On Thursday 8th October, the Privacy and Cyber Security Group held a breakfast
briefing (a "fireside chat") at Dentons' London
office where the keynote speaker was Christopher Graham, the UK
Information Commissioner. Nick Graham, Global Co-Chair of the Group
opened the session which was led by Chantal Bernier, Counsel from
Dentons Canada and former Canadian Privacy Commissioner. There was
full attendance and an engaged audience. The event covered a number
of privacy issues, not least the CJEU's decision two days
earlier that Safe Harbor is invalid.
Safe Harbor Decision: reactions
Christopher Graham provided reassurance and pragmatism in
response to the Safe Harbor ruling. He was keen to emphasise that
the message from the ICO (his office), is "don't
panic"! He does not intend to be "knee-jerking into
sudden enforcement". At the same time, he said that the ICO
"understand(s) the significance of what has happened".
"If you're using the cloud, you're concerned about
this. If you're an SME involved in transfers of information
between Europe and the U.S., you're concerned... We absolutely
understand that the ICO needs to be thoroughly engaged... We're
working hard on making sure there is a coherent, coordinated
response from the DPAs [Data Protection Authorities] to these
developments". With regards to the meeting due later that day
of the Article 29 sub-committee on transfers, he said that the ICO
will argue for a "practical response" and "will be a
voice arguing restraint".
When asked whether the decision will also impact the alternative
transfer mechanisms to Safe Harbor (i.e. Standard Contractual
Clauses and BCRs), Graham responded: "Let's not create a
drama out of a crisis, by saying, 'Oh if that's the case
for Safe Harbor that must also be the case for BCRs and Standard
Contractual Clauses. Let's not panic." He pointed out that
Safe Harbor was already in the process of being renegotiated, and
that also there are special arrangements for security services
provided in the Data Protection Directive. "The problems about
the access that security authorities claim for personal information
are there in every jurisdiction... Talk about elephants in the
room. That's one of the elephants", he said. Graham
reassured that the ICO and the other national data protection
authorities are working together and with the respective
governments towards balancing these "competing
One of key themes of the morning was the importance of national
authorities working in "effective co-ordination" and GPEN
as "leading the way as the network of networks". Graham
warned that as a result of this better co-ordination, authorities
will be "more on your case". However, he was quick to
note that enforcement is a "weapon of last resort":
"we don't get off fining people". "We want to
encourage good behaviour. You have a friend in the ICO", he
Graham announced that the ICO is currently revising its Privacy
Notices Code of Practice to take account of the mobile environment
and to steer the focus of these policies on clear language rather
than "legal speak", among other things.
Since the session, the DPAs have met with regards to Safe Harbor
and are now working on issuing guidance.
As part of the session we conducted a risk survey of the
audience to identify the main data privacy concerns currently faced
by business. Below is a graphic displaying our findings of what
respondents prioritised as most concerning.
Dentons is the world's first polycentric global law firm. A
top 20 firm on the Acritas 2015 Global Elite Brand Index, the Firm
is committed to challenging the status quo in delivering consistent
and uncompromising quality and value in new and inventive ways.
Driven to provide clients a competitive edge, and connected to the
communities where its clients want to do business, Dentons knows
that understanding local cultures is crucial to successfully
completing a deal, resolving a dispute or solving a business
challenge. Now the world's largest law firm, Dentons'
global team builds agile, tailored solutions to meet the local,
national and global needs of private and public clients of any size
in more than 125 locations serving 50-plus countries.
The content of this article is intended to provide a general
guide to the subject matter. Specialist advice should be sought
about your specific circumstances.
To print this article, all you need is to be registered on Mondaq.com.
Click to Login as an existing user or Register so you can print this article.
The event serves as high-level networking platform and gives all related parties active in the M&A insurance market the opportunity to connect and share their views. It brings together M&A insurers, transaction lawyers and tax advisers, private equity and corporate investors, and investment bankers. The M&A Insurance Summit aims to inform about new market trends, recent product developments and further business opportunities.
While companies prepare for the EU General Data Protection Regulation (GDPR) to take effect in May 2018, another highly significant item on the agenda is arguably the current review process of the proposal for a Regulation on Privacy and Electronic Communications (ePrivacy Regulation).
Register for Access and our Free Biweekly Alert for
This service is completely free. Access 250,000 archived articles from 100+ countries and get a personalised email twice a week covering developments (and yes, our lawyers like to think you’ve read our Disclaimer).