For this event, we were fortunate enough to work closely with the event sponsor City of London Corporation to puton an EU Committee Panel Debate, featuring key figures such as BrunoGencarelli, European Commission, Steve Woods, ICO, Vivienne Artz, Refinitiv and Christian D’Cunha, EDPS. The audience featured over 45 business and state representatives, who were all eager to hear what the panellist’s views were on such an important issue.
With an increasing number of states adopting GDPR, or a similar form of compliance (133 states have nowpassed data protection laws), it is key that the UK maintains its high dataprotection standards. This can help ensure that an adequacy deal is reached relatively quickly with the EU following its departure from the union. Furthermore, the UK would not only be adequate with the EU, but also with other major economies such as Japan. With many states around the world aiming to implement a data protection agreement alongside a trade deal, high standards of data protection are going to be vital when it comes to any bilateral trade agreements that the UK may be negotiating in the future. In addition, as GDPR has been in place for almost a year, the population has begun to adjust and itwould be a major step backwards if the UK was to implement a weaker dataprotection law.
One of the main discussion points during the event was surrounding the barriers to passing the adequacy agreement. If the UK maintains the same level of adequacy post-exit, would it not be possible to have a near immediate adequacy agreement? If not, what are the barriers? The result from this particular issue was clarified as the discussion covered certain issues surrounding the adequacy decision such as thein depth assessment that the EU must complete in order to be able to make a decision. A clear example of this is Japan, where it took 6 months for an adequacy decision to be reached. In addition, the data discussions and decision was completed alongside trade negotiations, which is something that wouldlikely be done with the UK discusses its future relationship with the EU.
A second major discussion point was relating to Standard Contractual Clauses (SCCs). An SCC is a safeguard on data, that must comply with GDPR, which is transferred from the EU, to outsideof the EEA. This contract helps protect data that has been moved outside of the EEA. There are many issues surrounding SCCs as many are unsure what type of SCC’s are required post-Brexit. There was a clear point made during this area of discussion, which was that there is a clear belief that stakeholder input isextremely important when it comes to the development of SCCs and how they canbe improved further, and how to ensure the correct SCC is used and completed accurately following the UK’s withdrawal from the EU.
Finally, the ‘One-Stop-Shop’ system is extremely valuable for EU businesses as it allows businesses to operate with one regulatory authority. With Brexit looming, there is the possibility of UK businesses no longer being able to ‘stop’ in EU countries andvice-versa. This makes cross-border data processing much more problematic as more regulatory authorities will need to monitor the data movement. However, both the EU and UK have indicated that in a deal scenario, One-Stop-Shop hasthe potential to continue.
Chief Privacy Officer | Refinitiv
Vivienne is the Chief Privacy Officer of Refinitiv (formed from the Financial and Risk business of Thomson Reuters) since November 2017, based in London, leading the global Privacy Team and overseeing global privacy strategy and practice. Previously, Vivienne was a Managing Director and Global Head of Privacy Legal and Head of International for the Intellectual Property and Technology Law Group at Citi in the General Counsel’s Office in London. Prior to joining Citi in 2000, Vivienne worked in private practice in London. Vivienne chairs the International Regulatory Strategy Group Data Working Group and is on the Board of Directors of the International Association of Privacy Professionals (IAPP), having previously served on IAPP European Advisory Board and been co-chair of the IAPP Knowledge Net for the UK. Until recently, Vivienne was the chair of the AFME Data Protection Working Group, and participated in the UK Finance Data Protection Working Group. Vivienne is also on the Business and Law Advisory Board of St Mary’s University in the UK. Vivienne is the current President of Women in Banking and Finance, having been awarded the “Champion for Women” Award at the Women in Banking and Finance Awards for Achievement 2016. Vivienne has many years of experience leading a broad range of diversity initiatives and groups both within firms and across sectors.
Deputy Commissioner | Information Commissioner's Office
Steve took up the position of Deputy Commissioner – Policy in June 2017. He is responsible for leading the work of the Policy Directorate, ensuring delivery of ICO strategic goals through stakeholder liaison, guidance, research, international activity and technology policy. Prior to this appointment, Steve was Head of International Strategy and Intelligence, responsible for overseeing the ICO’s international strategy, the ICO’s intelligence hub and management of high profile cases. During 2016 Steve was Acting Deputy Commissioner. His previous ICO roles have included Head of Policy Delivery and Assistant Commissioner for FOI policy. Before joining the ICO Steve was a Senior Lecturer in Information Management at Liverpool John Moores University.
Head Of Unit, International Data Flows and Protection, DG JUST | European Commission
Mr Gencarelli heads the International data flows and protection Unit at the European Commission (DG Justice and Consumers). In the past years, he led the Commission's work in the area of data protection, as regards both new legislation and international negotiations. He notably headed the Commission's delegation in the interinstitutional negotiations with the European Parliament and the Council that resulted in the adoption of the EU data protection reform ("General Data Protection Regulation" and "Law Enforcement Directive"). He was also one of the lead negotiators of the EU-US Privacy Shield and "Umbrella Agreement". He recently negotiated the mutual adequacy arrangement with Japan. Mr Gencarelli previously served as a member of the European Commission's Legal Service and as an assistant (référendaire) to a judge at the European Court of Justice after having practiced law in the private sector. He holds degrees in law and political science, and teaches EU Competition Law at Sciences Po Paris. He is the author of numerous publications on EU law.
Head of the Private Office of Giovanni Buttarelli - EDPS | European Commission
Christian is the Head of the Private Office of the European Data Protection Supervisor. He advises the EDPS and Assistant EDPS on legal and policy developments in the EU as well as providing support on strategic planning and communications. He has led the EDPS project on strengthening the links between the enforcement of privacy, competition and consumer law in the digital economy and society, including the setting up the Digital Clearinghouse to bring together regulators to discuss cross-cutting issues like big data mergers and unfair terms, pricing and discrimination online. He has been responsible for EDPS opinions on a range of issues, including digital ethics and the reform of the data protection framework. Previously in the European Commission, Christian drafted and negotiated the EU’s first internal security strategy and carried out the evaluation and the review of the data retention directive. Before moving to Brussels in 2008, Christian advised the Lord Chief Justice of England and Wales on senior judicial appointments, succession planning and constitutional reform matters. In the UK Ministry of Justice, he was project manager of the implementation of a new system for handing complaints and disciplinary matters in the judiciary. Prior to this, for several years he was private secretary to the Chairman of the Labour Party and to the Leader of the House of Lords.