1 / 24

Interoperable Solutions for Cross Border Data Transfers – APEC, CBPR, BCR from TRUSTe

With the recent CJEU ruling on the invalidity of Safe Harbor, companies should focus on Interoperable Privacy Frameworks to tackle cross border data transfers with a BCR (Binding Corporate Rules) platform.<br>Watch the complete webinar on how APEC, CBPR & BCR should come together for global interoperability https://info.truste.com/On-Demand-Webinar-Reg-Page-V3.html?asset=XCPH8VUG-586

truste
Télécharger la présentation

Interoperable Solutions for Cross Border Data Transfers – APEC, CBPR, BCR from TRUSTe

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Solutions for Cross Border Data Transfers: APEC CBPRs, BCRs and Global Interoperability December 9, 2015 v v Privacy Insight Series 1

  2. Today’s Speakers Josh Harris Director of Policy TRUSTe Hilary Wandall AVP Compliance & Chief Privacy Officer Merck & Co., Inc Melinda Claybaugh Counsel for International Consumer Protection, Federal Trade Commission v Privacy Insight Series 2

  3. Agenda Welcome Global Interoperability and the Safe Harbor Ruling Interoperability in Practice: Utilizing CBPR Certification to Demonstrate Requirements for BCR Approval • Josh Harris • • • Hilary Wandall Cross-Border Enforcement Co-operation Q&A Melinda Claybaugh • v Privacy Insight Series 3

  4. Global Interoperability and the Safe Harbor Ruling Josh Harris, Director of Policy, TRUSTe v v Privacy Insight Series 4

  5. Prospects for a Renewed Safe Harbor • US Secretary of Commerce: "A solution is within hand. We had an agreement prior to the court case. I think with modest refinements that are being negotiated we could have an agreement shortly.” • EU Justice Commissioner Jourová: “… The Commission aims to conclude negotiations in January 2016.” • Current Negotiation Activities: - EU Delegation to DoC in November - December 17 Stocktake v Privacy Insight Series 5

  6. APEC Update Economy-Level Updates: • Japan • China • Mexico • Singapore • Hong Kong • Australia • Peru Practical Interoperability: • CBPR as basis for global privacy policy • CBPR as basis for Safe Harbor? • CBPR as basis for BCR… v Privacy Insight Series 6

  7. Status of APEC-Art. 29 Interoperability Project Creation of Joint EU-APEC Working Team: – Recognized value of collaboration to provide industry greater clarity on how to meet requirements of EU and APEC simultaneously Development of “Referential”: ‒ Mapped requirements of APEC CBPR System and EU BCR System ‒ Identified common and divergent elements to help inform companies seeking to develop policies and practices in compliance with both systems ‒ APEC Data Privacy Subgroup expression of interest to Article 29 Working Party regarding tools recommended by joint working team in January 2015 Next Steps: ‒ Work together to develop practical tools to facilitate dual certification to complement referential: Meetings held in most recently in Amsterdam, discussions to continue at APEC 2016 in Peru. v Privacy Insight Series 7

  8. Interoperability in Practice: Utilizing CBPR Certification to Demonstrate Requirements for BCR Approval Hilary Wandall AVP Compliance & Chief Privacy Officer, Merck & Co., Inc. v v Privacy Insight Series 8

  9. Benefits of Framework Approaches to Cross-Border Compliance • competitive advantage –frameworks (e.g., CBPR, BCR, Safe Harbor) provide a legal basis for efficiently transferring data across country borders in compliance with the data transfer restrictions of the privacy laws in these regions • compliance advantage –they are based on demonstration of organisational accountability and stewardship in how we operate rather than complicated transactional documentation that is resource-intensive to maintain • reputational advantage among regulators, customers and the public based on trust that the certified organisation responsibly protects data across countries, regions, and ultimately globally v Privacy Insight Series 9

  10. Our Approach to Interoperable Privacy Frameworks BCRs http://www.msd.com/privacy/cross-border-privacy-policy/ 10 v Privacy Insight Series 10

  11. Framework Interoperability Gap Analysis v Privacy Insight Series 11

  12. Cross-Border Enforcement Co-operation Melinda Claybaugh, Counsel for International Consumer Protection, Federal Trade Commission v v Privacy Insight Series 12

  13. Note: The views expressed are mine alone and not necessarily those of the Federal Trade Commission or any individual Commissioner. Melinda Claybaugh Counsel for International Consumer Protection, Federal Trade Commission

  14. Overview of Cross-Border Enforcement Cooperation • Authority: US SAFE WEB Act • Mechanisms: GPEN, CPEA, MOUs • Examples of successful cooperation v Privacy Insight Series 14

  15. The Federal Trade Commission

  16. SAFE WEB Act Enhanced Enforcement Powers • Information Sharing: FTC may share confidential information with foreign law enforcers. • Investigative Assistance: FTC may provide investigative assistance to foreign law enforcers in certain cases by, for example, issuing a Civil Investigative Demand. v Privacy Insight Series 16

  17. FTC Use of SAFE WEB Tools • Information Sharing: Provided evidence in response to 63 information-sharing requests from 17 foreign law enforcement agencies in 9 countries (as of mid-2012). • Investigative Assistance: The FTC has issued 52 civil investigative demands in 21 investigations on behalf of 9 agencies in 5 countries (as of 2012). v Privacy Insight Series 17

  18. Global Privacy Enforcement Network (GPEN) • Network of public privacy enforcement authorities • Range of Activities • “GPEN Alert” secure information-sharing system v Privacy Insight Series 18

  19. APEC Cross-Border Privacy Enforcement Arrangement • 26 members from 9 economies • Practical mechanism allowing PEAs to cooperate in cross- border privacy enforcement by sharing information and providing assistance. v Privacy Insight Series 19

  20. Memoranda of Understanding • MOUs with Dutch, Irish, and UK Data Protection Authorities • Sets out the agencies’ intent regarding mutual assistance and procedures for sharing information and providing assistance. v Privacy Insight Series 20

  21. Examples of Successful Cooperation • Many public examples in fraud cases – In Canadian Competition Bureau case against a phone company, District Court of MD ordered compliance with FTC civil investigative demand. – Robocalls, spam • GPEN Alert • Under CPEA: Australia/Canada cooperation on data breach investigation. v Privacy Insight Series 21

  22. Questions? v v Privacy Insight Series 22

  23. Contacts Josh Harris Hilary Wandall Melinda Claybaugh jharris@truste.com hilary_wandall@merck.com mclaybaugh@ftc.gov v v Privacy Insight Series 23

  24. Thank You! See http://www.truste.com/insightseries for details of our 2016 Privacy Insight Series and past webinar recordings. v v Privacy Insight Series 24

More Related