Dataharvest 2026 - the European Investigative Journalism Conference

If you’re new to digital security, this hands-on session serves as a starting point to level up your security game. We aim at introducing the basics of digital security in an easy-to-understand and interactive way.
The session will start with a fun check of your current security habits and will be tailored to the participants’ needs based on their answers. We will give an overview of the most common online threats and share practical and easy-to-implement tips to improve both your personal and your team’s level of security. We will focus on how to harden your devices (both phones and computers) and secure your accounts, as well as how to encrypt confidential data.
After this session, you will have a better understanding of how to communicate and carry out investigations securely. You will leave with the knowledge and tools to protect your data, devices, and accounts.

Whether it’s a human source or a data set – if you want to get something out of it, you have to engage with it. The closer you look into the data or the closer you interact with a protagonist, the higher the chances for a good story. But what happens if boundaries blur? How close is too close?

What helps if you realize an investigation (or a tiny piece of information) is emotionally overwhelming? How can you shield yourself from unbearable content or heartbreaking narratives? How can you set professional boundaries if protagonists show abusive or simply inappropriate behaviour? How can you end work-relationships with protagonists after a story is done, even though they try to keep in touch constantly, or you feel responsible for them? How can you avoid getting sucked in by data sets, forgetting about day and night, regular office hours, and ignoring warning signs of your body?

Psychotherapist Friederike Engst and journalist Malte Werner of the German “Helpline” for journalists will guide you with their combined expertise through the session, in which you can ask your own questions, exchange ideas, and learn from each other.

Leaks remain a  powerful source of investigations, but they are becoming harder to handle, authenticate, and secure in an era of mass leaks, AI-generated forgeries, surveillance, and legal pressure on newsrooms.

This hands-on session offers a practical, step-by-step methodology for journalists working with data leaks today, from first contact with a source to post-publication decisions. Based on real investigative cases and newsroom practices, the session focuses on decision-making, security, verification, and workflow, rather than theory.

The session walks participants through the full lifecycle of a data leak, using concrete examples and tools:

- How to evaluate a leak: source motivations, credibility, red flags, and public-interest tests
- How to decide whether to investigate (or walk away) without wasting newsroom resources
- How to verify authenticity in an era of AI-generated documents and manipulated leaks
- How to protect sources, data, and journalists throughout the investigation
- How to make smart editorial, ethical, and legal decisions under pressure
- What to do with data after publication (retain, restrict, destroy, or share)

If you have been through the Digital Hygiene session at Dataharvest, or are otherwise already aware of the baseline of digital security, you are now ready to advance to the next level.

In this session, we will dive deep into threat modelling as well as the tools and tactics to know about if your investigations involve a high degree of risk to your sources, your collaborators, or yourself.

The goal of the session is that you are able to make informed choices by assessing digital risks specific to an investigation and selecting the appropriate systems and strategies to manage them consistently.

Calling all tech‑savvy reporters, newsroom technologists, digital‑security and IT staff, emerging‑threat analysts, and forensic investigators to connect, share recent trends, and swap practical solutions from the field in this casual Dataharvest meetup. Bring a brief update on your (newsroom’s) biggest security challenges or a tool/technique that’s helped your work. Conversations will focus on real‑world risks, incident response, and collaboration opportunities. Ideal for anyone responsible for team security, sensitive reporting, or infrastructure who wants to build peer relationships and leave with actionable ideas.

Are you working on cross-border investigations that lead you to physically cross a border? Are you crossing borders with devices that hold information on your sources? Do you know what data is stored on your phone and how it could be accessed at a border? If this is you and you want to find out how best to protect yourself, then this session is for you!

Your devices hold a significant amount of information on you and your sources. At a border, this data could be accessed, copied and stored, putting you and others at risk. Join us for this 75-minute session, organised by ACOS Alliance, where you will be given clear, practical guidance to help you navigate the uncertainty around securing your data at the border. 

Receiving a noteworthy tip is an achievement in itself, but it's almost never the end of the story. Where does your Signal application live? How can you safely share and store leaked documents? Oh, and what if they are -- gasp --malware? This is where the concept of OPSEC (Operational Security) comes into play.

However, discussing OPSEC practices can sometimes feel too detached from the reality of a working journalist. In this session, we will strive to make things more grounded. We'll conduct a live simulation of a leak throughout its lifecycle. We'll discuss OPSEC in practice and demonstrate how to use:- a hardened phone and PC OS (GrapheneOS / QubesOS), and- some lesser-known security and privacy tools (e.g., Dangerzone, Orbot, BlinkComparison)
Finally, we'll go beyond mere tool usage and share tips and lessons learned from past OPSEC failures and wins.

This is an intermediate session on the subject of security hygiene. We don't assume any background in engineering or security, and it should be approachable to anyone familiar with some basic concepts (encryption, anonymity, threat modeling) and tools (Signal, Tor), which we will use as the foundation for the rest of the demonstration.