The EU legal framework on personal data protection is key in an effort to better control the processing of personal data while ensuring an adequate level of protection. Even the best legislative efforts cannot keep up to speed with the pace of innovative technology and business models that challenge the way personal data is processed and privacy is protected across the EU and beyond; therefore, examining what is at stake and where threats thereto originate from becomes of paramount importance.

Against this background, RSAC™ Conference, ENISA, DG Connect, Goethe-University Frankfurt, and Karlstad University jointly organize the Annual Privacy Forum (APF) 2025 in Frankfurt a.M., Germany.

In APF 2025, we invite papers presenting original work on the themes of data protection and privacy and their repercussions on technology, business, government, law, society, policy and law enforcement. An inter-disciplinary approach is high in demand to contribute to bridging the gap between research, business models and policy, much like proposing new models and interpretations.

Submission can be made through Easychair at https://easychair.org/conferences/?conf=apf2025

APF 2025 seeks original contributions from researchers and academia, policy makers and implementers, data protection authorities, industry, consultants, NGOs, as well as civil society. Full research papers need to be genuine in content and should not overlap with work published elsewhere. Opinion papers are expected to reflect the views of the author(s). Submissions can be up to 8000 words, excluding bibliography and well-marked appendices. Both research and opinion papers should deal with one or more of the following topics:

• Data Protection by Design and by Default
• Real-world applications of privacy enhancing technologies
• State of the art in privacy and data protection engineering
• Data protection policies
• Real-world aspects and case studies of privacy management
• Privacy risk management and impact assessments (DPIA, FRIA, etc.)
• Data portability and standardization
• Transparency, intervenability, and unlikability
• Anonymisation and pseudonymisation techniques
• Trust management and accountability
• Consent management and data subject rights
• Economics of privacy and personal data
• Usability of privacy and security (nudging, dark patterns, etc.)
• Certification and auditing of data protection
• Personal data breaches
• Data intermediaries and data custodianship
• Concepts for self-sovereign identity management
• Implementation aspects of the GDPR and ePrivacy
• Aspects of privacy and data protection in the EU Data Strategy (Data Act, Data Governance Act, Digital Services Act, etc.)
• Aspects of privacy and data protection in current and upcoming European Union cybersecurity policy and law (NIS2, DORA, Cyber Resilience Act, etc.)
• EU Digital Identity Wallets and applications
• Data protection in artificial intelligence and federated learning
• Privacy in 5G+ and 6G networks
• Privacy in the Internet of Things
• Privacy and data protection in the metaverse
• Data protection for vulnerable groups (child protection, etc.)

Student Papers

In order to encourage participation of young researchers, the submission of papers by students is encouraged. These papers will be treated as thoroughly as full papers, but can be shorter (up to 4000 words, excluding bibliography and appendices) and reflect novel thinking that might not have been fully elaborated just yet.

Short Papers

In addition to student papers, short papers are also invited, as this call is open to anyone who has a sketch of an idea, an opinion, or a call for collaboration. Short papers should be up to 4000 words, excluding bibliography and well-marked appendices, and should not overlap with work published elsewhere.

Submission and Review Process

Submissions of original work are invited; papers must not overlap substantially with work already published or simultaneously submitted to a journal or another venue with published proceedings. Submissions must be drafted in English and need to comply with the Springer LNCS style guide. Within the submitted manuscript, authors are advised to note below the title whether their submission is a research/opinion paper, a student paper, or a short paper. 

APF allows the usage of AI-based systems for improving language and grammar issues, but not for content generation. Moreover, the use of AI tools has to be declared explicitly within in the submission.

All submissions will be thoroughly reviewed by our PC members. We aim at minimum 3 reviews per paper. Authors must submit their papers according to conditions and within the deadlines indicated below.

Publication

Proceedings will be published by Springer LNCS.

Further to APF 2024 Springer LNCS proceedings, selected papers will be invited to submit an extended version of the manuscript to a special issue of the Privacy Studies Journal, an interdisciplinary, open access, peer-reviewed journal. Additional information is available on the journal’s website at https://teol.ku.dk/privacy/privacy-studies-journal/. 

Please note that according to Springer LNCS rules, an extended version can be published in a journal when it includes at least 30% new material, it cites the original publication, and includes an explicit statement about the increment (e.g., new results, better description of materials, etc.).

The details for the submission to the Privacy Studies Journal and the review process will be communicated to the invited authors as part of the invitation.

Important Dates