As privacy professionals, we’re no strangers to the evolving changes in our lives of dealing with data privacy frameworks and data protection where geopolitical shifts, emerging technologies like AI and facial recognition, and regulatory intersections demand constant vigilance. If you’re looking for a forum to dive deep into these challenges, mark your calendars for the “Security Festival 2025” in Lillehammer, Norway, from August 25-27.
Organized as Norway’s premier gathering for cybersecurity, ICT, and information security, this event brings together experts from government, business, academia, and politics. And this year, the Norwegian Data Protection Authority (Datatilsynet) is stepping up as a key partner, curating a dedicated “Privacy & Data Protection” track that’s packed with insights tailored to our field.
Why should privacy pros care? In an era where data flows are weaponized in trade wars and commercial intelligence tools blur the lines between surveillance and security, this festival offers practical, forward-looking discussions. It’s not just theory—sessions will explore real-world implications for compliance, risk management, and ethical data handling in a highly digitalized society like Norway’s. Whether you’re a DPO, compliance officer, or privacy consultant, here’s what you need to know about Datatilsynet’s track on Tuesday, August 26, in Holbøsalen at Kulturhuset.
Key Sessions: From Trade Wars to Facial Recognition Risks
The track kicks off bright and early, focusing on timely topics that resonate with global privacy concerns. Here’s a breakdown of the lineup, with highlights on why each session could inform your next privacy impact assessment or policy update:
– 09:00 – 09:30: Data in the Line of Fire of Trade Wars
Presented by Erlend Bakken, Data Protection Officer at TV2. This session examines how personal data has become collateral in U.S.-centric trade tensions, especially post-Trump era. Expect updates on using tech giants’ systems, U.S. data transfers, and actionable steps for Norwegian businesses. For privacy pros dealing with international vendors, this is essential intel on navigating adequacy decisions and standard contractual clauses under GDPR.
– 09:45 – 10:15: Updates from Datatilsynet on International Work, Including Transfers to the USA
Led by Anna Kristin Ulfarsdottir, Legal Director at Datatilsynet. Get the latest on guidelines, cases, and transatlantic data flows straight from the authority. In light of ongoing EU-U.S. Privacy Shield debates, this could help refine your transfer risk assessments and ensure compliance amid regulatory flux.
– 10:45 – 11:15: No Data Controller is an Island
Aasta Hetland and Petter Ludvig Andersen, Senior Advisors from the Norwegian Directorate of Health, share experiences managing data responsibility in complex value chains like the Core Journal and Prescription Mediator. They’ll cover collaboration between controllers and processors, role delineation, and stakeholder dialogues. If your work involves joint controllership or health data processing, this session’s practical examples will be invaluable for avoiding common pitfalls under GDPR Articles 26-28.
– 11:30 – 12:00: Commercially Sourced Intelligence: Friend or Foe?
Tor E. Bjørstad from mnemonic AS and Vivi Ringnes Berrefjord from the Institute for Defence Studies discuss the rise of commercial datasets enabling nation-state-level surveillance. They’ll touch on privacy and cybersecurity implications, plus unpublished research on tampering risks. For pros in high-stakes sectors like defense or finance, this highlights the need for robust due diligence on third-party data sources and potential DPIA triggers.
– 13:15 – 13:45: PimEyes – For Your Eyes Only?
This session spotlights the Polish facial recognition tool PimEyes, which scans the web for publicly available images using biometrics—effectively challenging anonymity rights. It even aided in apprehending a long-wanted terrorist. Privacy implications? Massive, from consent issues to biometric data sensitivities under GDPR. If you’re grappling with AI-driven surveillance in your organization, this could spark discussions on ethical boundaries and regulatory responses.
These sessions aren’t isolated; they’ll weave in broader themes like GDPR’s interplay with Norway’s new Digital Security Act, AI’s handling of sensitive data, and geopolitical influences on privacy. The festival’s collaborative vibe—drawing from diverse stakeholders—makes it a prime networking opportunity to benchmark your strategies against peers.
Why This Matters for Privacy Professionals Now
Norway’s position as a digital leader means these discussions have ripple effects beyond its borders. With the EU’s AI Act ramping up and ongoing scrutiny of U.S. data practices, events like this provide foresight into compliance trends. Attending could equip you with tools to advise on everything from cross-border transfers to mitigating risks in AI deployments. Plus, as a partner event with Datatilsynet, it’s a chance to engage directly with regulators and influence the conversation.
The full festival program covers a spectrum of security topics, but for privacy-focused attendees, this track is the highlight. Registration is open—head to https://sikkerhetsfestivalen.no/ for details and to secure your spot before August 25.
In a world where privacy is under constant siege, staying ahead isn’t optional. Will you be in Lillehammer to join the dialogue?
