Negotiating Successful BCR Programs for International Transfers

08 March 2006

DLA Piper Rudnick Gray Cary US LLP, Washington DC

Overview

Hot Privacy Issues for HR Managers in the European Union.

Host: DLA Piper Rudnick Gray Cary US LLP

 

Introduction to Privacy Laws & Business and the International Privacy Officers Network, and its involvement in Binding Corporate Rules and HR issues in the EU

Stewart Dresner, Chief Executive, Privacy Laws & Business, London

 

The options for transferring personal data from the European Economic Area to the USA and beyond when the Safe Harbor is insufficient

Alisa Bergman, Attorney and Partner, DLA Piper Rudnick Gray Cary US LLP, Washington DC 

Rosa Barcelo, Attorney, DLA, Brussels, and until recently at the Data Protection Unit, The European Commission, Brussels

  • EU model contracts
  • ICC alternative model contracts
  • Binding Corporate Rules

But…some differences between the EU Member States on Binding Corporate Rules

  • Compatibility of a BCR and national law, in principle
  • Legal status of a BCR scheme, in practice
  • Need for separate approval in some countries
  • Approval timetable
  • In practice, the likelihood of a country refusing a BCR application

 

EU Privacy Regulators' requirements for a successful Binding Corporate Rules strategy: the top 10 considerations

Christopher Millard, Partner, Linklaters, London

  1. Which regulator should you apply to?
  2. How much information do you need to provide?
  3. How do you make the BCRs binding on your group?
  4. How do you make the BCRs binding on your people?
  5. How do you bind subcontractors?
  6. How do you give effective rights to individuals?
  7. How do you demonstrate compliance?
  8. Do you need to submit to audits?
  9. How many regulators should you apply to at once?
  10. How long is this all going to take?

 

Turning your existing privacy compliance activities into an effective Binding Corporate Rules strategy: Accenture's experience

Bojana Bellamy, Global Data Privacy Compliance Lead, Accenture, London

  • obtaining management buy-in
  • adapting privacy policies and procedures
  • providing information to staff, contractors, clients / customers
  • using inter-company agreements and third party contracts
  • rolling out training
  • adapting audit procedures
  • managing relationships with regulators

 

Sharing of plans and experience by other companies on progress with their BCR applications

All Participants

  • Choice of lead country
  • Initial reaction
  • Issues needing to be clarified
  • Ease of dialogue and meeting of minds
  • Timetable

 

General Electric’s Binding Corporate Rules Program: Work in progress

Nuala O'Connor Kelly, Chief Privacy Leader & Senior Counsel, General Electric, Washington DC

  • Why BCRs?
  • Collaboration with Data Protection Authorities and their staff
  • Making the BCR "real" internally
  • Enforcing compliance going forward

 

Other hot issues in European Union countries involving the interaction of privacy and labor laws

Introduction: The EU Art. 29 Data Protection Working Party’s February 1st Opinion on how the EU’s data protection rules apply to company’s whistle blowing programs

Stewart Dresner, Chief Executive, Privacy Laws & Business, London

Whistle blowing lines: Sarbanes-Oxley vs. European Data Protection Laws

France

The CNIL’s rule making and its impact on McDonald’s
Leticia Limon, Counsel, Global Corporate Compliance and Privacy, McDonald's Corporation, Oak Brook, Illinois

How Kodak has kept out of trouble …. so far
Brian O’Connor, Chief Privacy Officer, Eastman Kodak, Rochester, New York

The BSN-Glasspack case
Stewart Dresner, Chief Executive, Privacy Laws & Business, London

United Kingdom

What whistle blowing problem? The Public Interest Disclosure Act 1998

 

How European privacy laws regulate employee surveillance with specific examples from three European countries

Cameron Craig, Solicitor and Partner, DLA Piper Rudnick Gray Cary UK LLP, Sheffield, United Kingdom

  • E-mail
  • Internet
  • Closed circuit television

 

How to deal with European works councils and better manage privacy conflicts

Anne Coles, Consultant, Privacy Laws & Business

  • European Works Councils (EWCs)
    • What they are and how they arise
    • What employers are required to do
    • What information employers are required to disclose
  • Implementation in the UK
  • European Data Protection and Privacy Laws – potential conflicts with disclosure requirements of EWCs
  • Works Councils in Germany
    • The Wal-Mart litigation
    • Practical steps you can take to reduce conflicts between labour law and data protection

 

Next steps for DLA and the International Privacy Officers Network

Alisa Bergman, Attorney and Partner, DLA Piper Rudnick Gray Cary US LLP, Washington DC
Stewart Dresner, Chief Executive, Privacy Laws & Business, London