During the week of February 25, 2019, the Centre for Information Policy Leadership (“CIPL”) at Hunton Andrews Kurth LLP participated in the meetings of the APEC Data Privacy Subgroup (“DPS”) and Electronic Commerce Steering Group (“ECSG”) in Santiago, Chile. CIPL enjoys formal guest status and a seat at the table at these bi-annual APEC privacy meetings.
In connection with these meetings, CIPL was asked by the General Directorate of International Economic Relations of Chile’s Ministry of Foreign Affairs to organize an official workshop for the APEC DPS and ECSG delegates from the participating APEC-based governments and data protection authorities, as well as for local Chilean government and industry stakeholders and other international industry and academic stakeholders. The purpose of this workshop was to support APEC’s privacy and data protection work and provide a forum to exchange experiences and global perspectives on key issues relating to data protection in an era of rapid technological change.
CIPL’s workshop was the first official APEC ECSG/DPS event in Santiago, kicking off a weeklong series of meetings by these groups on the further implementation of the APEC Cross-Border Privacy Rules (“CBPR”) and other privacy and data protection related issues of interest to these groups, including, among other issues, the intersection between privacy laws and emerging technologies, potential updates to the APEC Privacy Framework, data portability, cross-border enforcement cooperation and privacy law and policy developments in the 21 APEC member-economies. A portion of the meetings also concerned possible future work on interoperability between the APEC and EU cross-border transfer mechanisms.
CIPL’s February 25 workshop on “Key Building Blocks for Effective Data Protection and Innovation in the Data Driven Society” featured opening remarks by Mathias Francke, the Director of Multilateral Economic Affairs and SOM Chair from Chile’s Ministry of Foreign Affairs, and Marcelo Drago, the President of Chile’s Council of Transparency, and a keynote by Mastercard’s Chief Data Officer on the dual goal of enabling data protection and data-driven innovation.
This was followed by updates from various speakers, including Senator Felipe Harboe from Chile, on the status of Chile’s privacy law development process, Brazil’s implementation of its new privacy law, South Korea’s implementation of the CBPR system and adequacy negotiations with the EU and other developments across Latin America.
Following that, a panel of industry representatives discussed the role of organizational accountability as the cornerstone of modern data protection, explaining the elements of accountability (such as risk-assessments, policies and procedures, transparency, oversight and redress), how to implement them through comprehensive, risk-based organizational privacy programs or through participation in formal accountability mechanisms such as codes of conduct or certifications, how to demonstrate accountability to data protection authorities and how and why data protection authorities and lawmakers should incentivize accountability.
A third panel of privacy regulators from the U.S. Federal Trade Commission, the Canadian Office of the Privacy Commissioner, the Singapore Personal Data Protection Commission and a former privacy regulator from Colombia, as well as two industry representatives, discussed the key characteristics and responsibilities of an effective national data protection authority. The panelists addressed the role of the national data protection authority both with respect to its domestic policy setting and enforcement functions and its role as central data protection contact in the context of international enforcement cooperation and global privacy and data protection organizations and fora, such as the International Conference of Data Protection and Privacy Commissioners, the Asia-Pacific Privacy Authorities forum, the APEC Cross-Border Privacy Enforcement Arrangement and the Global Privacy Enforcement Network. In addition, they considered contemporary regulatory strategies to maximize the data protection authority’s effectiveness through risk-based prioritization of tasks and constructive engagement with industry.
The final session of the day considered how to ensure accountable cross-border data flows through APEC CBPR and other mechanisms. Speakers from data protection authorities in the Philippines and Japan, present and former U.S. government officials, academics, as well as industry representatives from the U.S. and Chile, discussed perspectives on the economic, business and innovation impact of cross-border data flows as well as approaches to accountable cross-border data flows in APEC member economies and other regions such as the EU, Russia and the Eurasian Economic Union. A significant portion of the discussion focused on next steps for the rapidly expanding APEC CBPR system.
Search
Recent Posts
Categories
- Behavioral Advertising
- Centre for Information Policy Leadership
- Children’s Privacy
- Cyber Insurance
- Cybersecurity
- Enforcement
- European Union
- Events
- FCRA
- Financial Privacy
- General
- Health Privacy
- Identity Theft
- Information Security
- International
- Marketing
- Multimedia Resources
- Online Privacy
- Security Breach
- U.S. Federal Law
- U.S. State Law
- Workplace Privacy
Tags
- Aaron Simpson
- Accountability
- Adequacy
- Advertisement
- Advertising
- American Privacy Rights Act
- Anna Pateraki
- Anonymization
- Anti-terrorism
- APEC
- Apple Inc.
- Argentina
- Arkansas
- Article 29 Working Party
- Artificial Intelligence
- Australia
- Austria
- Automated Decisionmaking
- Baltimore
- Bankruptcy
- Belgium
- Biden Administration
- Big Data
- Binding Corporate Rules
- Biometric Data
- Blockchain
- Bojana Bellamy
- Brazil
- Brexit
- British Columbia
- Brittany Bacon
- Brussels
- Business Associate Agreement
- BYOD
- California
- CAN-SPAM
- Canada
- Cayman Islands
- CCPA
- CCTV
- Chile
- China
- Chinese Taipei
- Christopher Graham
- CIPA
- Class Action
- Clinical Trial
- Cloud
- Cloud Computing
- CNIL
- Colombia
- Colorado
- Committee on Foreign Investment in the United States
- Commodity Futures Trading Commission
- Compliance
- Computer Fraud and Abuse Act
- Congress
- Connecticut
- Consent
- Consent Order
- Consumer Protection
- Cookies
- COPPA
- Coronavirus/COVID-19
- Council of Europe
- Council of the European Union
- Court of Justice of the European Union
- CPPA
- CPRA
- Credit Monitoring
- Credit Report
- Criminal Law
- Critical Infrastructure
- Croatia
- Cross-Border Data Flow
- Cyber Attack
- Cybersecurity
- Cybersecurity and Infrastructure Security Agency
- Data Brokers
- Data Controller
- Data Localization
- Data Privacy Framework
- Data Processor
- Data Protection Act
- Data Protection Authority
- Data Protection Impact Assessment
- Data Transfer
- David Dumont
- David Vladeck
- Delaware
- Denmark
- Department of Commerce
- Department of Health and Human Services
- Department of Homeland Security
- Department of Justice
- Department of the Treasury
- District of Columbia
- Do Not Call
- Do Not Track
- Dobbs
- Dodd-Frank Act
- DPIA
- E-Privacy
- E-Privacy Directive
- Ecuador
- Ed Tech
- Edith Ramirez
- Electronic Communications Privacy Act
- Electronic Privacy Information Center
- Elizabeth Denham
- Employee Monitoring
- Encryption
- ENISA
- EU Data Protection Directive
- EU Member States
- European Commission
- European Data Protection Board
- European Data Protection Supervisor
- European Parliament
- Facial Recognition Technology
- FACTA
- Fair Credit Reporting Act
- Fair Information Practice Principles
- Federal Aviation Administration
- Federal Bureau of Investigation
- Federal Communications Commission
- Federal Data Protection Act
- Federal Trade Commission
- FERC
- FinTech
- Florida
- Food and Drug Administration
- Foreign Intelligence Surveillance Act
- France
- Franchise
- Fred Cate
- Freedom of Information Act
- Freedom of Speech
- Fundamental Rights
- GDPR
- Geofencing
- Geolocation
- Georgia
- Germany
- Global Privacy Assembly
- Global Privacy Enforcement Network
- Gramm Leach Bliley Act
- Hacker
- Hawaii
- Health Data
- Health Information
- HIPAA
- HIPPA
- HITECH Act
- Hong Kong
- House of Representatives
- Hungary
- Illinois
- India
- Indiana
- Indonesia
- Information Commissioners Office
- Information Sharing
- Insurance Provider
- Internal Revenue Service
- International Association of Privacy Professionals
- International Commissioners Office
- Internet
- Internet of Things
- Iowa
- IP Address
- Ireland
- Israel
- Italy
- Jacob Kohnstamm
- Japan
- Jason Beach
- Jay Rockefeller
- Jenna Rode
- Jennifer Stoddart
- Jersey
- Jessica Rich
- John Delionado
- John Edwards
- Kentucky
- Korea
- Latin America
- Laura Leonard
- Law Enforcement
- Lawrence Strickling
- Legislation
- Liability
- Lisa Sotto
- Litigation
- Location-Based Services
- London
- Madrid Resolution
- Maine
- Malaysia
- Markus Heyder
- Maryland
- Massachusetts
- Meta
- Mexico
- Microsoft
- Minnesota
- Mobile App
- Mobile Device
- Montana
- Morocco
- MySpace
- Natascha Gerlach
- National Institute of Standards and Technology
- National Labor Relations Board
- National Science and Technology Council
- National Security
- National Security Agency
- National Telecommunications and Information Administration
- Nebraska
- NEDPA
- Netherlands
- Nevada
- New Hampshire
- New Jersey
- New Mexico
- New York
- New Zealand
- Nigeria
- Ninth Circuit
- North Carolina
- Norway
- Obama Administration
- OECD
- Office for Civil Rights
- Office of Foreign Assets Control
- Ohio
- Oklahoma
- Opt-In Consent
- Oregon
- Outsourcing
- Pakistan
- Parental Consent
- Payment Card
- PCI DSS
- Penalty
- Pennsylvania
- Personal Data
- Personal Health Information
- Personal Information
- Personally Identifiable Information
- Peru
- Philippines
- Phyllis Marcus
- Poland
- PRISM
- Privacy By Design
- Privacy Policy
- Privacy Rights
- Privacy Rule
- Privacy Shield
- Protected Health Information
- Ransomware
- Record Retention
- Red Flags Rule
- Regulation
- Rhode Island
- Richard Thomas
- Right to Be Forgotten
- Right to Privacy
- Risk-Based Approach
- Rosemary Jay
- Russia
- Safe Harbor
- Sanctions
- Schrems
- Scott H. Kimpel
- Scott Kimpel
- Securities and Exchange Commission
- Security Rule
- Senate
- Serbia
- Service Provider
- Singapore
- Smart Grid
- Smart Metering
- Social Media
- Social Security Number
- South Africa
- South Carolina
- South Dakota
- South Korea
- Spain
- Spyware
- Standard Contractual Clauses
- State Attorneys General
- Steven Haas
- Stick With Security Series
- Stored Communications Act
- Student Data
- Supreme Court
- Surveillance
- Sweden
- Switzerland
- Taiwan
- Targeted Advertising
- Telecommunications
- Telemarketing
- Telephone Consumer Protection Act
- Tennessee
- Terry McAuliffe
- Texas
- Text Message
- Thailand
- Transparency
- Transportation Security Administration
- Trump Administration
- United Arab Emirates
- United Kingdom
- United States
- Unmanned Aircraft Systems
- Uruguay
- Utah
- Vermont
- Video Privacy Protection Act
- Video Surveillance
- Virginia
- Viviane Reding
- Washington
- Whistleblowing
- Wireless Network
- Wiretap
- ZIP Code