APF 2026 Logo

Annual Privacy Forum 2026

9-10 September 2026 | Salzburg, Austria

Call for Papers

Theme: Ten Years of GDPR – Engineering the Future

Ten years after the adoption of the General Data Protection Regulation (GDPR), this EU legal framework together with the technical developments remains the global point of reference for empowering individuals and ensuring a high-level of protection in terms of privacy. However, the challenges of the next decade look very different from the last. Rapid advances in artificial intelligence, data-driven business models and governmental practices, and complex digital services are testing the limits of established privacy norms in Europe and beyond. APF 2026 invites the community to contribute to the understanding of what is at stake, where new threats originate, and how law, technology, and practice can be integrated to address current and imminent challenges.

Against this background, RSAC™ Conference, the University of Salzburg, and Goethe University Frankfurt jointly organize the Annual Privacy Forum (APF) 2026 in Salzburg, Austria.

For the APF 2026, we invite papers presenting original work on the themes of data protection and privacy and their repercussions on technology, business, government, law, society, policy and law enforcement. An interdisciplinary approach is highly encouraged to contribute to bridging the gap between research, business models and policy.

Submit via EasyChair

Important Dates

  • Abstract submission: April 1st, 2026 (23:59 AoE)
  • Submission of full papers: April 10th, 2026 (23:59 AoE)
  • Notification to authors: May 22nd, 2026
  • Camera-ready copies: June 12th, 2026
  • Conference Dates: September 9-10, 2026

Topics of Interest

Topics of interest particularly include:

Law, Policy, and Strategy

  • Ten Years of GDPR: Enforcement challenges and future reform
  • Privacy and data protection in the EU Data Strategy (Data Act, DGA, DSA) and the AI Act
  • Data intermediaries and data custodianship
  • Economics of privacy and personal data
  • Data protection policies, certification, and auditing

Engineering and Technology

  • State of the art in privacy and data protection engineering
  • Data Protection by Design and by Default
  • Anonymisation and pseudonymisation techniques
  • Real-world applications of privacy-enhancing technologies (PETs)
  • Privacy in Generative AI, LLMs, and Federated Learning
  • Privacy in IoT and mobile networks (5G, 6G, and beyond)
  • EU Digital Identity Wallets and applications
  • Empirical assessment of privacy technologies and architectures under real-world regulatory constraints

Society, Users, and Ethics

  • Human factors of privacy and security (usability, nudging, dark patterns, etc.)
  • Consent management and data subject rights
  • Transparency, intervenability, and unlinkability
  • Trust management and accountability
  • Data protection for vulnerable groups

Implementations and Case Studies

  • Real-world aspects or case studies of privacy management
  • Privacy risk management and impact assessments (DPIA, FRIA, etc.)
  • Real-world implementations of innovative “by design” technologies
  • Personal data breaches

Paper Categories

APF 2026 seeks original contributions from researchers and academia, policy makers and implementers, data protection authorities, industry, consultants, NGOs, as well as civil society. All papers need to be genuine in content and should not overlap with work published elsewhere.

Full Papers

Up to 8,000 words*.

Research or Opinion Papers. Full research papers need to be genuine in content and should not overlap with work published elsewhere. Opinion papers are expected to reflect the views of the author(s).

Student Papers

Up to 4,000 words*.

In order to encourage participation of young researchers, the submission of student papers is particularly encouraged. These papers will be treated as thoroughly as full papers, but can be shorter (up to 4000 words, excluding bibliography and appendices) and reflect novel thinking that might not have been fully elaborated just yet.

Short Papers

Up to 4,000 words*.

In addition to student papers, short papers are also invited, as this call is open to anyone who has a sketch of an idea, an opinion, or a call for collaboration.

* Word limits exclude bibliography and well-marked appendices.

Submission & Review Process

Submissions of original work are invited; papers must not overlap substantially with work already published or simultaneously submitted to a journal or another venue with published proceedings. Submissions must be drafted in English and need to comply with the Springer LNCS style guide. Within the submitted manuscript, authors are advised to note below the title whether their submission is a research/opinion paper, a student paper, or a short paper.

Note on AI: APF allows the usage of AI-based systems for improving language and grammar issues, but not for content generation. The use of AI tools must be declared explicitly within the submission.

All submissions will be thoroughly reviewed by our PC members. We aim for a minimum of 3 reviews per paper (except in cases of clear desk rejection).

Authors must submit their papers according to the conditions and within the deadlines indicated above

Publication

Proceedings will be published by Springer LNCS.

Further to APF 2026 Springer LNCS proceedings, selected papers will be invited to submit an extended version of the manuscript to a special issue of the Privacy Studies Journal.

Note: An extended version can be published in a journal when it includes at least 30% new material, cites the original publication, and includes an explicit statement about the increment.

The details for the submission to the Privacy Studies Journal and the review process will be communicated to the invited authors as part of the invitation.