Beyond Data Protection Conference: Regulating Information and Protection against Risks of the Digital Society

21-22 September 2023, Utrecht, the Netherlands

This two-day conference is concluding a series of events organized under the auspices of the ERC INFO-LEG project. The conference is hosted by Utrecht University and will take place in Utrecht, the Netherlands, on 21-22 September 2023.

The Beyond Data Protection Conference will include keynote talks, roundtable discussions, and panels where scholars can present and discuss their research. We encourage PhDs and early career researchers to submit an abstract and attend.

The project and the conference are funded by the European Research Council (ERC) through an ERC Starting Grant awarded to Nadya Purtova (grant no. 716971). Due to the generous ERC funding, we are able to run this conference with no registration fees for participants and attendees.

Livestream of the plenary sessions

Only plenary sessions (keynotes, roundtable, and the talk by Nadya Purtova with reflections by Mireille Hildebrandt) will be livestreamed. Check the program for the exact times (in CET).


Karen Yeung, Michael Veale, Lokke Moerel

Call for papers and panels is closed

Legal protection against risks of the digital society is often framed in terms of regulating (certain types of) information or data. The EU GDPR in particular applies to the processing of “personal data” and has been seen as a “Jack of all trades”, a primary available means of legal protection against a variety of harms caused or exacerbated by digital technology, from discrimination and unfair labour and consumer practices to opaque and unfair decision-making and the risks of AI. The emerging EU data law similarly focuses on data sharing, data aggregation and data access to empower individuals, stimulate innovation, and protect competition. This focus on information and data has been subject to growing critique, among others, for lack of theoretical understanding of what information (and data) is and how it relates to reality, for the impossibility of treating personal data both as essential for fundamental rights and as an economic good, and for stretching the GDPR scope beyond meaningful compliance and enforcement.

We seek proposals for papers and panels that will explore the challenges of (personal)data-centered legal protection against information-induced harms and consider alternatives beyond data (protection) from the perspectives of law and regulatory theory, critical data and infrastructure studies, economics, information studies, and other disciplines.

We particularly welcome submissions that address one of the following themes, but other proposals fitting the general objectives of the conference are welcome as well:

  • Understanding digital – or information-induced – harms and the role of information in their formation:
    • Theoretical and empirical studies into the nature of digital – or information-induced – harms that people experience in contemporary society and the role of information and data;
    • Reflection on the harms stemming from automation and data analytics as  governance tools, and / or regulatory solutions;
  • Understanding legal protection: lessons from the legal and regulatory theory for how legal protection against these harms should be constructed;
  • Understanding data and information: theoretical and empirical inter- and mono-disciplinary accounts of information and data, including but not limited to semantic, syntactic, and functionalist approaches to information, and lessons for legal protection against digital harms;
  • Understanding digital economy & economics of information and data: theoretical and empirical studies of the digital economy and lessons for legal protection against digital harms, including but not limited to data commons;
  • The grand challenges of data protection, including but not limited to its relationship to privacy and regulation of AI, automated decision-making and other IT-facilitated practices, and how to ensure its relevance in the long-term future; thinking about digital harms in terms of data flow; and challenges;
  • (Critical) reflections on the EU data law and data as a regulatory target in relation to digital harms.

Important dates

  • Submissions portal opens for submissions: April 29
  • Abstract submission deadline: June 1 June 7
  • Decisions back to authors: June 17 June 20
  • Registration opens: June 20
  • Registration deadline for paper presenters and panelists: July 16, 24:00 CET
  • Registration deadline for conference attendees (non-presenters): September 10, 24:00 CET or earlier when the maximum capacity of the conference venue is reached.
  • Conference dates: September 21-22

Abstract guidelines and instructions

Authors should submit an abstract as part of their application to present their research as part of a panel at the conference. Abstracts should be in English and between 500 and 700 words. Authors should clearly and concisely link their ideas and research to existing scholarly literature. Abstracts should also identify the theories, concepts, methods, and conclusions of the proposed research presentations.

We also welcome proposals for alternative formats, including roundtables or other sessions designed to encourage audience engagement and participation. For these alternative proposals, please title your abstract beginning with “ALT:” to clearly set it apart.

Submissions should be made through the EasyChair platform

Practical information

The conference will take place in Paushuize, Kromme Nieuwegracht 49, 3512 HE Utrecht, The Netherlands.

With questions please email to n [dot] n [dot] purtova [a&t] uu [dot] nl