Tuesday 30 November, 2010


08:30 – 08:55

Coffee and Registration

08:55 – 09:00

Introductory Remarks

By moderator for morning sessions:
Stanley Pignal , Brussels Correspondent, Financial Times

09:00 – 09:20

Keynote Presentation

Viviane Reding , Commissioner for Justice, Fundamental Rights and Citizenship, European Commission

09:20 – 09:40

Keynote Presentation

Jacob Kohnstamm , Chairman, Article 29 Data Protection Working Party

09:40 – 11:10

Session 1: Harmonising and simplifying the legislative maze

It is widely accepted that one of the major downfalls of the current EU data protection framework is the problems that it has had in introducing harmonization across member states - a factor that has arguably had a negative effect on competition and innovation. What can be done at an EU level to ensure consistent implementation of the data protection laws by member states, and the removal of the divergence currently seen with aspects such as the DPA notification systems? To what extent is there a need to take national differences into account when developing a harmonized European framework? As we move towards a globally networked society, to what extent do data protection laws in Europe need to be compatible with those in China, India, USA and elsewhere in the world?

Moderator: Stanley Pignal , Brussels Correspondent, Financial Times
Peter Hustinx , Supervisor, European Data Protection Supervisor
Mikael Hagström , President, EMEA and Asia Pacific SAS
Ilias Chantzos , Director EMEA & Asia Pacific Japan, Symantec
Michelle O'Neill , Deputy Under Secretary for International Trade, U.S Department of Commerce
Aurel Ciobanu-Dordea , Director - Fundamental Rights and Citizenship, European Commission

11:10 – 11:30

Morning Refreshments Break

11:30 – 13:00

Session 2: Data Breach Notification – time for mandatory notification requirements?

Data breach notification laws have often seen a high level of success where they have been introduced, encouraging organisations to take a multi-layered approach to security in order to both secure information and protect their reputations. Should the EU follow the lead of the US and introduce specific regulation on action to be taken when personal data is lost or stolen? If so, what are the regulatory options for implementing breach notification? What constitutes a security breach, and what would be a proportionate response? Should data breach notification laws be all encompassing, or should exceptions be in place depending on the sector, or the type, of data concerned? Should the state security sector also be covered?

Moderator: Laura Linkomies , Editor, Privacy Laws & Business
David Smith , Deputy Commissioner and Director of Data Protection, UK ICO
Udo Helmbrecht , Executive Director, ENISA (European Network and Information Security Agency)
Jim Halpert , Partner - Communications, E-Commerce and Privacy, DLA Piper
Steve Kenny , Head of EU Privacy, Ebay Inc

13:00 – 13:05

Session wrap-up and lunch welcome address

Joan Antokol , Managing Partner, Park Legal LLC


13:05 – 14:10


14:10 – 15:40

Session 3: Avoiding the security pit-falls - how can we ensure that data is kept secure in a society driven by technological change and globalisation?

With the migration towards new ICT concepts and services such as cloud computing and the internet of things, the legal and regulatory framework governing data protection and security needs to be flexible enough to evolve and move with it. What challenges and gaps to existing EU data protection legislation are being caused by technological advancements, and how can these be addressed? What specific data security implications are being raised by the introduction of cloud computing and how can we guarantee data integrity? How can the rights of citizens or businesses be safeguarded on globally connected networks and how can civil liberties, free speech and the internet be combined securely? What role can new principles such as Privacy by design and accountability play in ensuring that the regulatory framework is able to keep up with future technological advancements?

Moderator: Marc Tysebaert , General Advisor on Fundamental Rights, Federal Public Service Justice
Paolo Balboni , Executive Director, European Privacy Association
Sinisha Patkovic , Director BlackBerry Security, Research In Motion
David Hoffman , Global Privacy Officer, Director of Security Policy , Intel
John Vassallo , Vice President for EU Affairs , Microsoft
Gustav Kalbe , Deputy Head of Unit Trust and Security, European Commission

15:40 – 16:00

Refreshments Break

16:00 – 17:30

Session 4: Defining the boundaries – when should data be classed as ‘personal’?

European Data Protection law controls the processing of ‘personal data’ only, and as such, the definition of this phrase is a crucial step in ascertaining how wide the scope of regulation really is. Are current definitions still valid, and what should be considered as ‘personal data’ for the purposes of European legislation? Is there a need for more transparency in how personal data is defined? Should data always be considered as either personal or non-personal, or is there a need for a middle-ground? How should data collected by cookies be considered? What privacy and data protection issues are raised by specific services such as location based services and behavioural advertising, and how should these be dealt with? How can we ensure that users are provided with transparency and control over how their information is used online?

Moderator: Martin Abrams , Executive Director of the Center for Information Policy Leadership, Hunton & Williams LLP
Kostas Rossoglou , Legal Officer, BEUC
Thomas Boué , Manager, Government Affairs, EMEA, Business Software Alliance
Chris Sherwood , Director, Public Policy, Yahoo! Inc
Stavros Lambrinidis , Vice President, European Parliament

17:30 – 19:30

Networking Cocktail Reception

Kindly sponsored by Microsoft