Visiting the last six years and looking at the future of data protection in Brazil and around the world

Bojana Bellamy, President, CIPL

Laura Schertel, Lawyer, Professor and Director of CEDIS-IDP

Danilo Doneda, Lawyer, Professor and Director of CEDIS-IDP

9:50 am Keynote – ANPD regulatory agenda and priorities

Waldemar Gonçalves Ortunho Junior, Chief Executive Officer, ANPD

10:10 Keynote – British and global perspectives on data protection

Elizabeth Denham, UK Commissioner and Chair of the Global Privacy Assembly

Results-oriented regulation: cooperative engagement, effective oversight and smart execution

“Results-oriented regulation” involves making difficult but essential choices about strategies and priorities that are focused on the best outcomes for individuals, society and the economy. To operate effectively, Data Protection Authorities (DPAs) need to prioritize and make strategic decisions, taking into account the areas of data processing that pose the greatest risks to individuals. This is an ongoing journey and a challenge for both new DPAs (like ANPD), who are still struggling to set up their operations, and well-established DPAs.

Moderator: Richard Thomas, CIPL Advisor and Former UK Information Commissioner

Provocateurs:

Arthur Sabbat, Director, ANPD

Eduardo Bertoni, Coordinator, Inter-American Institute of Human Rights, & former Director, Argentine Data Protection Authority

Anna Morgan, Deputy Commissioner, Irish Data Protection Authority

Zee Kin Yeong, Deputy Chief Executive, Singapore Personal Data Protection Authority

Christopher Hodges, Head of the CMS Research Program on Civil Justice Systems, University of Oxford

The role of accountability in data protection: Creating risk-based data governance programs and demonstrating compliance

Accountability is a fundamental element of effective privacy and data protection and is a fundamental principle included in data protection laws around the world. It requires organizations to adopt and implement structures, systems, programs, practices, processes, policies, procedures, measures and tools (together referred to as “mechanisms”) to comply with legal requirements or other external standards, or to implement their own objectives internal, corporate ethical requirements, public goals and promises. It also requires organizations to be able to demonstrate the effectiveness of such mechanisms internally (e.g., to the Corporate Board, the CEO, and other members of senior management) and externally (to DPAs, individuals, business partners, and, increasingly, shareholders and investors). Organizations of all sizes, regions and industry sectors have been able to increase and implement data protection accountability through governance programs and expect DPAs to take such efforts into account during potential investigations and enforcement.

Moderator: Bojana Bellamy, President, CIPL

Provocateurs:

Marcos Ottoni, Legal Coordinator, CNSaúde

Marlon Domingus, Manager, Erasmus University Rotterdam

Rob Sherman, Vice President & Deputy Chief Privacy Officer, Facebook

Caroline Louveaux, Chief Privacy Officer, MasterCard

Renato Leite Monteiro, Leader of the Data Protection Council – LATAM, Twitter

Tami Dokken, Director of Data Privacy, World Bank

Roberto Bruce, Data Privacy Manager, Bradesco

1pm End of Day 1 

Giovanna Carloni, Global Privacy Policy Manager, CIPL

Laura Schertel, Lawyer, Professor and Director of CEDIS-IDP

9:50 am Keynote – Managers and the rise of privacy professions

Trevor Hughes, CEO & President, International Association of Privacy Professionals (IAPP)

10:10 Keynote – Data protection done differently: is the UK blazing a new trail?

James Snook, Director – Data Policy, UK Ministry for Computing, Culture, Media and Sport (DCMS) [TBD]

Enabling international data transfers

International data transfers enable digital development and innovation and are key to enabling developing countries, like Brazil, to actively participate in the global digital economy. They are also essential to combat global crisis situations, such as the COVID-19 pandemic. Countries and regions are adopting mechanisms to facilitate the cross-border flow of personal data, including recognition of reciprocal adequacy, bilateral agreements, certification schemes, contractual clauses and others. Increasingly, local decisions on data protection have a wider and sometimes even global impact on data flows, such as the European Court of Justice's ruling in the Schrems II case, adding complexity to the issue of data flows and requiring countries to observe and analyze the impact of data protection developments happening beyond their physical borders.

Moderator: Markus Heyder, Vice President and Senior Policy Advisor, CIPL

Provocateurs:

Vanessa Butalla, Legal Director, Serasa Experian

Yuji Asai, Commissioner, Japan Personal Data Protection Authority

Marcel Leonardi, Partner, Leonardi Advogados

Joe Jones, Head of Data Governance, UK Department for Computing, Culture, Media and Sport (DCMS)

Jacobo Esquenazi, Global Privacy Strategy Coordinator, HP, Inc.

Security incident notification and management: a challenge for organizations and Data Protection Authorities (DPAs)

Identifying and managing security incidents is a challenging task for both organizations and DPAs. As the world has gone digital with the COVID-19 pandemic, cyber threats and attacks have grown, leading to increased security incident management and reporting. While organizations work to implement enhanced technical and organizational measures to prevent and contain breaches, they are also required to report such incidents to DPAs and principals in various jurisdictions. DPAs in several regions have seen an increase in their workload due to security incident notifications. They need to spend resources analyzing such notifications, providing guidance to organizations so they have clarity on notification criteria, and possibly investigating and taking enforcement action against the most serious cases.

Moderator: Ana Paula Bialer, Partner, Bialer Falsetti Associados

Provocateurs:

Joacil Basilio Rael, Director, ANPD

Stevens David, President, Belgian Data Protection Authority

Cristine Hoepers, General Manager, CERT.br/NIC.br

Bridget Treacy, Partner, Hunton Andrews Kurth

Marie Olson, Deputy Chief Privacy Officer, Boeing

Flavia Mitri, Legal Director of Privacy and Cybersecurity for Latin America, Uber

1pm Closing