About the Chair

The VUB Chair “Data Protection On the Ground” (DPOG) promotes the investigation into actual practices of data privacy in organizations and the dissemination of best practices. The focus of its research is on developments in smart cities, health, media, and banking. For this the Chair compares practices in public sector organizations with those in the private sector, and organizations experienced in personal data protection with beginners. In lectures, workshops, roundtables and other events, the Chair brings experts and practitioners together to stimulate the discussion of best practices.

The Chair is coordinated by the research center imec-SMIT (Studies on Media, Innovation & Technology) in collaboration with the research group LSTS (Law, Science Technology & Society). The Chair will initially run from October 2018 - 2021.

Annual report 2019

Partner: BNP Paribas Fortis

The Chair on Data Protection On The Ground was established in partnership with BNP Paribas Fortis.

Website BNP Paribas Fortis

Chair holder: Prof. dr. Jo Pierson

Jo Pierson, Ph.D., is Associate Professor in the Department of Media and Communication Studies (Faculty of Social Sciences & Solvay Business School). He has also been a Senior Researcher and Unit Leader at the research centre SMIT (Studies on Media, Innovation and Technology) since 1996. In this position he is in charge of the research unit 'Privacy, Ethics & Literacy’, in cooperation with imec (R&D and innovation hub in nanoelectronics and digital technology). He lectures undergraduate and postgraduate courses at Vrije Universiteit Brussel, Hasselt University and University of Amsterdam, covering socio-technical issues of digital media design and use. Drawing upon media and communication studies, in combination with science and technology studies, his interdisciplinary research focus is on data, privacy, public values and user empowerment in online platforms. He is also elected member of the International Council of the International Association for Media and Communication Research (IAMCR).

Visit Jo Pierson's personal page.

Chair type



2018 - 2021

Over de leerstoel

De leerstoel “Data Protection On the Ground” (DPOG) bevordert onderzoek naar de daadwerkelijke praktijken van gegevensbescherming in organisaties en de uitwisseling van best practices.

In het bijzonder richt het onderzoek binnen de leerstoel zich op smart cities, gezondheidszorg, media, en de bankensector. In dat kader worden praktijken van organisaties in de publieke sector vergeleken met praktijken in de private sector, en de praktijken van organisaties met veel ervaring in gegevensbescherming met die van organisaties die nog niet zo lang geleden zijn begonnen met de bescherming van persoonsgegevens. In lezingen, workshops, rondetafels en andere activiteiten brengt de leerstoel experts en professionals samen om de discussie over best practices te stimuleren.

De leerstoel wordt gecoördineerd door onderzoekscentrum imec-SMIT (Studies on Media, Innovation & Technology) in samenwerking met de onderzoeksgroep LSTS (Law, Science Technology & Society). De leerstoel loopt van 2018-2021.

Jaarverslag 2019 (pdf)

Partner: BNP Paribas Fortis

De leerstoel Data Protection On The Ground is opgezet in partnerschap met BNP Paribas Fortis.

Website BNP Paribas Fortis


Titularis: Prof. Dr. Jo Pierson

Dr. Jo Pierson is hoofddocent in de vakgroep Communicatiewetenschappen aan de VUB, faculteit Sociale Wetenschappen en Solvay Business School. Hij is eveneens senior onderzoeker en hoofd van de onderzoeksunit Privacy, Ethics, and Literacy binnen het onderzoekscentrum SMIT (Studies on Media, Innovation and Technology), sinds 1996. Daarnaast geeft hij vakken op het gebied van socio-technische aspecten van (het gebruik van) digitale media aan de VUB, de Universiteit Hasselt en de Universiteit van Amsterdam. In zijn onderzoek, dat interdisciplinair is van aard, ligt de nadruk op data, privacy, publieke waarden en user empowerment op online platformen.

Bezoek Jo Piersons medewerkerspagina.




2018 - 2021

CPDP 2020

Panel: Practical consequences of PSD2 for personal data protection

Policy brief (February 2019): Salvaging European media diversity while protecting personal data

This policy brief deals with current issues in media related to the profiling of users for the purposes of personalising news and advertising content. The brief offers recommendations to both policy makers and the media sector.

Open or download the policy brief.

Roundtable report: personal data protection in the media sector

In a roundtable discussion in February 2019, media sector experts indicated that the sector struggles with a lack of clarity when it comes to personal data protection. While some of this unclarity may be intentionally created by lobbyists and the use of so-called dark patterns, a major part of it has to do with the novelty of enforced data protection legislation.

Open or download the report.

Policy brief (May 2019): Connecting the dots – smarter cities work together

This policy brief addresses common challenges for smart city projects under the EU’s General Data Protection Regulation. We discuss ‘on the ground’ realities that may imperil the protection of personal data: innovation strategies, technology push, open data and data sharing, and vendor lock-in.

Open or download the policy brief.

Roundtable report: personal data protection in smart cities

In a roundtable discussion in June 2019, representatives of different stakeholder groups in smart cities discussed challenges and solutions for the protection of personal data in smart city projects. The most discussed topics during the roundtable were: a) The roles and responsibilities of data controllers and processors; b) Skills and resources of data controllers, public authorities and data subjects; c) Legal bases for the processing of personal data; d) Power imbalances between different actors; e) Role of public authorities; f) Protective measures; g) Data re-use and sharing.

Open or download the report.

Policy brief (September 2019): PSD2 and other challenges to the protection of personal data in the financial sector

The updated Payment Services Directive (PSD2) will potentially have far-reaching consequences for the European financial sector. This policy brief deals with aspects related to personal data protection, while also considering other current developments in the financial sector that affect the protection of personal data in the EU: law enforcement access to financial data, personalized banking services, and new entrants in the market, including moves by big technology companies.

Open or download the policy brief.

Roundtable report: personal data protection in the financial sector

When the renewed Payment Services Directive (PSD2) came into law in the European Union in September 2019, questions of personal data protection in the financial sector came to the forefront of public debate once again. The roundtable organized by the VUB Chair on Data Protection On The Ground took place only four days after the implementation of PSD2, and it therefore came as no surprise that these issues were on every participant’s lips. Early on in the roundtable discussion, a participant asked the question that struck at the heart of the issue: “Have the legislators for PSD2 and the GDPR talked to each other?”

Download the report.

Policy brief (December 2019): Does it hurt? The sensitivity of health data

This policy brief addresses challenges in smart health under the European Union’s General Data Protection Regulation (GDPR). One of the main challenges is mitigating risks when sharing health data, biometric data and genetic data - categories of personal data that are merited special protections in the GDPR. Issues of unclear definitions, even for such basic concepts as ‘health data’ and ‘research’, complicate practical implementation of personal data protection to such an extent that risks to individuals cannot be effectively addressed.

Open or download the policy brief.

Roundtable report: personal data protection in the health sector

The healthcare sector has faced questions about the sensitivity of data, the meaning of ‘informed’ consent, and confidentiality for much longer than formal data protection legislation has existed. Nevertheless, the advent of the General Data Protection Regulation (GDPR) has raised awareness of such topics to the surface level of discussions within healthcare facilities and between healthcare professionals and patients. On 11 December 2019, the VUB research chair on Data Protection on the Ground organized a roundtable discussion between Data Protection Officers from the realm of hospitals and health insurance, specialized legal academics and legal professionals, and representatives of patient organizations in Belgium.

Open or download the report.

Successful launch of the Chair on Data Protection On The Ground

On Thursday 13 December, the VUB Chair on Data Protection On The Ground kicked off its activities with an engaging half-day event in the center of Brussels. Featuring speakers from business, academia, and regulators, a multi-faceted picture was painted of how data privacy regulations work out in practice.

The audience was welcomed on the morning of 13 December by Jo Coutuer, Chief Data Officer at BNP Paribas Fortis, the partner of the new Chair. He explained that the banking industry had been in the business of protecting their clients’ data for over 500 years and that they saw a clear value in studying the effectiveness of different data protection practices in the age of digital disruption.

Protecting freedom
The president of the Belgian Data Protection Authority, Willem Debeuckelaere, then delivered the opening speech, inviting the audience to interact. Soon the questions started flowing: about the number of data breaches and complaints in Belgium, about the relative competences of European regulators, and about innovation in times of strict legislation. Debeuckelaere reiterated that it was never the intention of the recently introduced General Data Protection Regulation (GDPR) to hinder innovation; instead, the GDPR invites discussion “to find solutions to risks”.

Willem Debeuckelaere in discussion with the audience.

Prof. Caroline Pauwels, rector of the Vrije Universiteit Brussel.

The potential to benefit from challenges was picked up later in the morning by VUB rector Prof. Caroline Pauwels, who pointed out that “a whole cottage industry has come to life around data protection, selling privacy management software, cybersecurity insurance, and data protection consulting services”. She also underlined why the Vrije Universiteit Brussel, with its focus on freedom, is a suitable place to establish a research chair on data protection: in discussing privacy, “we are ultimately talking about protecting people’s freedom”.

Examples from practice
The new chair holder, Prof. Jo Pierson, explained the rationale behind focusing on practices rather than theory. “The challenges are sector-specific, and vary from different ideas of what constitutes ‘informed consent’ to sharing public data about citizens with commercial partners.” The sector-specific nature of data protection challenges was confirmed in a subsequent panel discussion between respresentatives of the four sectors the chair will focus on (banking, media, health and smart cities): Jo Coutuer, Allan Segebarth (CEO, AdLogix), Luc Maes (Data Protection Officer, UZ Brussel), and Jan Adriaenssens (Director, City of Things). As an example, Adriaenssens related how in the ‘City of Things’ programme in Antwerp, a project was proposed to use security camera images to study safety issues at pedestrian crossings. Ensuring proper privacy protection in this situation turned out to be a complicated process with a long chain of partners who needed to be involved, from the city administration to the owners of the cameras.

Chair holder Prof. Jo Pierson explains the aim of the chair's research.

Jo Coutuer (BNP Paribas Fortis) talks about the data protection challenges in the banking sector.

Asked by the moderator, prof. Paul De Hert, to give examples from the medical, media and banking industry, the panel further talked about the challenges for the protection of health data of diabetics who use wearables to monitor their condition, the disadvantage of the Belgian advertising industry in the face of Google and Facebook who have become advertising giants by collecting vast amounts of people’s data, and governments demanding from banks that they supply financial information about clients.

Jan Adriaenssens (City of Things) talks about data protection in the smart city of Antwerp.


Discussion among professionals
The last speaker of the morning was Prof. Georges Ataya, the academic director of executive education at the Solvay Brussels School of Economics and Management, and co-founder of the DPO Circle, a professional organisation for data protection officers (DPOs). DPOs are often the project owners for privacy protection, and Prof. Ataya explained the different types of skills they will need to fulfil the requirements for his job: they need to know about the law, but also about management and transformation processes, as well as IT security and management of urgent situations in case of a data breach. The DPO Circle aims to facilitate discussion among these new professionals and organises regular talks about specific data protection issues, in collaboration with the new Chair.

Prof. Georges Ataya (Solvay Business School) explains the skills needed by data protection officers.

VUB rector Caroline Pauwels and Jo Coutuer (BNP Paribas Fortis) confirm the partnership in the Chair on Data Protection On The Ground.

Contact person
Ine van Zeeland, PhD researcher


+32 2 629 1 629

Follow us on Twitter