Negotiating Successful BCR Programs for International Transfers
08 March 2006
DLA Piper Rudnick Gray Cary US LLP, Washington DC
Overview
Hot Privacy Issues for HR Managers in the European Union.
Host: DLA Piper Rudnick Gray Cary US LLP
Introduction to Privacy Laws & Business and the International Privacy Officers Network, and its involvement in Binding Corporate Rules and HR issues in the EU
Stewart Dresner, Chief Executive, Privacy Laws & Business, London
The options for transferring personal data from the European Economic Area to the USA and beyond when the Safe Harbor is insufficient
Alisa Bergman, Attorney and Partner, DLA Piper Rudnick Gray Cary US LLP, Washington DC
Rosa Barcelo, Attorney, DLA, Brussels, and until recently at the Data Protection Unit, The European Commission, Brussels
- EU model contracts
- ICC alternative model contracts
- Binding Corporate Rules
But…some differences between the EU Member States on Binding Corporate Rules
- Compatibility of a BCR and national law, in principle
- Legal status of a BCR scheme, in practice
- Need for separate approval in some countries
- Approval timetable
- In practice, the likelihood of a country refusing a BCR application
EU Privacy Regulators' requirements for a successful Binding Corporate Rules strategy: the top 10 considerations
Christopher Millard, Partner, Linklaters, London
- Which regulator should you apply to?
- How much information do you need to provide?
- How do you make the BCRs binding on your group?
- How do you make the BCRs binding on your people?
- How do you bind subcontractors?
- How do you give effective rights to individuals?
- How do you demonstrate compliance?
- Do you need to submit to audits?
- How many regulators should you apply to at once?
- How long is this all going to take?
Turning your existing privacy compliance activities into an effective Binding Corporate Rules strategy: Accenture's experience
Bojana Bellamy, Global Data Privacy Compliance Lead, Accenture, London
- obtaining management buy-in
- adapting privacy policies and procedures
- providing information to staff, contractors, clients / customers
- using inter-company agreements and third party contracts
- rolling out training
- adapting audit procedures
- managing relationships with regulators
Sharing of plans and experience by other companies on progress with their BCR applications
All Participants
- Choice of lead country
- Initial reaction
- Issues needing to be clarified
- Ease of dialogue and meeting of minds
- Timetable
General Electric’s Binding Corporate Rules Program: Work in progress
Nuala O'Connor Kelly, Chief Privacy Leader & Senior Counsel, General Electric, Washington DC
- Why BCRs?
- Collaboration with Data Protection Authorities and their staff
- Making the BCR "real" internally
- Enforcing compliance going forward
Other hot issues in European Union countries involving the interaction of privacy and labor laws
Introduction: The EU Art. 29 Data Protection Working Party’s February 1st Opinion on how the EU’s data protection rules apply to company’s whistle blowing programs
Stewart Dresner, Chief Executive, Privacy Laws & Business, London
Whistle blowing lines: Sarbanes-Oxley vs. European Data Protection Laws
France
The CNIL’s rule making and its impact on McDonald’s
Leticia Limon, Counsel, Global Corporate Compliance and Privacy, McDonald's Corporation, Oak Brook, Illinois
How Kodak has kept out of trouble …. so far
Brian O’Connor, Chief Privacy Officer, Eastman Kodak, Rochester, New York
The BSN-Glasspack case
Stewart Dresner, Chief Executive, Privacy Laws & Business, London
United Kingdom
What whistle blowing problem? The Public Interest Disclosure Act 1998
How European privacy laws regulate employee surveillance with specific examples from three European countries
Cameron Craig, Solicitor and Partner, DLA Piper Rudnick Gray Cary UK LLP, Sheffield, United Kingdom
- Internet
- Closed circuit television
How to deal with European works councils and better manage privacy conflicts
Anne Coles, Consultant, Privacy Laws & Business
- European Works Councils (EWCs)
- What they are and how they arise
- What employers are required to do
- What information employers are required to disclose
- Implementation in the UK
- European Data Protection and Privacy Laws – potential conflicts with disclosure requirements of EWCs
- Works Councils in Germany
- The Wal-Mart litigation
- Practical steps you can take to reduce conflicts between labour law and data protection
Next steps for DLA and the International Privacy Officers Network
Alisa Bergman, Attorney and Partner, DLA Piper Rudnick Gray Cary US LLP, Washington DC
Stewart Dresner, Chief Executive, Privacy Laws & Business, London