Programme outline | September 2022 

Day 0 Wednesday (14.9.2022) 

  • Arrival
  • Informal get-together at a nice local restaurant.
  • No set programme. 

Day 1 Thursday (15.9.2022)

8:00  Registration, coffee, tea

8:30 Welcome - we start!

8:45 Keynote "Data protection and data security by design" (Prof. Lee Bygrave. UiO, Norway)

9:20 Workshops

Workshop 1: Web 2.0 to Web3 - privacy considerations outside-the-block (Daniel Schönberger, Web3 Foundation (W3F), Switzerland)

Workshop 2: Transparency and data subject rights (Jutta Oberlin, Google & Christian Kunz, Bär & Karrer, Switzerland)

10:20 Round-Up together

10:50 Coffee Break

11:20 Workshops

Workshop 3: How to keep your DPA happy? (Claudius Ettlinger, Swiss National Railway (SBB), Switzerland)
Workshop 4: How to get to the Cloud? (Nicolas Passadelis, Swisscom, Switzerland)

12:00 Lunch

14:00 Round-Up together 

14:30 Workshops

Workshop 5: Personal data processing, its data model, vocabulary and output (Georg Krog, Signatu, Switzerland)
Workshop 6: 
How to do a proper DPIA together with cyber security analysis? (Kristian Foss, Bull, Norway)

15:30 Round-Up together

16:00 Coffee Break

Time to powder your nose 

19:30 - Meet & greet  

D APT gallery - art, chat and bubbles  

20:30 - Dinner 

At informal Dorta, local place in town 

    Day 2 Friday (16.9.2022)

    8:30 Coffee/tea 

    9:00 Keynote "The future of adtech: alternatives to contextual advertising?" (Dr. Rob van Eijk, Future of Privacy Forum, Netherlands)

    9:45 Workshops

    Workshop 7: Privacy challenges of smart devices (Andreea Lisievici, Privacy and Data Protection Specialist, Global Privacy Office Boeing)
    Workshop 8: The interplay between the AI Regulation and the GDPR - transparency, subject rights, ethics (Federico Marengo, Privacy Consultant at White Label Consultancy)

    10:45 Round-Up together

    11:15 Coffee Break

    11:45 Workshops

    Workshop 9: AI developments: How to implement data privacy in a world of data science and development? (Carmen De la Cruz, LEXellence, Switzerland)

    Workshop 10: GDPR-certification (Cécile Théard-Jallu, De Gaulle Fleurance, France & Sébastien Ziegler, Europrivacy, Luxembourg)

    12:45 Barbeque lunch 

    Barbeque-with-a-view at the terrace of Lyceum Alpinum Boarding School. "A different take on privacy" - a few words over our meals. After lunch Reflection and discussions in the hills, the town or in the valley.
    14:45 Round-Up together
    15:15 Combined Workshop
    Workshop 11: Confidential Computing & PrivacyTech (David Sturzenegger & Matthias Eigenmann, Decentriq, Switzerland; Lukas Bühlmann & Michael Reinle, MLL Legal, Switzerland)

      16:45 Coffee Break

    No set programme. Dine with new or old friends.   

Sign up here.

What and how 

This practically oriented conference will offer:

  • Small groups of dedicated attendees
  • Opportunity to discuss and exchange experiences
  • Two tracks with different options
  • Top level privacy experts as speakers
  • Hot topics with new angles
  • Practical and user friendly solutions

Focus will be on professional quality, fun and fresh alpine air. There will be plenty of opportunities to network, and to create and develop professional friendships.

Topics & Speakers

Workshop Topics:

  • Past, present and future of transfers
  • How to contract transfers with data importers?
  • Deep Dive into the new SCC's 
  • Transparency and data subject rights
  • Personal data processing, its data model, vocabulary and output
  • The future of adtech: alternatives to contextual advertising?
  • Confidential Computing & Privacy Tech
  • What challenges are involved in doing a privacy-by-design gap analysis?
  • The interplay between the AI Regulation and the GDPR - transparency, subject rights, ethics
  • How to do a proper DPIA together with cyber security analysis?
  • Balancing privacy and safety in human-robot interaction. Bridging the gap between law and technology
  • Privacy challenges of smart devices


  • Dr. Axel Anderl, Dorda Attorneys at law, Austria
  • Lukas Bühlmann, MLL Legal, Switzerland
  • Prof. Lee Bygrave. UiO, Norway
  • Carmen De la Cruz, LEXcellence, Switzerland
  • Matthias Eigenmann, Decentriq AG, Switzerland
  • Claudius Ettlinger, SBB, Switzerland
  • Dr. Rob van Eijk, Managing Director for Europe, Future of Privacy Forum
  • Kristian Foss, Bull legal, Norway
  • Georg Philip Krog, Co-founder and Chief Legal Counsel at Signatu, Norway/Switzerland
  • Andreea Lisievici, Privacy and Data Protection Specialist, Global Privacy Office Boeing
  • Federico Marengo (PhD), Privacy Consultant at White Label Consultancy
  • Jutta Oberlin, Program Manager International Data Transfers & Privacy Regulatory Engagement at Google, Switzerland
  • Christian Kunz, Bär und Karrer AG
  • Nicolas Passadelis, Swisscom, Switzerland
  • Dr. Michael Reinle, MLL Legal, Switzerland
  • Daniel Schönberger, Web3 Foundation (W3F), Switzerland
  • Dr. David Sturzenegger, Decentriq AG, Switzerland
  • Sébastien Ziegler, European Center for Certification and Privacy (Europrivacy), Luxembourg

Programme to be confirmed. 

Sign up here.


    Lukas Bühlmann

    Lukas Bühlmann is partner and co-head of MLL-Legal's digital, data privacy & e-commerce group. He advises and represents a broad range of Swiss and international clients in the internet and e-commerce sector, in the health sector, in the tourism industry as well as for public transport providers. He regularly advises clients in data protection, e-commerce,  advertising as well as numerous legal aspects of the digital economy. In 2019, he has been appointed Legal Expert to the International Trade Centre (Geneva) and advises the ITC as well as a foreign governments on legislative projects with regard to data protection as well as cybersecurity. 

    More information on LinkedIn.

    Lee A. Bygrave

    Dr. Lee A. Bygrave is professor at the Department of Private Law, University of Oslo, where he is Director of the Norwegian Research Center for Computers and Law. He has functioned as expert advisor on technology regulation for numerous organisations, including the European Commission, Nordic Council of Ministers, Internet Corporation for Assigned Names and Numbers, UK House of Lords Committee on the Constitution, and Norwegian government. Lee is regarded as one of the world's leading authorities on data protection law, and his work has been cited with approval by the EU Court of Justice.

    More information.

    Carmen De la Cruz

    Carmen De la Cruz is a Technology Lawyer and Notary Public based in Crypto Valley / Zug in Switzerland. Carmen has worked for many years as Inhouse IT lawyer at Tech and Telecommunication Companies before acting as private practitioner and partner of boutique law firms.

    Carmen's focus is on emerging technologies such as AI, IOT or blockchain and related legal topics such as data protection, IP, telecommunication / infrastructure, commercial law, etc. With her broad experience in technology, data protection, commercial law etc. she supports clients to start, grow and develop business.

    More information on LinkedIn.

    Rob van Eijk

    Dr. Rob van Eijk serves as the Future of Privacy Forum's Managing Director for Europe. In this role, van Eijk implements FPF's agenda in Europe, overseeing its day-to-day operations. Prior to serving in this position, he worked at the Dutch Data Protection Authority (DPA) for nearly 10 years. Van Eijk is a technologist with an B.Sc. in Electrical Engineering, an M.Sc. from the Leiden Institute of Advanced Computer Science of Leiden University, and a Ph.D. from Leiden Law School, focusing on online advertising (real-time bidding).

    More information on LinkedIn.

    More information on Twitter.

    Matthias Eigenmann

    Matthias holds a Master of Law degree from the University of Fribourg and passed the Zurich bar exam in 2013. He spent several years at the Lausanne-based technology boutique id est attorneys where he advised clients on technology law and data protection matters before joining the PwC inhouse legal team to support the firm's digital transformation. Since 2020, Matthias operates as an independent legal advisor and works closely with Decentriq on legal aspects of privacy-preserving technologies.

    More information on LinkedIn.

    Claudius Ettlinger

    Claudius Ettlinger has been acting as Data Protection Officer with Schweizerische Bundesbahnen (SBB) AG, Switzerland's largest and state-owned railway company, from 2017. He started his career with the law firm Schellenberg Wittmer specializing in litigation. Before joining SBB, he spent several years as in-house counsel with a major Swiss bank. Claudius is a qualified Swiss lawyer and holds an LL.M. from the London School of Economics.

    More information on LinkedIn.

    Kristin Haram Førde

    Kristin Haram Forde is a partner in Bull & Co Lawfirm, Oslo Norway, with more than 20 years of experience from IT and technology law. Kristin is a member of the Board of Directors at Bull & Co, and co-founder (together with Kristian Foss) of the Privacy Factory, which is Bull's website for privacy matters. She is a member the professional committee for Data Privacy in the Norwegian Bar Association. She regularly gives lectures on privacy and technology matters, and she is considered an inspiring and knowledgeable lecturer. She is a mentor for students and an external examiner for the Masters' theses in Technology and Data Privacy law at the Faculty of Law, University of Oslo.

    Her main legal focus is data protection and technology matters, with a special interest in use of data and data flows. She is co-organizer of the Alpine Privacy Days in Switzerland.

    Bull & Co is a modern and industry focused law firm with a strong privacy, technology and intellectual property group.

    More information at Bull & Co website.

    Kristian Foss

    Kristian Foss heads the privacy practice in Bull & Co Lawfirm, Norway, where he is a partner. He is a member of the Expert Committee for ICT law at the Norwegian Center for continuing legal education with more than 20 years of experience from IT and technology law.

    His main legal focus is data protection and IT-contracts. Kristian served two years as president in IT IP Law Group Europe, is member of Itechlaw and co-initiator of the Alpine Privacy Days in Switzerland.

    Kristian's experience as an in-house lawyer, negotiator, entrepreneur and board member has given him a commercial and solution-oriented approach legal support of business objectives.

    Bull & Co is a modern and industry focused law firm with a strong privacy, technology and intellectual property group.

    Andreea Lisievic

    Andreea Lisievici is a Romanian lawyer, having advised on data protection matters since the very early stages of cloud computing emergence. Due to her passion for technology, her expertise has grown focused on technical areas like online tracking, mobile apps, connected devices and internet of things. After working in one of the biggest Romanian law firms for many years and then creating a boutique law firm dealing with data protection issues, in 2019 she moved to Sweden where she worked for Volvo Car Corporation. Since May 2022 she is part of Boeing's global privacy team.  

    More information on Linkedin.

    Georg Philip Krog

    Previously Georg has been a researcher at UiO, Ruhrgas Scholar at Max Planck Institut, Fulbright Scholar at Stanford Law School, Fulbright Scholar at Harvard Law School, Visiting Scholar at World Intellectual Property Organisation. He has experience doing 10 years of legal consulting. He is Chief of Legal Counsel at Signatu and Special Counsel to the Swiss law firm Meyerlustenberger Lachenal Froriep (MLL). In addition, he is author of numerous legal publications and co-author of and contributor to several standards (W3C, ISO, GA4GH). Georg holds a Cand. Jur. (MSc Law) from the University of Oslo.

    More information on Linkedin and Signatu and MLL.

    Christian Kunz

    Dr. Christian Kunz is an attorney and partner at the law firm Bär & Karrer in Zurich. He advises clients on data, data protection and technology law including cybersecurity and cybercrime matters, conducts large-scale internal investigations and e-discovery projects and assists clients in regulatory enforcement proceedings before Swiss and foreign authorities.

    He holds a law degree and doctorate from the University of Zurich, an LL.M. from UC Berkeley, a CAS in Cyber Security from ETH Zurich, a CAS in Forensics and is certified as CIPP/E by the IAPP. He regularly gives speeches, participates in panel discussions and publishes in his areas of expertise. He has been the IAPP KnowledgeNet Chapter Chair for Switzerland since January 2022.

    More information on Linkedin and company website.

    Federico Marengo

    Senior Privacy Consultant at White Label Consultancy.
    Federico Marengo is a data protection consultant that previously worked for TNP Consultants and Data Business Services. I hold an LL.M. (University of Manchester), and I'm a PhD candidate (Bocconi University, Milano). As a PhD researcher, my research deals with the potential and challenges of the GDPR to protect data subjects against the adverse effects of Artificial Intelligence. I'm TA in two courses at Bocconi University and I'm the author of "Data Protection Law in Charts. A Visual Guide to the General Data Protection Regulation", e-book released in 2021.

    More information on Linkedin.

    Jutta Oberlin

    Since 2020 Jutta Sonja Oberlin has worked in the data protection team at Google. In her role, she works on projects related to data protection and data security with a global reach. These range from the publication of white papers on national and international regulations to confidential large-scale projects. Before Google, she worked for the data protection officer of the Canton of Schaffhausen and for several years in consulting in the BIG4 environment. She regularly publishes on data protection issues in Swiss, German and international specialist media/journals and is a frequent speaker at various events in Switzerland and abroad, such as events at the Europa Institute of the University of Zurich, IAPP, Association of German Data Protection Officers, University of Lucerne (LITS), PrivSec, University of Liechtenstein etc. She has been the Young Privacy Professional Lead of the IAPP in Switzerland since January 2020 and the IAPP Chair for Switzerland since January 2021, and the OneTrust Privacy Connect Chair for the Basel region since December 2020.

    Nicolas Passadelis

    Nicolas Passadelis is the Head of Data Governance at Swisscom. In this role, he is responsible for defining the guardrails for the group-wide processing of data and assisting the organization in implementing necessary compliance measures. Previously, he worked for almost 17 years at an international law firm, where he was a partner in the ICT/Data Protection practice group. Nicolas is a lecturer on data protection law at the Zurich University of Applied Sciences and co-editor of a handbook on data protection law.

    More information on LinkedIn.

    Michael Reinle

    Michael Reinle is partner and member of MLL Legal's ICT & Digital practice group. He has sound experience in advising clients in the software and IT business, in the health sector, in telecom and data analytics. He advises clients in complex data privacy projects, such as data transfers to the USA, setting up data collaboration platforms, the multi-jurisdiction implementation of surveillance measures, etc. In addition, Michael Reinle has a strong experience in advising clients about the protection of IP and IP-related rights in the context of the digital economy. Michael Reinle is a regular speaker on data privacy law, big data, and new technologies.

    More information on LinkedIn.

    Daniel Schönberger

    Daniel Schönberger, General Counsel & Chief Legal Officer, Web3 Foundation (W3F) is a Swiss qualified attorney with over 20 years of experience in the information technology space. He holds a law degree from the University of Zurich (magna cum laude) and an LLM in medical law and ethics from the University of Edinburgh (with distinction). The Web3 Foundation (W3F) is a Swiss foundation with the objective to nurture a decentralized and fair internet (e.g. Polkadot and Kusama) where users control their own data, identity, and destiny. At W3F Daniel is in charge of all legal, regulatory, government affairs and public policy matters. Earlier in his career Daniel acted as the Swiss Country Legal Counsel of Hewlett-Packard. The last 13,5 years before joining W3F Daniel served as Google's Head of Legal for Switzerland & Austria. He was also the legal lead on Google's AI policy work in EMEA, and a part of Google's responsible innovation and AI principles efforts. Daniel is a corporate generalist with strong expertise in copyright, privacy and data protection, content regulation matters, cloud projects, license agreements and competition issues. He is still on a steep learning curve regarding financial and capital market regulation relating to all things crypto assets. Daniel published several academic papers on legal, ethical and philosophical aspects of AI, including with Oxford University Press. He is a member of the executive board of the Research Centre for Innovation Law of the University of St. Gallen (FIR) and a member of the board of trustees of the Academy of European Law (ERA). In 2018 Daniel was awarded the McLagan Prize by the University of Edinburgh.

    David Sturzenegger

    Born in Zurich, David is a mechanical engineer by training and obtained in 2015 a PhD degree from ETH Zurich in electrical engineering. From his time at the big-data company Teralytics, he has several years of experience in working with highly sensitive data and leading teams of senior data scientists and software engineers. Since 2019, David is with Decentriq where he is Head of Product, leveraging privacy-preserving technologies to help organizations collaborate on sensitive data.

    More information on LinkedIn.

    Cécile Théard-Jallu

    As a partner at De Gaulle Fleurance & Associés, Cécile Théard-Jallu specializes in the fields of innovative technologies, data protection / cybersecurity, commercial law, contracts and intellectual property.

    She helps clients through the definition and implementation of their innovation strategies (regulations relating to healthcare products and activities, including telemedicine, HDS, 3D printing, connected objects, platforms, Big & Smart Data, social robots, artificial intelligence, blockchain, 5G, Smart Healthy Cities, or mobility around the patient pathway...).

    Since the beginning of her career, she has carried out numerous missions involving data protection, including the GDPR, the French Data Protection Act and French or European cybersecurity regulations, in various regulatory, contractual and auditing missions, on behalf of both industrial companies and service providers, in France and abroad (R&D, marketing or commercialization phase). She is a certified advisor to companies in the process of being certified as compliant with the GDPR by the Europrivacy ® consortium, the first certification scheme of its kind, financed by H2020 funds.

    She represents De Gaulle Fleurance & Associés in the Cyber & Security Hub of the Systematic Cluster and has been appointed as an expert for France in the European project TEHDAS, aimed at building the regulation of the future European Health Data Area.

    Vice-Chair of the "Health/Life Sciences" committee and member of the "Technology" committee of the International Bar Association (IBA), she has been listed for several years in the Best Lawyers ranking published in partnership with Les Echos, in the "Biotechnologies" and "Information Technologies" sections for France.

    Very involved in the connected health ecosystem, in particular for medical devices players, she has written numerous articles in the specialized press and regularly hosts conferences in the sector.

    More information on LinkedIn.

    Dr Sébastien Ziegler

    Dr Sébastien Ziegler serves as President of the Europrivacy International Board of Experts, President of the International Internet of Things Forum (IoT Forum), and as Rapporteur on Emerging Technologies at the ITU (SG20). Sébastien has a PhD in Management with a specialization in Information Systems at the Faculty of Economy and Management of the University of Geneva. He graduated in International Relations at the Graduate Institute of International Studies, followed by a Master in Environment, a MBA in international administration (HEC Geneva), and complementary executive courses at Harvard Business School in Boston, Stanford University, UC Berkeley and EPFL. Founder of several organisations and companies, he also coordinated European research projects and is currently participating in several research projects on data protection. With a multi-disciplinary academic profile, combining international law, science, and economics, he is a relentless promoter of research, innovation and international cooperation. 

    More information on LinkedIn.

    The weekend (17. - 18. September)

    Time with colleagues, friends & family

    Whether you spend time with other privacy professionals or your loved ones, Zouz and its surroundings have everything to offer. Biking, hiking, sailing, swimming in the lakes, culture, great din- ing, partying and more.

    In immediate reach of Zuoz, many great mountains, lakes and villages including St. Moritz offer world class leisure activities all year round and more

    We encourage you to enjoy the area till Sunday, and return home, wiser and with a smile on your face. 

    The value of a network

    Data protection law evolves so quickly and poses so many hard questions, that you are lost without someone to discuss with. Often a quick chat over the phone can save you much pondering and always increase quality and peace of mind. Cheap and efficient, if you have invested in building your network. Let Alpine Privacy Days be a step on the path to creating your own network.