Agenda

Tuesday 17 September, 2013

Morning

08:30 – 09:00

Welcome Coffee & Registration

09:00 – 10:35

Opening Presentations and High-Level Round-Table Discussion

Moderator: Christopher Kuner , Senior Of Counsel, Wilson Sonsini Goodrich & Rosati, Brussels

09:00 – 09:25

Keynote Presentation

Paulius Griciūnas , Vice-minister of Justice, Republic of Lithuania

09:25 – 09:40

Keynote Presentation

Julie Brill , Commissioner, Federal Trade Commission, US Government

09:40 – 09:55

Keynote Presentation

Jacob Kohnstamm , Chairman, Article 29 Working Party

09:55 – 10:35

Discussion with this morning's speakers

To be joined by Thomas Zerdick, Head of Sector, "Data Protection Reform", European Commission

10:35 – 11:00

Morning Coffee & Refreshments

11:00 – 12:20

Session 1 - What will the new data protection rules mean for the future shape of the European digital landscape?

As it becomes increasingly clearer what shape the revised data protection rules might take, it is necessary to fully examine what long-term impact they may have for the broad range of industries and enterprises affected by the rules, and also for the European citizens whose right to privacy forms the backbone of the regulation.

• Will the revised data protection rules strike the right balance between protecting the privacy of citizens and stimulating growth and encouraging innovation for businesses?
• Is the concept and definition of ‘personal data’ correct, or does there need to be more clarification?
• How will the proposed reforms work in practice when considering methods of obtaining consent for processing of pseudonymised data, and to what extent does this represent an effective method of reducing businesses' obligations under the new regulation?
• How do the new proposals deal with aspects such as ‘explicit consent’ and ‘legitimate interests’, and what will this mean for the circumstances under which personal data can be legitimately processed?
• The Commission intends that the regulation will act as single, future-proof set of rules, but is there enough in-built flexibility to adapt to technological advances, and how will the reforms affect innovation in the tech-industry (for example App development)?
• With many web services based on business models utilising internet data as ‘currency’, what effect will the new framework have on these businesses, and for citizens who use these services? What changes might these consumers have to adapt to when the rules come into force?
• Ultimately – How best to ensure a balance between a regulatory framework that supports the digital economy, whilst at the same time delivering a transparent landscape that gives citizens control over their own personal data and recognizes that these business models depend on consumer trust?



Moderator: Magnus Franklin , Journalist, MLex

Dimitrios Droutsas MEP , European Parliament
Nuria Rodriguez , Senior Policy Advisor, BEUC
Pat Walshe , Director of Privacy, GSMA
Joan Antokol , Managing Partner, Park Legal LLC
Chris Sherwood , Head of Public Policy , Allegro Group (on behalf of Industry Coalition for Data Protection)

12:20 – 12:45

Keynote Presentation and Discussion

Jan-Philipp Albrecht , Rapporteur, General Data Protection Regulation

12:45 – 13:45

Lunch Break

Afternoon

13:45 – 15:05

Session 2 - How can industry and governments prepare for the practical implementation of the reforms?

On current timetables the revised data protection rules are expected to be adopted in 2014, with a two year implementation phase before they become fully operational in 2016. If adopted as a regulation the rules will form a single consistent policy across 28 member states, and with this comes a new set of obligations and responsibilities which all players must adequately prepare for.

• How will the new rules work in practice for industry? What areas of the regulation will have the biggest administrative impact for businesses, and how can efficiency measures be built into the new rules?
• How will the reforms impact SME’s in particular, and will provisions be made to take into account their smaller budgets?
• What new obligations will exist for member state Data Protection Authorities, and are claims from some authorities that the proposals focus too much on set processes, and not on a “risk-based” approach justified?
• With the Commission’s proposal for mandatory fines of 2% of global turnover already rejected by the Parliaments industry committee, what should be an appropriate response to data security breaches, and how can a harmonized response from the responsible DPA’s be ensured?



Moderator: Patrick van Eecke , Partner, DLA Piper

Paul Nemitz , Director - Fundamental Rights and Citizenship, DG JUST, European Commission
Christopher Graham , Information Commissioner, UK Information Commissioner
Jonathan Weeks , Director, Legal Affairs EMEA, Intel
Daniel Pradelles , EMEA Privacy Officer, HP
Jean Gonié , Director of Privacy Policy, EMEA, Microsoft

15:05 – 15:30

Afternoon Coffee & Refreshments

15:30 – 17:10

Session 3 - How best to ensure the interoperability of the new EU rules with privacy frameworks worldwide?

On releasing the proposal for the Data Protection reforms, the European Commission acknowledged that the rules must balance consumer privacy with the need for an efficient system of cross-border data flow. Yet third countries, and particularly the US, continue to raise concerns about how this will work in practice.

• Will global trade and commerce be stalled by the potentially inhibitive processes required to transfer date overseas, opening up the possibility of diplomatic “trade-wars”?
• What privacy frameworks are can be found in the emerging economies? As access to the digital market becomes common-place throughout the world, how many privacy frameworks will eventually exist, and is harmonization between these achievable?
• Permission to transfer personal data under the EU regulation currently relies on the ‘Adequacy Principle’, whereby a third country must demonstrate that the appropriate safeguards are in place for the protection of this data. Will gaining an adequacy ruling under the new regulation prove to be prohibitively difficult?
• As both industry and policymakers strive to realise the potential of Cloud Computing in Europe, how best to ensure that the development of these services is not inhibited due to a lack of clarity in relation to the rules concerning cross border data flows.
• Although the European Commission offers strong support to the forming of ‘Binding Corporate Rules’, does the proposed regulation actually inhibit their adoption?


Moderator: Terry McQuay , President, NYMITY

15:30 – 15:40

Presentation

Daniel A. Sepulveda , Deputy Assistant Secretary, Bureau of Economic and Business Affairs, US Department of State

15:40 – 15:50

Presentation

15:50 – 16:00

Presentation

Gulshan Rai , Director General, Indian Computer Emergency Response Team (ICERT), Ministry of Electronics and Information Technology

16:00 – 17:10

Panel Discussion

Giovanni Buttarelli , Assistant Supervisor , European Data Protection Supervisor
Thomas Boué , Director, Government Affairs, EMEA, BSA | The Software Alliance
Anna Fielder , Trustee and Chair, Privacy International
Gulshan Rai , Director General, Indian Computer Emergency Response Team (ICERT), Ministry of Electronics and Information Technology
Daniel A. Sepulveda , Deputy Assistant Secretary, Bureau of Economic and Business Affairs, US Department of State

17:10 – 17:30

Closing Keynote Presentation

Viviane Reding , Vice-President and Commissioner for Justice, Fundamental Rights and Citizenship, European Commission