The proceedings contain 18 papers. The special focus in this conference is on Privacy and Identity Management. The topics include: Privacy patterns for pseudonymity; Implementing GDPR in the charity sector: A case study; me and my robot - sharing information with a new friend; chowniot: Enhancing IoT privacy by automated handling of ownership change; is privacy controllable?; assessing theories for research on personal data transparency; data protection by design for cross-border electronic identification: does the eidas interoperability framework need to be modernised?; risk profiling by law enforcement agencies in the big data era: Is there a need for transparency?; sharing is caring, a boundary object approach to mapping and discussing personal data processing; who you gonna call when there’s something wrong in your processing? risk assessment and data breach notifications in practice; design and security assessment of usable multi-factor authentication and single sign-on solutions for mobile applications: a workshop experience report; towards empowering the human for privacy online; trust and distrust: on sense and nonsense in big data; GDPR transparency requirements and data privacy vocabularies; wider research applications of dynamic consent; glycos: The basis for a peer-to-peer, private online social network.