Skip to main content

The 14th Annual Sedona Conference International Programme on Cross-Border Data Transfers and Data Protection Laws

Submitted by rmb@sedonaconf… on
Date
-

Location:
The Westin Valencia
Valencia, Spain

The 14th Annual Sedona Conference International Programme on Cross-Border Data Transfers and Data Protection Laws will be held on 13-14 June 2023 at The Westin Valencia in Valencia, Spain. There will be a welcome reception at the hotel in the evening of 12 June, from 18:00 - 20:00.

The Programme will address cross-border data transfers relating to commercial operations, government investigations, and discovery in litigation, and the related compliance, privacy and security issues.

Unlike other continuing legal education programs, all faculty members are present for the entire Programme and participate in all aspects of the Programme. The format involves dialogue not only among faculty members, but also with the Programme participants, who are invited and encouraged to contribute their comments and perspectives to the dialogue.

Attendance at the Programme is by invitation only to ensure a proper balance of participants and is limited in size to ensure that we have an intimate environment for meaningful dialogue.

Working Group Meetings

In the afternoon of 14 June, from 13:30-17:30, there will be a members' meeting of The Sedona Conference Working Group 6 on International Electronic Information Management, Discovery and Disclosure (WG6). In the morning of 15 June, from 9:00-12:30, there will be a members' meeting of The Sedona Conference Working Group 11 on Data Security and Privacy Liability (WG11).

You must be a Working Group Series (WGS) member to attend the WG6 and WG11 meetings.

If you are a WGS member who would like to attend either or both of the meetings, please indicate this during the application process for the International Programme – you will be prompted to select which meeting(s) you plan to attend.

If you are not a WGS member, you can sign up for a WGS membership here. Once a WGS member, one is eligible to become a member and take part in the activities of all Working Groups, including WG6 and WG11. If you have any questions about how to sign up for a membership or encounter any difficulties while doing so, please contact our office at info@sedonaconference.org.

Corparate Counsel Meeting

There will be a meeting of corporate counsel, with the date and location to be determined. The meeting is limited to corporate counsel and The Sedona Conference leadership to discuss and benchmark cross-border transfer best practices in a more relaxed and informal setting. This intimate forum will allow for a discussion of issues of specific importance to in-house counsel. If you are invited to participate in the Programme, the organizers of this meeting will contact you separately with more details.

Hotel Reservation Information

We have arranged for a very favorable group room rate at The Westin Valencia of EUR 180 (single) and EUR 200 (double) per night (plus 10% VAT) for a limited block of Deluxe rooms on the evenings of 12 - 14 June 2023. The group rate includes the breakfast buffet at The Rosmarino restaurant. The group rate will be available for 3 nights preceding and 3 nights following the dates of the room block, but subject to availability of Deluxe rooms. The Westin will be holding the block of rooms until 15 May 2023, after which any unsold rooms will be released for sale to the general public. After 15 May 2023, rooms will be subject to availability. Reservation information will be provided in your registration confirmation email.

CLE

The Sedona Conference will seek CLE accreditation for this programme in selected jurisdictions, as dictated by attendance.  

 

Co-Chairs

Cecilia Álvarez
Madrid, Spain
Hon. Michael M. Baylson
Philadelphia, PA, USA
Kevin F. Brady
Herndon, VA, USA
Nina Bryant
London, United Kingdom
Leonardo Cervera Navas
Brussels, Belgium
Starr Turner Drum
Birmingham, AL, USA
Kevin Duan
Beijing, China
Nicola Fabiano
Milan, Italy
Townsend Feehan
Brussels, Belgium
Natascha Gerlach
Brussels, Belgium
Seán Hurley
Dublin, Ireland
Serge D. Jorgensen
Sarasota, FL, USA
Helena Koning
Waterloo, Belgium
Ruth Elizabeth Promislow
Toronto, ON, Canada
Peter Schaar
Berlin, Germany
David C. Shonka
Chantilly, VA, USA
Christiana State
San Francisco, CA, USA
Inés Talavera de la Esperanza
Brussels, Belgium
Vittorio Tommasone
Milan, Italy
Jonathan M. Wilan
Washington, DC, USA
Dino Wilkinson
Abu Dhabi, United Arab Emirates
Miriam Wimmer
Brasilia, Brazil
Kenneth J. Withers
Phoenix, AZ, USA
Stephen Yu
Shanghai, China

Cecilia Álvarez
Madrid, Spain
Hon. Michael M. Baylson
Philadelphia, PA, USA
Kevin F. Brady
Herndon, VA, USA
Nina Bryant
London, United Kingdom
Leonardo Cervera Navas
Brussels, Belgium
Starr Turner Drum
Birmingham, AL, USA
Kevin Duan
Beijing, China
Nicola Fabiano
Milan, Italy
Townsend Feehan
Brussels, Belgium
Natascha Gerlach
Brussels, Belgium
Seán Hurley
Dublin, Ireland
Serge D. Jorgensen
Sarasota, FL, USA
Helena Koning
Waterloo, Belgium
Ruth Elizabeth Promislow
Toronto, ON, Canada
Peter Schaar
Berlin, Germany
David C. Shonka
Chantilly, VA, USA
Christiana State
San Francisco, CA, USA
Inés Talavera de la Esperanza
Brussels, Belgium
Vittorio Tommasone
Milan, Italy
Jonathan M. Wilan
Washington, DC, USA
Dino Wilkinson
Abu Dhabi, United Arab Emirates
Miriam Wimmer
Brasilia, Brazil
Kenneth J. Withers
Phoenix, AZ, USA
Stephen Yu
Shanghai, China
14th Annual International Programme Agenda
Time Session Panelists
  Tuesday, 13 June 2023  
7:30 — 8:30 Sign-in  
8:30 — 8:45 Welcome and overview D'Ambra, Matus, Moncure, Weinlein
8:45 — 10:00 EU-U.S. data transfers and the EU-U.S. Data Privacy Framework: What's next?  
  In the wake of the July 2020 landmark decision of the European Court of Justice (ECJ), Schrems II, that struck down the EU-U.S. Privacy Shield, parties on both sides of the Atlantic began work in earnest on a new framework for data transfers between the EU and U.S. that could withstand ECJ scrutiny. In March 2022, an “agreement in principle” was reached on such a framework – the EU-U.S. Data Privacy Framework (“Framework”). Subsequent efforts to turn that “agreement in principle” into a legal framework, including the October 2022 White House Executive Order on Enhancing Safeguards For United States Signals Intelligence Activities, resulted in the European Commission releasing a draft adequacy decision for the Framework in December 2022. The panel will lead a dialogue on the structure and contents of the Framework; the efficacy of the Commission’s draft adequacy decision; the likelihood of avoiding a potential Schrems III; and what the ideal mechanism for EU-U.S. data transfers would look like.  
10:00 — 10:15 Morning break  
10:15 — 11:15 Global approaches to regulating AI: Convergence or divergence?  
  In early 2021, the European Commission proposed the first-ever legal framework for AI, the “Proposal for a Regulation laying down harmonised rules on artificial intelligence” (or the “Artificial Intelligence Act”). The regulation’s main focus is on specific risks surrounding AI and the categorization of such risks. Around the same time, the U.S. Federal Trade Commission (FTC) released Business Guidance noting the FTC’s perception that AI could inadvertently introduce bias or other unfair outcomes and warned of the potential applicability of Section 5 of the FTC Act, the Fair Credit Reporting Act, and the Equal Credit Opportunity Act. The Artificial Intelligence Act and the FTC’s Business Guidance appear to suggest a more restrictive approach to AI on the part of regulators in the EU and the U.S. The government of the United Kingdom, however, may be headed in a different direction – with innovation as a priority. In June 2022, the Secretary of State for Digital, Culture, Media and Sport (DCMS) presented to the UK Parliament a policy paper entitled, “Establishing a pro-innovation approach to regulating AI.” The panel will lead a dialogue on the strengths and weaknesses of these varying jurisdictional approaches in the infancy of AI regulation. The panel will also consider whether AI is the new battleground for international commercial supremacy, and if so, how that can be expected to impact the evolution of regulation of AI across the globe.  
11:15 — 12:15 What does the future hold for online advertising under the GDPR, in California and elsewhere?  
  In February 2022, the Litigation Chamber of the Belgian Data Protection Authority (APD) found that the Internet Advertising Bureau Europe’s (IAB Europe) Transparency and Consent Framework (TCF) violated several GDPR provisions and, accordingly, imposed a €250,000 fine. Under the TCF, consent management platforms (CMPs) capture the preferences of online users in TC Strings (digital strings containing user preferences). The APD held that IAB Europe – as well as CMPs, publishers and participating ad tech vendors – lacked a valid legal basis for the processing of personal data through the TCF. In January 2023, APD approved IAB Europe’s action plan to bring processing of personal data under the TCF into compliance with the GDPR. The implementation of the action plan, however, will entail operating changes for TCF participants that may ultimately be found inadequate by the ECJ. Meanwhile, in California, the CCPA was amended specifically to capture the practice of “sharing” personal information in online advertising, as opposed to merely its “sale,” leading to new contractual requirements. The CCPA also now includes new provisions specifically to "target" targeted advertising. Finally, in November 2022, the UK Competition and Markets Authority (CMA) announced a new effort to look into Business to Consumer (B2C) online sales practices. The panel will compare and contrast the aforementioned developments in the EU, California, and the UK, and assess the trend lines for online advertising vis-à-vis data protection regulations globally.  
12:15 — 13:15 Lunch  
13:15 — 14:30 Data protection authority (DPA) roundtable  
  Global DPAs will lead a dialogue on their respective challenges and priorities in both their enforcement and advisory roles under global data protection regimes. The dialogue will also address technological developments and data transfer mechanisms (e.g., SCCs; EU-U.S. Data Privacy Framework).  
14:30 — 14:45 Afternoon break  
14:45 — 16:00 Insights from former DPAs  
  Examining issues of cross-border data transfers and data protection can look very different for a regulator than a business or other organization. How does being a DPA shape one’s view of the issues? This panel brings together former DPAs from across the globe who have experience on both sides of the regulatory divide to dialogue on what they see as the most important trends in the data protection field, how working in a regulatory capacity has changed how they speak with organizations about data protection, and what they see as the critical foci for DPAs.  
16:00 — 17:00 Operating under China's Personal Information Protection Law (PIPL)  
  China’s PIPL went into effect on November 1, 2021, and in June 2022, China issued administrative rules fleshing out the restrictions on cross-border data transfers in addition to the requisite steps required to obtain regulatory approval of such transfers. These steps include (1) clearing a security assessment approved by the Cyberspace Administration of China (CAC) and (2) either obtaining a personal information protection certification from a professional institution designated by the CAC or entering into a standard format data transfer agreement with the foreign recipient of the data. Unfortunately, the exact metes and bounds of this complex process remains largely unclear, leaving multinational companies in a difficult position when conducting investigations or cross-border discovery of data in China. The panel will share first-hand experience with navigating the challenges of the PIPL and other Chinese data protection laws and will provide practical tips on addressing these challenges.  
17:00 — 19:00 Reception (guests invited)  
     
  Wednesday, 14 June 2023  
8:00 — 9:00 Sign-in  
9:00 — 10:15 Cross-border data transfers case law update  
  Each year, the International Programme features a detailed discussion of recent court decisions on privacy, data security, and cross-border data transfer issues. This year’s panel of privacy and data security legal scholars will lead a dialogue on the most instructive cases from the past year.  
10:15 — 10:30 Morning break  
10:30 — 11:45 Data security and breach regulation and litigation, including responding to regulators across jurisdictions in an ever-expanding breach notification environment  
  New or revised privacy laws and regulations globally now usually include data breach notification requirements. When faced with a potential data breach, companies must determine how to respond to divergent notification requirements across jurisdictions. Companies also face an ever-increasing risk of litigation from regulators, individuals, or organizations. This panel will explore best practices associated with data breach response as related to notification requirements and preparing for potential litigation. Panelists will also lead a dialogue on the nuances of cross-border data transfers in the context of data breach litigation.  
11:45 — 13:00 Data protection and security audit 101: Practical realities for audit preparation and response  
  Data protection and security audit provisions are increasingly a part of new data protection laws and regulations, turning what was once a best practice into a mandatory legal requirement. This panel will examine how companies should prepare for and respond to such audits. Who should be involved in the audit? What exactly should be audited? Depending on the jurisdiction and situation, can privilege protections be applied to the audit? Panelists will lead a dialogue on these questions and other key points related to data protection and security audits.  
13:00 — 14:00 Lunch (provided)  

Panel Moderator*

Date::
to

About

The Sedona Conference (TSC) is a nonpartisan, nonprofit 501(c)(3) research and educational institute dedicated to the advanced study of law and policy in the areas of antitrust law, complex litigation, intellectual property rights, and data security and privacy law. The mission of TSC is to move the law forward in a reasoned and just way through the creation and publication of nonpartisan consensus commentaries and through advanced legal education for the bench and bar.

Contact

The Sedona Conference
301 East Bethany Home Rd, Suite C-297
Phoenix, AZ 85012
602-258-4910
General inquiries: info@sedonaconference.org
CLE-related questions: cle@sedonaconference.org
To comment on our publications: comments@sedonaconference.org

Join our mailing list

Copyright 2023 The Sedona Conference