Use these links to jump to the topic you’re interested in:




The Data Protection Pro’s Global Compliance Field Guide

It doesn’t matter if a global organisation builds skyscrapers, issues credit cards or produces fragrances: It must identify the privacy law applicable in each of its establishments across the globe. From a European perspective, criteria to be adopted are fairly straightforward in theory, while real scenarios are multifaceted and more complex. When deciding to go live, global organisations face similar issues for determining the privacy law applicable to their online strategies. The idea of a ‘one-size-fits-all’ solution remains a dream, especially in light of commonly shared services among group companies, national specificities on security measures and trans-border data flows. What is possible is finding an acceptable balance between total customisation of privacy programmes and leveraging on common benchmark solutions. A holistic approach coupled by early planning is essential to reduce compliance burdens. Join us to hear practical insights on revamping the approach toward privacy compliance at a global organisation.

Lothar Determann, Partner, Baker & McKenzie LLP
Laura Hamady, CIPP/US, Senior Corporate Counsel, Groupon

Handout 1, Handout 2, Handout 3, Handout 4, Handout 5, Handout 6, Handout 7, Handout 8, Handout 9

Mind the Gap: Bridging U.S. Cross-border E-discovery and EU Data Protection Obligations

The European Commission’s 2012 proposal for a General Data Protection Regulation is one of the most significant developments in global data protection and privacy law since the 1995 EU Data Protection Directive. Although the new regulation is not expected to come into effect before 2015, now is the time for vendors and multinational corporations to consider taking practical steps to ensure proper compliance. This includes understanding and planning for potential legal obligations of vendors as ‘processors’ under the proposed regulation. Join us to focus on the impact of the proposed regulation on pretrial e-discovery conducted in EU member states. For some time, the Article 29 Working Party and the Sedona Conference Working Group Six on International Electronic Information Management, Discovery and Disclosure have been engaged in a cooperative dialogue on a common solution to the conflict between U.S. pretrial e-discovery and EU data protection. This dialogue has contributed to the publication of The Sedona Conference International Principles on Discovery, Disclosure and Data Protection: Best Practices, Recommendations & Principles for Addressing the Preservation & Discovery of Protected Data in U.S. Litigation (European Union Edition), and we’ll examine the practical solutions proposed by these principles.

Monique H. Altheim, CIPP/US, CIPP/E, Attorney at Law, the Law Office of Monique Altheim
Matthew James Daley, CIPP/US, Partner, Daley & Fey LLP
Alexander Dix, Berlin Commissioner for Data Protection and Freedom of Information 

Pre-reading materials:

Presentation 1, Presentation 2, Presentation 3

Regulatory Harmony in Global Data Protection: Pipedream or Nightmare?

Keeping in mind the draft EU regulation, the Obama administration’s privacy framework and executive order on international regulatory harmonisation and streamlining, the Organisation for Economic Co-operation and Development guidelines and Asia-Pacific Economic Cooperation considerations, we’ll explore the objectives and parameters international business would find desirable and feasible in developing an operational set of international privacy and data protection standards. Is striving for, let alone achieving, a ‘unified field theory of privacy’ a pipedream or a nightmare, and who are the necessary players to get involved in the quest? Find out in this illuminating session.

Moderator: Florian Thoma, CIPP/US, CIPP/E, Chief Data Protection Officer, Siemens AG
Alan C. Raul
, Partner, Sidley Austin LLP
Isabelle Roux-Chenu, Group General Counsel, Capgemini

Presentation 1



Conversations in Privacy: The New European Regulation—Today, Tomorrow and Beyond

Join key stakeholders to discuss the status, practical impacts and challenges of the draft General Data Protection Regulation, which signals a major shift for individuals, industry and regulators in the way data protection will be handled in the future. It promises greater harmonisation and will strengthen individuals’ rights but will have a broader jurisdictional reach and will require more actions by organisations, with tough penalties. It will therefore be the focus of intense lobbying and negotiations in the next two years. Already, organisations are concerned about the consequences of a harsher regime, whereas the Article 29 Working Party has expressed the opinion that the proposed reform is not optimum. Several European DPAs and parliaments have officially expressed concerns that the draft regulation does not comply with the European principle of subsidiarity. The CNIL notably wrote that if the presiding authority is the one where the main headquarters of a company is located, national data protection authorities will merely ‘play a role of mailbox’. Hear the panel’s perspectives on the risk of a one-stop-shop and other highly debated concepts such as accountability, the right to be forgotten and the right to data portability. You’ll also learn the practical implications of new requirements such as mandatory data protection officers, data breach notifications and new rules on consent, and explore the main changes on notification regimes for ‘risky processing’, trans-border data flows and binding corporate rules.

Interviewer: Ariane Mole, Solicitor—Partner, Bird & Bird
Jan Philipp Albrecht, European Parliament
Bojana Bellamy, CIPP/E, Director of Data Privacy, Accenture
Isabelle Falque-Pierrotin, President, Commission Nationale de l'Informatique et des Libertes (CNIL)

Conversations in Privacy: Privacy in the Internet Age—Death or Rebirth?

Join us for an in-depth conversation comparing the arguments that privacy is dead with the actual movement toward privacy’s revival stemming from the proposed European regulations. We’ll explore how the diffusion of new technologies, social media and marketing applications has led to continuous claims that privacy no longer exists, contrasting those ideas with what the proposed regulation could mean—a potential revival of privacy through the refounding of the regulatory framework in the next few years and the reinvigoration of the debate amongst stakeholders now.

Interviewer: Rocco Panetta, Partner, Panetta & Associati
Giovanni Buttarelli, Deputy European Data Protection Supervisor, EDPS
Rafael Capurro, Professor of Philosophy and Director, International Center for Information Ethics
Daniel Nagel, Lawyer, BRP Renaud and Partners
Christian Pardieu, Counsel – Europe Privacy Leader and Government Affairs & Policy, General Electric

Conversations in Privacy: A Talk with Peter Hustinx

Peter Hustinx has been a driving force on the European data protection scene, first in the Netherlands as president of the Dutch Data Protection Authority, and later in Brussels as the European data protection supervisor. Hear his story in this special interview, and look at how the privacy world has evolved through his eyes.

Interviewer: Henriette Tielemans, Partner, Covington & Burling LLP
Peter Hustinx, European Data Protection Supervisor



Cultivating Data Protection in the Pharmaceutical Industry

Just like the financial services industry, pharmaceuticals is perhaps one of the industries where privacy matters most. In recent years, the pharma industry has been investing significantly in data protection compliance, but there is still a lot of work to do. During this session, you’ll hear privacy and data protection pros at well-known pharma players share the lessons they learned over the past years, what is on their plate at the moment and what challenges lie ahead of them.

Tom de Cordier, Counsel, Allen & Overy LLP
Daniela Fábián Masoch
, Global Head Data Privacy, Novartis
Willy Vanbuggenhout, Chief Privacy Officer, Johnson & Johnson

Electronic Health Records for Clinical Research: The EHR4CR Project

Electronic Health Records for Clinical Research (EHR4CR) is one of the most innovative clinical research projects in the world. Launched within the Innovative Medicine Initiative, the largest public-private partnership in Europe, initiated by the European Commission and the European Federation of Pharmaceutical Industries and Associations, it is run by a consortium of 35 partners, including 11 university hospitals and 11 pharmaceutical companies together with renowned research institutions and small IT companies from 7 European countries. The objective of the project is to create an exchange platform and business model for using data from electronic health records to test the feasibility of clinical study protocols, recruit patients into studies and integrate the collection and reporting of research data within the healthcare workflow. Join what’s sure to be a lively discussion on this intriguing project, the privacy issues introduced by it and the solutions put forward.

Roland Krause, TMF e.V., Berlin
Pierre-Yves Lastic
, R&D Data Privacy Officer, Sanofi

Presentation 1



Background Checks: Hiring the Perfect Employee without Breaking the Law

Employers use background checks to assess and verify the qualifications and qualities of applicants. Increasingly, employers retain specialised vendors to conduct background checks in order to supplement the information available from an applicant’s CV, references and interviews. However, employers must take care to follow all applicable laws when obtaining and using these reports. In many countries, an employer must notify an applicant prior to conducting background checks and may also need to obtain the individual’s consent. This session will review the types of information employers can, and commonly do, seek about applicants and how employers and the third party vendors engaged by them should go about collecting such information. The session will also discuss the potential liabilities associated with collecting other information, such as increased exposure to discrimination claims.

Ann Bevitt, Partner, Morrison & Foerster LLP
Carlos Garcia-Maurino, Senior Director Legal - Data Privacy, Oracle

Presentation 1

Tips for Creating Social Media Guidance that Works

The exponential growth of avenues for sharing user-generated content and the appetite to do so show no sign of diminishing. Join us to learn they key issues you should consider when deciding how social media is operated and regulated within your organisation. What guidance is staff given through policies and training? Are some activities more sensitive than others? What jurisdictional challenges have been encountered and overcome? Who owns information collected and shared via tools such as LinkedIn? You’ll learn about these issues and more as international business experts explore this hot-button topic in detail.

 Ruth Cullinane, CIPP/US, CIPP/E, EMEA Data Protection Officer, Dell
Sue Gold, Partner, Osborne Clarke
James Leaton Gray, Head of BBC Information Policy and Compliance, British Broadcasting Corporation

Presentation 1

Whistleblowing Hotlines—Good Corporate Governance

Whistleblowing hotlines promote good corporate governance and offer employees an easy way to report misconduct. At the same time, the implementation of such hotlines in European countries is challenging to corporate counsel due to the different privacy law requirements in different member states. Join our expert panel to explore the main differences you need to be aware of, and learn practical tips for ensuring a smooth implementation at your organization.

Moderator: Christian M. Runte, Partner, CMS Hasche Sigle
Daniel DiTomasso, Director of Internal Audit and Compliance Officer, Bruker Corporation
Dieuwke Visser, International Compliance Counsel, Randstad Holding nv

Presentation 1



Big Data Meets Data Protection: Let's Work It Out

Over the past few years, the volume of data collected and processed by businesses and public-sector organisations has exploded. This trend is driven by reduced costs of storing and transporting information in conjunction with increased capacity to instantly analyse vast troves of data. Big data will create enormous value for the economy, enabling innovation, productivity and growth. At the same time, societies’ embrace of big data's benefits must incorporate privacy considerations. Big data challenges some of the most fundamental principles of the existing privacy framework, including the definition of ‘personal data’, the principle of data minimisation and the concept of consent. Join us to address the legal and policy issues raised by big data, assess the effect of the draft EU regulation and propose an agenda for advancing the debate. We’ll also explore practical examples of how enterprise privacy programmes can address big data privacy implications.

Gwendal Le Grand, Head, IT Department, Commission Nationale de l'Informatique et des Libertes (CNIL)
Harriet P. Pearson, CIPP/US, Partner, Hogan Lovells US LLP
Omer Tene, Associate Professor, College of Management School of Law

Handout 1, Handout 2, Handout 3

Both Sides of the Coin: Practitioner and Regulator Perspectives on Profiling

Issue: The new EU data protection regulation introduces a significant new provision to limit the activity of ‘profiling’. This could significantly impact the world of big data and future business activities in the EU, and it could indirectly impede decision processes that benefit consumers. Join us to hear the perspectives of a practitioner and a regulator as they focus on 1) What does the proposed EU regulation mean by ‘profiling’? The term has at times been used interchangeably with terms like ‘analytics’, ‘data mining’ and ‘automated decision making’. How have others defined it? And 2) What are some real-world examples of profiling? What does profiling look like and how is it applied? How can it harm or benefit consumers? And, how can privacy professionals build in protections for this activity?

Moderator: John Kropf, CIPP/US, CIPP/G, Deputy Counsel for Privacy and Information Governance, Reed Elsevier
Billy Hawkes, Data Protection Commissioner, Ireland, Office of the Data Protection Commissioner
Sachiko Scheuing, CIPP/E, European Privacy Officer, Acxiom Corporation (CEDPO)

Handout 1, Presentation 1, Presentation 2

Multinationals Take On Mobile Privacy

Join leaders from major players in the mobile space to learn about key issues in the mobile landscape, including restrictions on collecting geo-location data, Privacy by Design in practice, developing a privacy policy, providing an effective opt-in/opt-out mechanism and consent and data collection issues.

Moderator: Lindsey Greig, Chief Executive Officer, DataGuidance
Tobias Bräutigam, CIPP/E, Senior Legal Counsel, Nokia
Jon Potter, President, Application Developers Alliance
Patrick Walshe, Director of Privacy, GSMA

Presentation 1



Clear Skies Ahead: Navigating Trends in Cloud Contracts

Join a leading customer of cloud services, a leading supplier of cloud services and a partner from an international law firm to explore how suppliers and customers are reaching agreement on privacy issues in the cloud and outsourcing contracts. You’ll learn the key issues in cloud contracts and debate those points, and hear examples of how such issues are often resolved.

Richard J. Cumbley, TMT Partner, London, Linklaters LLP
Rajee Sritharan, Chief Privacy Officer, Avanade—EALA Service Center
Helen Woollett, CIPP/E, CIPP/IT, Director, Global Head of Privacy, Barclays Group

Cloud Computing—2012 Policy Developments

Join us to learn key takeaways from the Article 29 Working Party opinion and CNIL cloud guidance. We’ll aim to answer some of the leading questions in this area, such as: When will a cloud provider be deemed a ‘data controller’, and does it matter? Will processor BCRs become the perfect solution for cloud providers? And, how is the debate on law enforcement access to cloud data, including the USA PATRIOT Act, affecting cross-border cloud services? Explore these questions and more in this timely session.

Thomas Dailey, VP and Deputy General Counsel, Global Internet Strategy, New Products and Programming, Verizon
Winston Maxwell
, Partner, Hogan Lovells
Christina Peters, IBM Corporate Chief Privacy Officer, IBM Corporation

Presentation 1, Presentation 2, Presentation 3

Strictly Speaking: Cookies, Consent and Compliance

The newly adopted Dutch cookie legislation looks to be one of the strictest implementations of the e-Privacy Directive: Prior explicit consent is required before cookies are placed or accessed. This implementation has raised numerous questions. Is it too strict? What types of cookies are excepted from the rule? How are other EU countries handling cookie consent? How can prior consent be obtained? And, what can be expected from Do Not Track? Join us for a keen discussion on the legal and technological possibilities and impossibilities of compliant cookie use in the EU.

Rob Van Eijk, Technologist and PhD Candidate, Leiden University Dual PhD Centre, The Hague
Frank Wagner, Senior Privacy Expert, Group Privacy, Deutsche Telekom AG
Wolter Wefers Bettink, Partner, Houthoff Buruma

Presentation 1



The DPO: A New Career Profile?

The recognition of the role of DPOs is a noticeable change brought by the proposed EU framework, which obliges enterprises employing more than 250 persons to designate a data protection officer. At first thought this might seem to be a burden, but is it? Learn about this key accountability factor and proposals to shape it and make it more attractive. Hear about operational issues such as appointment at EU and national levels, as well as contract termination. Bearing in mind that this obligation is already in practice in some EU countries such as Germany and France, this session will explore the experiences of DPOs in these countries, as well as the most recent developments in the Netherlands, and consider their adoption on the EU level.

Moderator: Markus Schröder, Kinast & Partner Attorneys at Law (Germany), External Data Protection Officers
Peter Hustinx, European Data Protection Supervisor
Gabriela Krader, Corporate Data Protection Officer, Deutsche Post DHL, Representative of Confederation of European Data Protection Organisations (CEDPO)
Mathias Moulin, Deputy Director of the Users Relations and Inspections, Commission Nationale de l'Informatique et des Libertes (CNIL)

Presentation 1

Privacy Powerhouses Face Off: A Draft Regulation Debate

In what’s sure to be a lively session, hear two prominent data protection experts—one from the European Parliament and another from the European Commission—debate the Draft General Data Protection Regulation. They’ll explore the main issues identified by the Parliament in the course of the revision of the draft regulation and how the commission proposes to alleviate these concerns. Topics will include the choice of a regulation over a directive, simplification, accountability, the right to be forgotten, the commission’s delegated powers, sanctions and enforcement. Plus, during a Q&A, you’re invited to share your own thoughts and questions with the panel and hear their insights on your concerns.

Alexander Alvaro, European Parliament
Paul Nemitz, Director, Fundamental Rights and Union Citizenship, European Commission, Directorate-General Justice
Tanguy Van Overstraeten, Linklaters Global Head of Privacy, Head of TMT/IP Brussels, Linklaters LLP 

Pre-reading material:

The State of the Art in Privacy Impact Assessment

Article 33 of the proposed General Data Protection Regulation would make privacy impact assessment (PIA) mandatory, a provision that could affect some hundreds of thousands of organisations in Europe. While the article gives an indication of what a PIA should contain—a general description of the envisaged processing operations, an assessment of the risks, the measures envisaged to address the risks, demonstrated compliance with the regulation, a requirement to seek the views of data subjects—confusion about the provisions remains. The European Commission has also funded a privacy impact assessment framework (PIAF) project, which finishes in September 2012 and offers guidance to organisations on how to best carry out a PIA and what benefits they can expect in doing so. This presentation reviews the implications of Article 33 and the key findings and recommendations from PIAF, and charts a course for PIA success in Europe.

Kasey Chappelle, CIPP/US, Global Privacy Counsel, Vodafone Group Services Limited
David Wright
, Managing Partner, Trilateral Research & Consulting 

Pre-reading material:

Presentation 1



Data Transfer from the Association of Southeast Asian Nations (ASEAN) to the European Economic Area (EEA)

To date, two countries have initiated ASEAN omnibus data protection legislation: Malaysia and the Philippines. Next in the pipeline are Singapore, Indonesia and Thailand. With this intriguing progress in mind, we’ll explore the different principles and approaches to data transfer from ASEAN to the EEA. Hear our expert speaker share insights on how the unique, hybrid and complex ASEAN business and data privacy culture form a backbone that should be cautiously appreciated. Given the strong bilateral ties and trades between the EEA and ASEAN, you’ll hear practical observations and insights on the present data transfer approaches in ASEAN that may govern data controllers and data processors. Plus, we’ll forecast potential risks that should be mitigated while such data transfer (import and export) takes place to the ASEAN contour.

Moderator: Fabrice Naftalski, CIPP/E, Partner/Attorney at law, Ernst & Young, société d'avocats
Noriswadi Ismail, Co-Founder / Managing Consultant, Quotient Consulting
Abu Bakar Munir, Faculty of Law, University of Malaya, Malaysia

Presentation 1

A Great Ascent: How to Summit from BCR Basecamp to Accountability and Global Interoperability

This session will review how BCRs can effectively demonstrate a large company’s capacity to implement effective data protection practices. And specifically, how BCRs may be linked with the globally recognised concept of accountability, how they compare to other initiatives and how a combination of tools can provide a solid base for fostering the global interoperability required to maintain compliance while preserving innovation and flexibility.

Moderator: Fabrice Naftalski, CIPP/E, Partner/Attorney at law, Ernst & Young, société d'avocats
Marie-Hélène Boulanger, Head of the Data Protection Unit, European Commission
Daniel Pradelles, CIPP/US, EMEA Privacy Officer, Hewlett-Packard Company
Florence Raynal, Head of International and European Services, Commission Nationale de l'Informatique et des Libertes (CNIL)

Multinational M&A and Asset Transactions: What You Need to Know before You Buy or Sell

In this four-part session, we’ll explore components of prospective investment, acquisition and divestiture analysis in multinational M&A and asset transactions. First, you’ll learn about the issues multinational organisations must consider as part of significant merger, acquisition or asset purchase activities when those activities implicate international issues. Before making an acquisition or divestiture, what data privacy and legal questions should be included in a responsible due diligence inquiry? International data privacy is a primary concern, but other implications include legal holds, international data transfers, choice-of-law analysis and employee data privacy. In part two, we’ll consider a holistic approach from different components of the organisation, addressing both parties to the considered transactions. In part three, you’ll participate in fact pattern exercises, identifying issues within each proposed transaction. And last, we’ll evaluate a transaction and determine, given the variables, whether the audience would support it, and why.

 Moderator: Fabrice Naftalski, CIPP/E, Partner/Attorney at law, Ernst & Young, société d'avocats
Ellis I. Parry, Global Lead - Data Privacy, BP International Ltd
James Arthur Sherer, CIPP/US
, Partner, Redgrave LLP
David Smith, Deputy Commissioner, Information Commissioner's Office (UK)

Presentation 1



Are Consumers Aware to Care? Privacy and the UK Consumer

Join us to explore consumer research on privacy concern and care, and general trends in this area. Specifically, we’ll look at consumer behaviour online, the failure of the privacy policy and informed consent, the impact of data breaches, the lack of enforcement and inadequate redress mechanisms. We’ll also outline what we’d like addressed in the proposed European regulation and beyond.

Moderator: Neil Matthews, Marketing Data Protection & Privacy Program Manager, Dell
Jamie Bartlett
, Director, Centre for the Analysis of Social Media, Demos
Georgina Nelson
, In-House Lawyer, Which?, the UK Consumers Association

Presentation 1

Decoding the Digital Natives: An Exploration of Children’s Attitudes toward Data Privacy

Using over four years of research by The i in online, a charity set up by Speechly Bircham LLP, seasoned data privacy experts will lead you through a highly visual presentation on the attitudes of children to data protection. You’ll gain important insight on the challenges faced in creating meaningful privacy policies and consent mechanisms when collecting children's data.

 Robert Bond, Partner, Speechly Bircham LLP
Andy Phippen
, Professor of Social Responsibility in IT, Plymouth University

Presentation 1



Accountability and the Evolving Intersection of EU, Canadian and U.S. Requirements

Explore and compare the key overlapping elements of the requirements suggested or imposed on firms through the binding corporate rules framework; the proposed EU regulations, including DPO role rules; the Canadian privacy management programme guidance; and the U.S. FTC privacy consent decree terms, including the Google and Facebook consent decrees. We’ll focus on privacy management programme elements found in all of these sources or in just one or two of them, as well as questions surrounding practical implementation for global organisations.

Geraldine Dersley, Lead Solicitor and Head of Legal Profession, Information Commissioner's Office (UK)
Michael C. Lamb, CIPP/US
, Chief Counsel, Privacy and Information Governance, Reed Elsevier
Jennifer Stoddart, Commissioner, Office of the Privacy Commissioner of Canada

Presentation 1

Accountability: A Relationship Killer or the Beginning of a Beautiful Friendship between Controllers and Processors?

The proposed EU General Data Protection Regulation provides for reinforced accountability of controllers and introduces a number of new obligations for processors. Join the corporate counsel for privacy and compliance at Iron Mountain to discuss how these proposed rules will impact the relationship between controllers and processors and what they will mean in the context of accountability. What will be expected of controllers and processors in the future? Explore the potential role of the accountability principle in international data transfers, and find out how BCRs for processors fit in with this concept.

Moderator: Monika Kuschewsky, CIPP/E, Partner, Van Bael & Bellis
Ulrika Marianne Dellrud
, Corporate Counsel, Privacy and Compliance, Iron Mountain Europe
Isabelle Vereecken
, Legal Advisor, Belgian Data Protection Authority

Presentation 1

Be Careful What You Wish For: Lessons Learned on Security Breach Response

The current status of having no general legal requirement for security breach notification in the EU is set to change, as the 2012 proposed regulation sets a high compliance obligation for data controllers to notify regulators and data subjects following a breach. As the breach notification regime is expanded, what can the EU learn from experiences in the U.S.? How will EU companies prepare for these new obligations? In looking at the U.S. regime, we’ll explore where legislation has had a clear and positive impact on data breach response and where poor drafting has created confusion and uncertainty.

Vivienne Artz, Managing Director, IP and O&T Law Group, Citigroup, Inc.
Paul Luehr
, Managing Director, Stroz Friedberg, LLC
Rohan Massey
, Partner, McDermott Will & Emery UK LLP

Presentation 1

Lights, Camera, Privacy, Action!

Spoiler alert: The strongest privacy and security assets you have are...your employees and consumers/users! In 2011, Warner Bros. won the HP-IAPP Innovation Award for their Put Yourself in the Picture awareness campaign—an employee-focused multimedia program that put privacy and information security in the U.S. and Europe at centre stage. The campaign used humorous short films, interactive comic books, a privacy-rich intranet resource site and effective ambient media to successfully raise awareness of common privacy and security risks. Since then, the organisation has even further built on this innovative campaign with engaging interactive training. In 2011, Google launched a consumer advertising campaign on media literacy in Europe, with ads appearing online, in print and outdoors. They were designed to be useful and appealing to consumers, using simple language to offer actionable advice for staying safe online. Additionally, Google is revamping the part of their website that explains security and privacy to users by making the language clearer and providing practical examples to illustrate complex topics. In doing so, they hope to empower users to make informed decisions about Internet use. Come hear firsthand insights and tips on how organisations today can develop and implement innovative, effective privacy awareness campaigns for employees and consumers.

Alisa Bergman, VP & Chief Privacy Officer, Warner Bros. Entertainment Inc
Marisa Jimenez, CIPP/US, CIPP/E
, European Privacy Policy Counsel, Google Inc.
Janine McKelvey
, Vice President, Legal and Business Affairs, Warner Bros. Entertainment Europe

Third-party Agents and the Democratisation of Data Protection

Learn about the role of private third parties in helping DPAs and the European Commission deploy effective and industry-relevant data protection schemes that incorporate the requirements of the proposed regulation surrounding privacy controls. We’ll explore how third-party agents can help democratise data protection compliance for all companies, not just the well-resourced ones.

Moderator: Florence Raynal, Head of International and European Services, Commission Nationale de l'Informatique et des Libertes (CNIL)
Jean Gonié
, Director of Privacy Policy, Microsoft EMEA
Saira Nayak, CIPP/US
, Director of Policy, TRUSTe

Presentation 1

Privacy Audits: How to Minimise Your Risk Exposure

Join us to hear several unique perspectives on privacy auditing, looking at the design, benefits and potential pitfalls of conducting your own audit and assessments program. We’ll explore what legislation to include in your criteria, using a risk-based approach when prioritising, creating data inventories and data flow mapping, building in flexibility and scalability, dealing with cross-jurisdictional variance, the potential impact of the proposed EU regulation on audit controls, how to ensure stakeholder engagement and ongoing reporting.

Richie Evans, Enterprise Risk Services, Deloitte & Touche LLP
William Long, Counsel, Sidley Austin LLP
Steve Wright, Chief Privacy Officer, Unilever

The Value and Economics of Personal Data and Privacy

We know that personal data and privacy is valuable—but how valuable is it in practice? Join a panel discussion on the value and economics of personal data and privacy from the perspective of a corporate law and a data protection regulator, with representatives from industry. We will reveal the secret value of personal data in an online environment, consider the intangible asset value of privacy and personal data in an M&A context and discover the value of personal data and privacy from a compliance perspective.

Moderator: Ashley Winton, Global Privacy Group, Chair, White & Case LLP
Rene Lamsfuss
, Vice President Market Governance & Data Strategy, Nielsen, the Nielsen Company
David Smith
, Deputy Commissioner, Information Commissioner's Office (UK)