Global Data Protection policy workshop

SpaceNeedleThis year’s Privacy Identity Innovation conference in Seattle stared with our new Global Data Protection policy workshop on Monday, September 16th. Participants explored recent developments in global data protection regulation and privacy law with leading policy experts and scholars from the Federal Trade Commission, Disney, Microsoft, Stanford Law School, Symantec, PwC, TechFreedom, AT&T, TRUSTe and other prominent law firms and companies.


The pre-conference workshop, which took place from 11:30am to 4:30pm, was held 100 feet above the ground in the SkyLine level of the historic Space Needle building with fantastic panoramic views of downtown Seattle, Mount Rainier and the surrounding islands. The final schedule for the workshop is available below, and you can learn more about individual speakers on the Speakers page.



Monday, September 16, 2013 – Space Needle building

11:00am     Attendee Check-in


11:30am     Welcome Remarks


11:35am     Recent Data Privacy Developments in D.C.


From the FTC’s revised COPPA rules to NTIA’s first privacy multistakeholder process, there have been a number of developments on the data privacy front. In this opening session, we’ll look at what’s new in Washington, D.C. and what the current environment signals about the U.S.’s policy on data privacy going forward. Adding to the sense of urgency are the recent revelations about government surveillance and the introduction of several new privacy-related bills. Our panel of experts will discuss key policies and priorities you need to know about.


Moderator: Craig Spiezle, Founder and Executive Director, Online Trust Alliance

Justin Brookman, Director of Project on Consumer Privacy, CDT

Julie Mayer, Consumer Protection Attorney, Federal Trade Commission

Kathy Poplin, Director, Global Public Policy, AT&T

Katie Ratté, Assistant General Counsel, The Walt Disney Company


12:15pm     Working Lunch – Privacy Under Pressure: Government Access and Transparency


Greater transparency may not be a panacea for all privacy concerns. But for companies trying to build trust with their users, it’s necessary in order to reassure people that their personal information is protected. Nothing has made that more evident than the news about the NSA’s PRISM surveillance program.


According to its recent Transparency Report, more than 70 countries have requested user data  from Facebook (more than 25 countries asked for info from Google and Twitter) – notably, in all these cases, the U.S. made the majority of those requests – and trends indicate that demands for user data are on the rise.  During this working lunch, we’ll discuss the tension that exists between trying to protect user privacy and complying with legal requests for data, and explore steps that companies are taking to shed more light on the types and numbers of government requests that are made.


Moderator: Declan McCullagh, Chief Political Correspondent,

Françoise Gilbert, Managing Attorney, IT Law Group

Todd Hinnen, Partner, Perkins Coie


1:20pm       Data Collection & Consent: Next Steps for Digital Advertising


While the World Wide Web Consortium (W3C) working group chartered with trying to develop a Do Not Track standard wasn’t able to achieve consensus by a July 31st deadline, the group plans to reconvene in September to try and resolve its many differences. At the same time, with Congress and the FTC watching closely, browser companies, advertisers and others are pursuing alternatives.


In an ever-changing landscape where the stakes are very high, we’ll review some of the different approaches being taken to offer users more control. More importantly, we’ll explore what might happen going forward and the impact these efforts may have on consumers and companies.


Moderator: Kate Kaye, Data Reporter, Advertising Age

JC Cannon, Director of Privacy Strategy, Online Services Division, Microsoft

Chris Mejia, Director, Digital Supply Chain Solutions & Ad Technology, IAB

Aleecia McDonald, Director of Privacy, Stanford’s Center for Internet & Society

Berin Szoka, Founder and President, TechFreedom


2:00pm       Rethinking Privacy Rights & Responsibilities: Preparing for the E.U.’s Proposed Data Protection Rules


In an effort to harmonize and modernize data protection laws that date back to 1995, the European Commission proposed two new laws early last year to reform how personal data is processed throughout the E.U. Following a number of disagreements and delays, which have resulted in literally thousands of amendments, a vote is scheduled to take place on the latest proposals in October in an effort to publish amended legislation in the Spring of 2014.


This panel will help explain what it could mean for companies who have customers in Europe by examining important tenets of the proposed reforms, which include an individual’s “right to be forgotten” by having companies delete data about him/her, a requirement that companies receive explicit consent before processing personal information, and a right to “data portability” that would allow any individual to request a copy of all of his/her data from a company.


Moderator: Françoise Gilbert, Managing Attorney, IT Law Group

Lothar Determann, Partner, Baker & McKenzie

Christina Gagnier, Partner, Gagnier Margossian LLP

Ira Rubinstein, Senior Fellow, Information Law Institute, NYU School of Law


2:40pm       Break


2:50pm       Beyond the U.S. and E.U.: A Look at Data Protection in Other Parts of the World


Although the lion’s share of attention may be on what’s happening in the U.S. and the E.U., at least 85 countries have enacted some type of data privacy legislation. The result is a patchwork of global requirements that can make compliance confusing and costly. This session will take a look at overall trends in Latin America, Asia and other parts of the world.


Are countries following a more prescriptive approach when it comes to privacy regulations and rules for newer technologies? How does the culture or history of a region inform its approach to data protection? Is self-regulation playing a role in the development of online frameworks? Do government regulators in these countries enforce the law actively?


Moderator: Saira Nayak, Director of Policy, TRUSTe

Matthew DelNero, Partner, Covington & Burling

Dona Fraser, Vice President, Privacy Certified, ESRB

Amrita Srivastava, Partner, Desh International Law


3:30pm       Creating an Effective Global Privacy Program


Whether you work with a small team of entrepreneurs or a Fortune 500 company, it’s important to make data protection a strategic priority. As you’ll hear in this session, there are a variety of forces shaping privacy programs – laws, regulations and user expectations – and an effective approach to global privacy must take all of them into account. Learn best practices for developing a privacy program from experts who have worked with some of the leading brands in the world.


Moderator: Craig Spiezle, Founder and Executive Director, Online Trust Alliance

Michael Spadea, Director – Privacy and Information Risk, Promontory Financial Group

Aaron Weller, Managing Director, Data Protection & Privacy, PwC

Paola Zeni, Director, Global Privacy, Symantec


4:10pm       Data Breach Preparedness and Notification


No one plans to have a data breach, but every company should have a plan for dealing with one. In this lightning talk, you’ll get a crash course on the current status of data breach notification laws and how to address a data leak should the worst case scenario happen.


Ozzie Fonseca, Senior Director, Data Breach Resolution, Experian


4:30pm       Wrap-up