08.30-17.30 Registration in the Fisher Building
09.00 The Madrid Resolution on International standards on the protection of personal data and privacy: Next steps
Professor Artemi Rallo Lombarte, President, Data Protection Agency, Spain
Parallel 1 – International Standards
Chair: James Michael, Legal Editor, Privacy Laws & Business Newsletters, UK
09.30 The case for the US Safe Harbor program
Damon Greer, Director, US-EU & Swiss Safe Harbor Frameworks, Department of Commerce, Washington DC, USA (TBC)
09.50 The Future of the EU/US Safe Harbor Privacy Framework: Can it be improved or does it require a complete overhaul?
Chris Connolly, Director, privacy consulting firm, Galexia, and Board member, Privacy Foundation, Australia
10.10 Discussion on the prospects for the Madrid Resolution and views of the ‘adequacy’ of the US Safe Harbor from outside the USA
Parallel 2 - Governance
Chair: Bridget Treacy, Partner, Hunton & Williams, London, UK
09.30 The role of the Data Protection Officer in creating a data governance strategy
Speakers from Yahoo and other companies, TBC
- Information as a Key Business Asset
- Developing a Strategic Plan for Information Governance
- Revisiting the Role of the DPO
10.30 Coffee SPONSORED BY DENTON WILDE SAPTE (WWW.DENTONWILDESAPTE.COM)
Parallel 1 - Binding Corporate Rules
Chair: Richard Cumbley, Partner, Linklaters, London
11.00 Easier implementation of Binding Corporate Rules after eBay’s and other recent successes
Michael Lee, Global Privacy Manager, eBay, USA
Tom De Cordier, Senior Associate, Allen & Overy, Brussels, Belgium
11.25 Lessons for implementing Binding Corporate Rules from the approval of JP Morgan Chase’s programme
Melanie Shillito, Executive Director, Europe Middle East Africa Privacy & Compliance Services Group, JP Morgan, London, UK
- How BCRs, and JPMC's approach to them, has evolved over the last 5 years
- Key stakeholder management considerations
- Practical approaches to implementing BCRs and making them binding
- What to expect from the DPA approval process
11.50 Recent developments on Binding Corporate Rules
Florence Raynal, Head, European and International Affairs, CNIL (Data Protection Authority), France
12.15 Binding Safe Processor Rules
A set of legally binding internal rules, like Binding Corporate Rules, to be adopted globally and to be approved by European Data Protection Authorities
Eduardo Ustaran, Partner, Field Fisher Waterhouse, London, UK
- Is BCR for data processors viable?
- What should be the content of the BSPR
- Benefits of BSPR
- How to obtain "safe processor" status
- An alternative to the new model clauses
12.40 Discussion on improving Binding Corporate Rules procedures, the prospects for Binding Safe Processor Rules, and European Union model contracts
Parallel 2 - Online
Chair: Laura Linkomies, Editor, Privacy Laws & Business Newsletters, UK
11.00 Online Behavioural Advertising: An overview of recent developments
Karin Retzer, Attorney, Morrison & Foerster, Brussels, Belgium
11.20 Personal information online: UK Commissioner's new code means less confusion and more good practice?
Iain Bourne, Head of Data Protection Projects, Information Commissioner’s Office, UK
11.40 Tackling online behavioural advertising and the social networking sites
Chantal Bernier, Assistant Commissioner, Federal Privacy Commissioner, Canada
12.00 A perspective from the European Data Protection Supervisor
Dr. Rosa Barcelo, Legal Advisor, European Data Protection Supervisor, Brussels, Belgium
12.20 Comments from a company perspective
Peter Fleischer, Global Privacy Counsel, Google, France
12.30 Comments from an Italian lawyer
Daniele Vecchi, Attorney, Gianni, Origone, Grippo & Partners, Milan
12.35 Discussion
13.00 Lunch
14.00 How to defend your data security policies to the privacy regulators in the United States
Peter McLaughlin, Senior Counsel, Foley & Lardner LLP, Boston, USA
- Overview of recent data security rules in the US
- Practical tips for implementing these rules
- Special considerations for entities outside the US holding data covered by the US rules
14.20
The practical steps an organisation needs to take and the interface between data protection law and information systems
Valerie Taylor, Consultant, Privacy Laws & Business
Alan Calder, Chief Executive, IT Governance, Ely, UK
14.50 Privacy in the age of the cloud. Which law applies? Who will apply it?
Ruth Boardman, Partner, Bird & Bird, London (Chair)
Peter Fleischer, Global Privacy Counsel, Google
Florence Raynal, Head, European and International Affairs, CNIL (Data Protection Authority), France
Germany’s new rules on international processor agreements
Dr. Jürgen Hartung, Partner, Oppenhoff & Partner, Cologne, Germany
- What is the applicable law in case of an international data processing relationship, i.e. (i) what law does apply to the requirements of a data processor agreement and (ii) what law is applicable to the commissioned data processing itself? The German data protection authorities have issued some interesting views on this.
- What are the new requirements for German data processor agreements, i.e. (i) new model contracts to be used and (ii) in particular the obligation of the data controller to carry out upfront controls whether technical organisation or measures taken by the data processor are sufficient? This currently is causing a huge headache in Germany and an area were in particular service provider should be creative in presenting a manageable solution like certificates etc.). What do these requirements mean for new developments like cloud computing?
- How many agreements are required for international data processor agreements with unsafe countries? German data protection authorities have issued a paper listing a number of possible cases and suggested some solutions. What are the solutions in case of sub-contractors in the EU or in third countries?
- How does all this change or at least become easier by the new EU controller-processor Model Clauses the EU Commission announced this week?
15.45 Tea SPONSORED BY DENTON WILDE SAPTE (
WWW.DENTONWILDESAPTE.COM)
16.15 Prospects for reform of the EU Data Protection Directive
Peter Hustinx, European Data Protection Supervisor, Brussels
- The current context: challenges and opportunities for reform
- How the Lisbon Treaty helps in facing up to a digital world
- Seven conditions for more effective data protection in practice
- Which impact will the proposals for reform have online?
- Prospects for more adequate global or transatlantic privacy
16.45 Comments
Professor Artemi Rallo Lombarte, President, Data Protection Agency, Spain and Deputy Chair, Art 29 EU Data Protection Working Party
Christopher Graham, Information Commissioner, UK
17.00 Discussion
17.45 Close
18.15 Punting on the River Cam or St John's College 17th Century Library Tour
18.30 Drinks SPONSORED BY LINKLATERS (WWW.LINKLATERS.COM) and Punting SPONSORED BY MORRISON & FOERSTER (WWW.MOFO.COM)
19.30 Dinner
Day 1: Monday 5th July
Day 3: Wednesday 7th July
Annual Conference details