Quantum technologies and data protection – conference
On Thursday, June 12, an international conference entitled “Quantum Technologies: threats, challenges, and opportunities for cybersecurity and data protection” was held in Krakow, organised by the Personal Data Protection Office and Jagiellonian University.
The event hosts and participants aimed to present the basic principles of quantum technologies and the legal framework within which these solutions can be safely applied while respecting the principles of data protection and privacy.
Mirosław Wróblewski, President of the Personal Data Protection Office, opened the conference by raising concerns about data protection in connection with the development of quantum technologies, as well as fears about cybersecurity issues, particularly in the context of data encryption. He also pointed out the positive aspects that the development of this technology may bring. “As with other breakthrough technologies, the development of quantum technologies brings a lot of hope and opportunities,” Mirosław Wróblewski noted. He added that the conference is an opportunity to engage in a broad discussion on the development of legislation in the field of quantum technologies.
Prof. Konrad Banaszek, director of the Centre for Quantum Optical Technologies at the University of Warsaw, said in his inaugural speech: "The world will not end tomorrow because of quantum technologies. This world will change in the coming years. This story is just beginning, and it is currently difficult to assess what impact the development of quantum technologies will have on cybersecurity." He noted that there are many uncertainties, if only because there is still no quantum computer and many of the efforts being made today in this area of technology may be abandoned due to unforeseen technical difficulties.
Technical approaches. From quantum computers to cryptography
During the first panel session, “Technical Approaches: From Quantum Computers to Cryptography,” speakers focused on the issue of quantum computers breaking cryptographic security. Participants emphasised the need to educate specialists who understand this technology. They also highlighted the huge investment required to develop this technology.
The issues discussed were presented from both an economic and geopolitical security perspective. The panelists highlighted the opportunities in this “arms race” as well as the need to develop post-quantum software that will respond to the threats posed by the computing power of quantum computers used to break security measures.
Policy and strategy. Quantum technology: from strategy and digital sovereignty to the Quantum Act
After an in-depth discussion of technical issues related to quantum technology and its practical application in modern computer science, participants in the next panel, “Policy and Strategy: Quantum Technology: From Strategy and Digital Sovereignty to Quantum Act,” considered the possibility of legal regulation.
The discussion covered the ecosystem and development strategy for quantum technologies and identified the main opportunities, challenges, and threats associated with the development of quantum technologies, particularly in the context of privacy protection. Participants considered the directions for the development of the quantum technology ecosystem in the European Union, including the importance of quantum technology for ensuring digital independence and sovereignty. They also discussed the directions for work on a European quantum strategy.
The panellists had different approaches to the details of defining the framework or strategy for the development of quantum technologies. They expressed concerns about whether legal restrictions would negatively impact the development of the technology.
“It is dangerous to regulate the technology itself. Its use should be regulated,” argued Anna Blechova from Masaryk University.
The issue of regulating quantum technologies has been compared to the implementation of the AI Act.
Efraín Fandiño López, Ph.D. from Université Paris Cité pointed out that when the first version of this legislation was implemented, most members of the European Parliament did not understand the issues related to artificial intelligence. Therefore, it is too early for regulations on quantum technologies, but a strategy that would outline the direction of development could be considered.
Gen. (retired) Włodzimierz Nowak pointed out that there is currently no structured approach to quantum computers. However, countries should classify threats and prepare plans for the future, as well as switch from old to new encryption before quantum computers are developed.
Quantum technology and GDPR
Participants in the third panel, entitled “Quantum Technology and GDPR,” focused on the links between quantum technologies and data protection and privacy regulations. Issues concerning the role of law in the development of quantum technologies, technological neutrality, and data protection standards in the context of quantum technologies were discussed from various perspectives. The discussion also touched upon the development of skills and talents, and the improvement of training and educational measures to create a new generation of specialists in the field of quantum technologies.
Participants in this part of the conference agreed that the GDPR is a good example of legislation. The Regulation contains certain principles that can also be applied to quantum computing, and from the point of view of personal data protection regulations in the context of the development of quantum technologies, no new regulations are needed.
The development of quantum and post-quantum cryptography
In the final, summary section, the speakers considered the further development of quantum and post-quantum cryptography. Participants discussed the challenges associated with the security of classical encryption algorithms, the use of post-quantum cryptography in digital identity wallets and blockchain. They also considered the potential of combining artificial intelligence with quantum computing and the direction of change set by the National Institute of Standards and Technology (NIST) and the European Union Agency for Cybersecurity (ENISA).
In his summary of the conference, Rafał Prabucki, Ph.D., a member of the Social Team of Experts by the President of the Personal Data Protection Office, stated that we must start discussing now how to prepare for changes related to post-quantum and quantum cryptography. He added that in four years' time, we need to see what has changed and whether we have managed to achieve our goals.
We encourage you to watch the video report from the event available below.