When people imagine conference networking, the mental picture usually includes business developers, sales professionals, and partnership leads exchanging cards over cocktails. But there’s a quiet, crucial category of specialists who often work behind the scenes and arguably have just as much, if not more, at stake in these spaces.
Data protection experts aren’t just compliance checkers or risk mitigators. They’re the architects of trust in the digital ecosystem. For companies like Aceex, where transparency and integrity are core to every deal, data protection is a foundation.
In May, our Data Protection Specialist, Nadiia Bakharieva, attended the CPDP.ai Conference 2025 in Brussels — one of the most influential forums in the EU for privacy and technology, and policy. And here’s what she had to say:
#CPDP.ai 2025 ended. There were a lot of different tracks, and it was impossible to get to every panel, workshop, or culture club. Still, the attendance provided some valuable insights from the privacy community. Below are some of them:
The Need for Enforcement Over New Laws/ Internal Mechanisms as an Alternative to New Laws:
This conference underscored the pressing need for the European Union to advance its legislative framework. However, the prevailing sentiment among panelists emphasized that the solution lies not in simplifying existing laws or introducing more detailed regulations, but in robustly enforcing the current legal provisions, which are already sufficiently comprehensive.
It is worth considering the internal corporate mechanism for achieving compliance, as well as the policies of big platforms and conducting risk assessments.
Data Access, Portability, and Competition:
Stronger enforcement of data access and portability rights under the GDPR could foster competition in the ad tech market. Data protection is part of competition, even if privacy is considered a separate issue. Data portability and data interoperability became a competitive advantage.
Future of Ad Tech Ecosystem:
A study by economists on the future of the ad tech ecosystem, considering current privacy measures, concluded:
There are more new entrants.
Alternative business models are possible, but often still rely on tracing.
The open web would persist alongside practices of major players like Google.
Balancing Privacy and Competition:
Antitrust authorities and DPAs need to work together. Overemphasizing privacy can impact big players, while insufficient privacy measures can harm consumers. Finding the right balance is difficult for companies. Privacy as a quality: Privacy has been recognized as a factor in major cases like Facebook/WhatsApp and Microsoft/LinkedIn.
Supply Chain verification:
It is important to analyze the privacy risks of a particular position in the supply chain.
Challenges in Communicating Privacy:
It’s difficult to effectively communicate the complexities of privacy to the general public. The topic is often perceived as boring, making it hard to convey the urgency and importance of privacy matters.
Fair Consent (Consent Fatigue), PETs, moving out from third-party cookies:
The idea of fair consent goes beyond just consent and aligns with the criteria of the GDPR. Current cookie consent mechanisms are often meaningless and unfair. A regulation similar to the DSA may be needed to monitor and sanction the most harmful platforms. Phasing out third-party cookies, which started with a global consent approach but evolved, may have further encouraged the development of technologies (PETs) that could be used as an alternative.
The Myth of Digital Literacy:
Relying solely on digital literacy is insufficient because many aspects of online tracking and data collection are designed to be incomprehensible, regardless of one’s level of sophistication. There are often knowledge gaps outside the tech bubble, preventing people from understanding their role in ensuring online safety.
Importance of privacy by design/ UX:
And user-friendly approach consists of:
Giving the user a choice regarding the use of their data.
Implying privacy-friendly settings by default.
Honoring user’s preferences.
Companies shouldn’t put the burden of the most favorable privacy choices on a user, because users cannot assess risks properly.
As it was said by Wojciech Wiewiórowski, the European data protection supervisor, in the conference closing speech, the time that are coming, will not be easy for data protection, privacy and AI, but at least we know which paths we should take and which paths we should go.
Being in the room, especially as a privacy or legal expert, is about hearing what’s shaping the rules before they become rules. And also, it’s about building relationships that make cross-border compliance and collaboration easier. And most importantly, it’s about representing the kind of responsible innovation that Aceex stands for.
Building fair ecosystems starts long before the product launch or the contract signing. It starts with people like Nadiia, showing up, listening in, and helping set the tone for what ethical AdTech should look like in 2025 and beyond.
