Participation in a digital society

The 17th IFIP Summer School on Privacy and Identity Management takes a holistic approach to society and technology, supporting interdisciplinary research exchange through keynote lectures, tutorials, workshops, and paper presentations.

In particular, we welcome contributions combining any of the following perspectives: anthropological, economic, ethical, historical, legal, media & communication, regulatory, sociological, critical, surveillance, technical, philosophical, disabilites, political, and psychological studies.

The IFIP Summer School encourages not only interdisciplinary but also broader diversity. It particularly welcomes submissions on how to foster gender and cultural balance in privacy research and policy, and notably tutorials and workshops about how to raise awareness in these matters.


Digital technology has become part of the everyday practices of the majority of people all around the world. Participation in practices that involve digital systems allows people to benefit from the various advantages they provide. However, with moving traditional processes online, this digital participation often becomes inevitable, since there are in some cases only limited options to access services without using digital tools. This poses major challenges with respect to user privacy and the control over personal information. Also, populations are highly diverse, which is not always taken into consideration for technology and data practices. This often leads to more adverse effects on People of Color and queer, especially trans, people. People also differ in age and ability, with an increasing aging population, there is large mobility between cultures and countries, and there is now the generally accepted demand that as many people in a society as possible should be able to participate in its activities, including people with physical, sensory, cognitive or psychological limitations. This creates challenges in the design of digital systems, not least in aspects related to privacy and identity management. This also includes participation in design processes. The discussion of these issues in the context of privacy is just beginning, and the summer school aims to create a platform for creating awareness and facilitating interactions and knowledge exchanges around these issues.

Four-phase review process

The research paper presentations and the workshops focus on involving students, and on encouraging the publication of high-quality, thorough research papers by students and young researchers. To this end, the School will have a four-phase review process for submitted papers.

  1. Extended abstracts: at least 2 and at most 4 pages; from these submissions, the PC chairs select papers in the scope of the call for presentation.
  2. A full length draft (up to 16 pages), in Springer LNCS format, is required to be submitted for accepted submissions before the Summer School. It will appear in the pre-proceedings.
  3. At the summerschool each author will give a 20min presentation followed by a 10min discussion. The discussion will be started by an author of another paper by naming a strength, a weakness and a starting question for the discussion.
  4. Before the second review phase, students have time to revise their papers, taking into account the comments they recieved and the discussion that took place at the Summer School. These revised, full papers are reviewed soon after the Summer School by Programme Committee members.

Based on these reviews, papers might be accepted, conditionally accepted, or rejected. Accepted and (after satisfactory revision) conditionally accepted papers will be included in the Summer School’s proceedings, which will be published by Springer.

In addition to research papers, the we also invite submissions for workshops and tutorials.

A workshop is an interactive session that is planned for one or two hours. In it, participants jointly work on a topic or project that is related to the theme of the summer school. Workshops actitivies are summarized in short papers that recapitulate the outcome and the kinds of discussion raised in the School, for inclusion in the post-proceedings. Proposals for workshops should contain a 2-page statement presenting the topic and summarising the planned activity and the expected contributions from the audience members, e.g. responding to a questionnaire or conducting a small experiment. Proposers should indicate whether any special equipment is needed for the workshop, such as audio-visual systems or computational equipment and support.

Tutorials are one or two hour long presentations. They should deal with topics that are of interest for the interdisciplinary audience in the summer school. They should provide knowledge on theoretical, empirical, methodological, practical or other aspects relevant for the summer school. Proposals should contain a 2-page summary and state the level and background required for audience members to follow the tutorial.

Submissions need to be in English language, and must be submitted electronically using the following link:

Possible Topics (can include, but are not limited to)

Technical and Organisational Measures for Privacy

  • ‘by-design and default’ mechanisms for: privacy, value-sensitivity, ethics, human rights, impact and risk assessments, data protection on the ground
  • data breach notification and its side effects
  • integration of privacy and security into agile development
  • privacy-enhancing technologies (PETs) and transparency-enhancing technologies (TETs)
  • privacy and identity management (services, technologies, infrastructures, usability aspects, legal and socio-economic aspects)
  • privacy and security in citizens’ digital communications, online platforms platforms, e-mail and instant messaging
  • usable privacy & security
  • privacy by design for and with populations who encounter obstacles participating in digital activities, e.g. because of cultural differences, physical, cognitive or mental impairement

Law, Regulation and Governance

  • regulatory regimes and instruments
  • governance institutions and regulatory bodies, formal or informal, soft law or hard law
  • complementarity and friction between data subject rights, security, and privacy-by-design
  • interactions, i.e. compliance, overlaps and conflicts in between data protection and other norms (e.g., NIS2 directive, GDPR, PSD2, upcoming ePrivacy regulation, draft AI act)
  • data justice, data fairness and equity
  • (digital) participation of data subjects in regulatory and governance institutions or bodies
  • fundamental rights and accountability in technology and data practices
  • data breaches, data retention and law enforcement


  • effects of technology on discrimination, social profiling, social exclusion, digital divides, digital dividends, data sovereignty, communities, societies and cultures
  • effects of legislative or regulatory initiatives on privacy or identity
  • effects concerning social accountability
  • effects of censorship and surveillance on free speech, assembly and democratic processes/participation

Metrics, Standards and Ethics

  • privacy and security evaluation, metrics, certifications, certification mechanisms, auditing experiences, standards, and seals
  • privacy protection and, in particular, confidentiality of communications by both traditional players/incumbents and over the top media services
  • regulatory regimes and instruments, including ethical frameworks

Training and Education for Privacy

  • awareness-raising, digital literacy and data (infrastructure) literacy – research ethics and approvals
  • social accountability
  • training and education methodologies

Socio-technical Perspectives on Privacy and Data Protection

  • awareness, attitudes, skills and behaviour of citizens and organisations (including SMEs) regarding data privacy, surveillance, and (cyber)security
  • approaches for diversity, non-discrimination and democratic enhancement
  • surveillance, surveillance pressures, chilling effects
  • critical perspectives on data practices
  • relation between privacy, public values and AI-based systems, and (global) consequences for policy and society
  • socio-cultural practices, perspectives and (dis)trust by users/employees regarding data-driven technologies and data capture and processing, in various spheres of life (health, smart cities, banking, media, education, law enforcement)
  • social care, community care, integrated care and opportunities as well as threats to individual and community privacy
  • data economy and ecosystems, new business models
  • trade-offs between participation in digital cultures and privacy aspects
  • historical development of privacy-friendly or harmful data practices

Why should I submit?

Accepted papers will receive thorough discussions during the School and provide students with an opportunity to be published in the IFIP AICT series by Springer. Students who present a paper can receive a course certificate.

Course certificates for 1,5 or in total 3 ECTS at PhD level can be issued by Karlstad University:

  • 1,5 ECTS will be awarded for participation in at least 80% of the program, and for the delivery of a 1000-words-essay on how own research is relevant in comparison with or can be inspired by the summer school sessions.

  • Additional 1,5 ECTS will be awarded to students who in addition to delivering a pre-event abstract of their own research article, pass a peer review of a full article based on feedback from the summer school that will be performed post-event.

We encourage submissions from students from emerging economies: it is possible to apply for support from the IFIP Digital Equity Fund to ease student travel.