Day 3 – Wednesday 5th July 2017

Privacy Laws & Business 30th Annual International Conference

Promoting Privacy with Innovation

3-5 July 2017, St. John’s College, Cambridge

[Click on the speaker's name for their biography]
[Click on the title of the session for the slides where available]
[Please note the Audio links work best through the browser Chrome]

08.00-13.00 Registration

Parallel Session 1 Parallel Session 2
Chair: Giovanni Buttarelli, European Data Protection Supervisor Chair: Laura Linkomies, Editor, Privacy Laws & Business Reports

09.00 The revision of the EU e-Privacy Directive Play Audio
Pal Vaczi, Senior Privacy Lawyer, BT, UK

• Background and reasons for the review of the ePrivacy Directive

• Proposal for an ePrivacy Regulation: Overview and key changes

• Comments and concerns from stakeholders

• What next?

09.00 Data Protection management software platform for DPOs to manage operational compliance Play Audio
Kevin Shepherdson, CEO, Straits Interactive, Singapore

• After 3 years of R&D and development, we will demonstrate a privacy operational compliance platform in Europe for the first time, specifically for data protection officers to manage privacy in multiple jurisdictions (in the context of Asian data privacy laws) while ensuring compatibility with the upcoming GDPR.  The innovation is in how the platform is aligned to the roles and responsibilities of the data protection officer. It approaches privacy from an information lifecycle perspective with the objective of demonstrating accountability.

• We will share how it is possible to combine traditional consultancy or compliance efforts with software-as-a-service beyond the standard self-assessment checklists.

09.45 Promoting Innovation in Health Insurance; Protecting the Privacy of Individuals Play Audio
Henry Velásquez Yanez, EU-International Privacy Officer & Compliance Manager, CIGNA, Spain
Philip Woolfson, Partner, Steptoe, Belgium

• Win-win solutions drawing on best practice from the global health benefits and insurance sector. 

• We will address the data protection challenges in modernising these segments and highlight noteworthy examples.

09.45 Ireland as a jurisdiction for data protection litigation Play Audio
Paul Lavery, Partner, McCann FitzGerald, Dublin, Ireland

• An overview of the evolution of data protection litigation in Ireland, which has included a number of landmark cases.

• Ireland is likely to be of increasing significance under the GDPR since the Irish Data Protection Commissioner will be the Lead Supervisory Authority of many multinational companies under the GDPR. Insights from cases handled by this and other law firms.

10.30 Coffee

11.00 Fintech online identification: Solutions and challenges
Play Audio
Iván Nabalón, CEO, Electronic IDentification, Spain
Javier Fernández-Samaniego, Managing Director, Samaniego Law, Spain

  • Ivan's slides
  • Javier's slides
  • Distant digital on-boarding and the responsibilities for financial services businesses in relation to “Know Your Client” - client identification and anti-money laundering checks - both of these involve remote identification

  • How to balance these processes which are necessary to protect the business

  • The individual’s right to privacy and the growing desire for increased control over access to and use of their data

  • Other privacy issues faced by traditional banks and transforming fintech firms, for example, cloud service providers, data portability, and cybersecurity

  • The creation of a Europe-wide FinTech sandbox which addresses some of the privacy issues

11.40 DIY privacy, Privacy by Design and accountability
Play Audio
Tina Maisonneuve, Global Privacy Counsel, Glaxo Smith Kline, UK
Nigel Parker, Partner, Allen & Overy, UK

  • It is an interactive session based around a fictional consumer healthcare product.

  • The audience vote on choices for the design of the product, which highlights privacy issues with the product (covering most of the data protection principles) and encourages thinking about what privacy by design can mean in practice in product development.

  • The session involves live voting on design choices, in a socratic-style, to ensure audience participation and dialogue.

12.20 Adapting the GDPR’s Information Governance and DP Officer requirements to your company
Play Audio
Tom Widgery, Head of Privacy, SVB Financial Group, Santa Clara, US
Chair: Valerie Taylor, Consultant, Privacy Laws & Business

  • How GDPR’s Information Governance and DPO articles will impact your life – from a US perspective

  • Program structure and development

  • Responses to Subject Access Requests,

  • Right to be forgotten from a practical standpoint

13.00 Lunch

Parallel Session 1: Innovation and Identity - Play Audio Parallel Session 2: Risk Methodology - Play Audio
Chair: Dr John Selby, Lecturer, Department of Accounting and Corporate Governance, Macquarie University, Sydney, Australia Chair: Stewart Dresner, Chief Executive, Privacy Laws & Business, UK

14.00 New identity ‘solutions’: The questions everyone should ask
Paul Simmonds, CEO, The Global Identity Foundation


14.00 How privacy engineering helps minimise privacy risk and enables the wider use of personal data
Jason McFall, Chief Technology Officer, Privitar, UK

• What is Privacy Engineering?

• How can Privacy Engineering be used?

• Case study of a user of Privitar in financial services.

• A discussion on the extent to which the Data Protection Act and other related laws can be interpreted as anonymising personal data using different levels of k-anonymity represented by Privitar software.

14.45 Interactive Identity Workshop

Can you balance privacy, primacy, risk and liability and still deliver viable business solutions?

• The workshop will have a series of simple "problems" for small teams to work on so that people understand and apply the key learnings



14.45 Heat maps and hard stats: Using risk methodology to manage privacy
Carolyn Robson, Etihad Aviation Group, Abu Dhabi, United Arab Emirates

• The Etihad Aviation Group is comprised of 17 companies across the globe, with around 27,000 employees. In order to keep a centralised account of the group’s privacy risk profile (and to achieve buy-in for the privacy programme) we measure privacy issues using standardised risks, rated using methodology borrowed from our enterprise risk team, and tracked using e-governance software. In this way we are able to keep a centralised understanding of our privacy exposure and measure our effectiveness at reducing our risk across the group.

15.30 Discussion 15.30 Discussion


16.00 Close and Tea

Day 1: Monday 3rd July
Day 2: Tuesday 4th July
Click here for PDF programme of all three days
Annual Conference details