As every year, the 28th of January marks International Data Protection Day in Europe and around the world.
The CNPD puts sustainable digital technology at the heart of its annual conference
On the 28th of January 2026, the National Commission for Data Protection (CNPD) organised a conference on the interrelated challenges of sustainable digital technology, data protection and responsible innovation. At the opening of the conference, CNPD Chair Tine A. Larsen emphasised the importance of integrating sustainability principles into digital strategies while preserving fundamental rights and public trust. Ms Larsen also highlighted the role of data protection authorities in supporting structural choices in favour of sovereign digital technology, capable of supporting the ability of European states and citizens to retain control over their data.
The first session of the morning clarified the outlines of sustainable digital technology and presented its international and European foundations. Başak Bağlayan, an expert in responsible business conduct and Secretary-General of the OECD National Contact Point, explained how the OECD Guidelines orient multinational companies towards responsible use of data. She was followed by Anne Calteux, Head of the European Commission Representation in Luxembourg, who gave an overview of the current situation and the agenda for European sustainable development objectives. She highlighted the consistency of European ambitions in terms of data and sustainability through the Omnibus I amending the Corporate Sustainability Reporting Directive (CSRD) and the Corporate Sustainability Due Diligence Directive (CSDDD), and the Digital Omnibus amending the Data Governance Act, the Data Act and the AI Act.
The second session then focused on the possible convergences between sustainable digital technology, sovereignty, privacy protection and technological innovations such as the cloud and artificial intelligence. Presentations by Jean-François Terminaux (Proximus Luxembourg SA), Sébastien Genesca (Post Telecom Luxembourg – DEEP), Arnaud David (AWS) and Sylvain Kubler (University of Luxembourg – SnT) highlighted the technical, regulatory and energy challenges associated with designing more energy-efficient digital solutions. Moderated by Cédrine Morlière, advisor to the CNPD College, the discussions showed that data protection, security, sovereignty and sustainability can be mutually reinforcing when stakeholders are aware of the legal and technical choices to be made when designing data storage and processing infrastructures.
The third session explored new opportunities offered by the responsible use of personal data for sustainable development. Gil Georges, from the Ministry of Mobility and Public Works, presented the work of the Mobility Observatory, while Sébastien Faye, from the Luxembourg Institute of Science and Technology (LIST), illustrated how research can support more effective public policies. Isabelle Naegelen, from the Environment Agency, and Bert Verdonck, CEO of the Luxembourg National Data Service (LNDS), showed how data can contribute to a better understanding of environmental dynamics and the implementation of sustainable strategies, in strict compliance with the legal framework. The session was moderated by Victor Bojko, European and International Relations Officer at the CNPD.
In closing, Laurence Ponchaut, a certified expert with the National Institute for Sustainable Development and Corporate Social Responsibility (INDR), emphasised that the transition to sustainable digital technology requires exemplary data governance based on transparency, accountability and collective commitment.
Priorities for AI and quantum computing
During the ‘Data Privacy Day’, organised by the Restena Foundation and the Digital Learning Hub, Alain Herrmann, Commissioner at the CNPD, presented an in-depth analysis of the challenges posed by the rapid rise of artificial intelligence and the emergence of quantum technologies for data protection. Entitled ‘Main points of attention for data protection in the era of AI boom and emergence of quantum technologies’, his presentation framed these technological developments within a demanding regulatory framework, where the protection of fundamental rights remains imperative.
Mr Herrmann highlighted the main data protection issues in the era of advanced artificial intelligence and the emergence of quantum technologies. He pointed out that the AI Act and the GDPR are based on different but complementary approaches, and that organisations must now navigate both regulatory frameworks simultaneously. This coexistence creates new governance challenges, particularly in terms of consistently defining roles, responsibilities and accountability chains.
He also emphasised that the risks associated with AI go beyond simple legal compliance. European authorities are already observing systemic risks, such as the reproduction of social inequalities or varying performance depending on cultural and linguistic contexts. Inference capabilities, the unintentional memorisation of data in models and the risks of re-identification further complicate the assessment of risks under the GDPR.
The presentation also emphasized the need for integrated compliance approaches, avoiding fragmentation between the AI Act and the GDPR, for example by using the DPIA as a central documentation and assessment tool. Finally, Mr Herrmann called for action to be taken now to anticipate the challenges that quantum technologies will pose to cryptographic security and the long-term confidentiality of sensitive data, particularly through the risk of ‘store now, decrypt later’.
He concluded by reiterating that AI and quantum technologies do not pose a threat to data protection, but rather a real stress test, making trust and robust digital governance more essential than ever.
The origins of the Data Protection Day
In 2006, the Committee of Ministers of the Council of Europe decided to designate the 28th of January as International Data Protection Day. This day is now celebrated all over the world. It marks the anniversary of the opening for signature of the Convention for the Protection of Individuals with regard to Automatic Processing of Personal Data on 28 January 1981.
The aim of the International Data Protection Day is to raise awareness of the challenges of data protection and privacy, and to inform people of their rights and how they can exercise them. It responds to the growing challenges of an increasingly globalised and digitised world to build a space for the free transfer of data while preserving the human right to privacy and data protection.