Agenda

Morning

09:00 – 12:30

Session 1: Assessing the progress of the European Data Protection Regulation - on track for completion?

Despite the European Parliament’s approval of its text, concerns remain, particularly from the business community, around issues such as the proposed increase in maximum fines and the reinforcement of the need to obtain explicit consent before processing personal data. Similarly, expressions of concern on issues such as the one stop shop principle and the practicality and consumer friendliness of this system have also raised questions as to the suitability of the proposals.

This session will review:

• What can be done to overcome the remaining obstacles to the completion of the reforms, for instance disagreement over the one stop shop principle, and opposition to the increased maximum penalties?
• What is the expected timeframe for completion, and subsequent implementation, of the reforms?
• To what extent should the reforms, and associated penalties, be applicable to public sector organisations on the same terms as private businesses?
• How should national DPAs best work together to ensure a consistent and harmonised level of enforcement across Europe?

09:00 – 10:20

Part 1: Keynote Speeches

High-level political speakers will present an overview of progress of the data protection reforms so far and what remains to be done.


Věra Jourová, Commissioner for Justice, Consumers and Gender Equality, European Commission
Jekaterina Macuka, Head of the Division of Policy Development and Religion Affairs, Sectoral Policy Department, Ministry of Justice, Latvia
Jan Albrecht MEP, Rapporteur on General Data Protection Regulation, European Parliament
Kelly Welsh, General Counsel, United States Department of Commerce

10:20 – 10:50

Refreshment Break

10:50 – 12:30

Part 2: Panel debate

Panellists drawn from a number of the stakeholder groups who stand to be affected most by the proposed reforms will continue discussions started during the keynote speeches, addressing the key issues remaining and the challenges ahead.

Moderator: Paul Adamson, Chairman, Forum Europe

Kostas Rossoglou, Senior Legal Officer, BEUC
Chris Sherwood, Head of Public Policy, Allegro Group
Cameron Kerry, Senior Counsel, Sidley Austin LLP
Karen Thomson, Head of Strategic Information Governance, NHS England

Afternoon

12:30 – 13:30

Networking Lunch

13:30 – 15:00

Session 2: The future of data privacy in Europe - have we got our privacy concepts and principles right?

Data undoubtedly presents a huge economic opportunity for EU and international companies, but the challenge lies in taking advantage of this opportunity whilst respecting legitimate concerns over privacy and data protection. The European Court of Justice underlined its view of the fundamental right to privacy through landmark rulings in April 2014, invalidating the Data Retention Directive, and the 'right to be forgotten' case in May. Alongside this, our notions of privacy and the purposes for which our personal data is used, and what we find acceptable are constantly evolving. This session will take stock of current thinking on data protection and privacy and look practically at how, over both the long and short term, businesses and the public sector will have to build in privacy by design. It will assess whether the regulation will indeed be future proof and, using case studies, how the implementation of the regulation will play out.

• Are the European reforms ‘future-proof’ against future technological developments? Will the new regulations be adequate to guarantee personal privacy in a future in which billions of devices will be connected to the internet and constantly collecting data, and in which our notions of privacy will undoubtedly continue to develop?
• Following the invalidation of the Data Retention Directive, and the UK’s subsequent separate legislation clarifying the legal position of companies, what kind of precedent does this set for other countries wanting to ensure this data is retained for national security and crime prevention purposes?
• In light of the ‘right to be forgotten’ case, how can Europe, going forward, strike the right balance between privacy and freedom of expression and access to information online? Is there a risk that societal concepts of privacy are being framed for us too rigidly by policymakers?
• As the implementation stage of the Data Protection Regulation approaches, companies and governmental bodies have to start thinking about preparing for practical changes. Given uncertainty at this stage in the legislative process, what strategies should companies develop for adopting the necessary changes?
• How can companies use a culture of privacy within their business models to create a competitive advantage, especially as consumers become increasingly aware of data protection issues?

Moderator: Frances Robinson, EU Correspondent, Wall Street Journal/Dow Jones

Thomas Zerdick, Deputy Head of Unit, Data Protection, DG Justice, European Commission
Thomas Boué, Director, Government Affairs, EMEA, BSA | The Software Alliance
Marie-Charlotte Roques Bonnet, Director for EMEA Privacy Policy, Microsoft
Jens Jeppesen, Director, European Affairs, Center for Democracy and Technology (CDT)
Luca De Matteis, Justice Counsellor, Permanent Representation of Italy to the EU

15:00 – 15:30

Refreshment Break

15:30 – 15:45

Keynote Speech

Viviane Reding MEP, Member, International Trade Committee, European Parliament

15:45 – 17:15

Session 3: International interoperability – balancing privacy and international data flows

Trade in data is a lucrative global industry, and one that continues to grow at an exponential rate. Policymakers are tasked with the job of encouraging this growth, whilst ensuring that appropriate safeguards are in place to protect citizens' data on an international scale, requiring international cooperation. The European Regulation's jurisdiction extends to all companies operating in Europe and processing European data, regardless of the company's country of origin, posing new and considerable challenges to European data protection authorities and Europe’s global competitors and partners. Following the NSA revelations in 2013, in some parts of Europe there were doubts over the future of the Safe Harbour scheme, leading to closer assessment and review by the European Commission. Elsewhere in the world, data transfers between Europe and important international partners, for example India or China, are made difficult as their data protection laws are not considered adequate by the EU.

In this session, panellists will address the following questions:

• Is a European, localised system of data transfer and data centres the right direction to be moving in?
• How is the EU interacting with third countries through bilateral data protection programmes and what potential is there for Safe Harbour-like schemes to be rolled out to other countries or regions? Could international Codes of Conduct provide an alternative to top-down regulations?
• Could more support be given to third countries to encourage the development of harmonised data protection standards as a way of stimulating new, mutually beneficial trade opportunities?
• How will data protection concerns play out in the context of international trade agreements, especially following calls by the new European Commission president to include data protection rules in the TTIP negotiations?
• In the case of demonstrable non-compliance with EU law by a non-EU company, what powers do member state data protection authorities have, in theory and in practice, to deal with this?

Moderator: Terry McQuay, President, Nymity

Ted Dean, Deputy Assistant Secretary for Services, United States Department of Commerce
Rupert Schlegelmilch, Director, Services and Investment, Intellectual Property and Public Procurement, DG Trade, European Commission
Yuki Yokomori, Deputy Director, International Policy Division, Ministry of Internal Affairs and Communications, Japan
Daniel Pradelles, EMEA Privacy Officer, HP

17:15 – 18:00

Cocktail Reception