis (solicited) and Thilo Weichert (solicited) as participating experts for the workshop to enrich the debate with their wide experience in the practices of DPAs, national, regional and global cooperation, and scholarly, political and legislative debates.

We strive for publishing all contributions, a report on the workshop and possible further contributions arising from the workshop discussion in a volume of conference proceedings by autumn 2016.

For more information please contact Jörg Pohle at

Important dates:

  • Submissions due: April 30, 2016
  • Registrations due: April 30, 2016
  • Notification of acceptance/rejection: May 5, 2016
  • Program & contributions available for workshop participants: May 5, 2016
  • Workshop date: May 20, 2016

Event date

20.05.2016 ical | gcal


Humboldt Institute for Internet and Society,  Französische Straße 9,  10117 Berlin


Jörg Pohle, Dr.

Head of Research Program: Actors, Data and Infrastructures


This high-profile lecture series thrives to develop a European perspective on the processes of transformation that our societies are currently undergoing.


Once a month we publicly discuss the impact of digitalisation on the society. Therefore we invite special guests and engage in a dialogue with the audience.


Be the first to learn about our new events and exciting research results.