Privacy & Information Security Law Blog

This is an excerpt from Centre for Information Policy Leadership (“CIPL”) President Bojana Bellamy’s recently published piece in the IAPP “Privacy Perspectives” blog, and are the views of the author.

On December 9, 2022, Hunton Andrews Kurth LLP London senior consultant attorney Rosemary Jay received the 2022 PICCASO Privacy Award for Achievement in recognition of her longstanding contributions to the data privacy industry.

On September 10, 2021, the UK Government Department for Digital, Culture, Media & Sport (“DCMS”) launched a consultation on its proposed reforms to the UK data protection regime. The consultation reflects DCMS’s effort to deliver on Mission 2 of the National Data Strategy, which is “to secure a pro-growth and trusted data regime in the UK.” Organizations are encouraged to provide input on a range of data protection proposals, some of which are outlined below. The consultation will close on November 19, 2021, and the Centre for Information Policy Leadership (“CIPL”) will consult with members to prepare a formal response to the consultation.

The Centre for Information Policy Leadership (“CIPL”), a global privacy and security think tank founded in 2001 by leading companies and Hunton Andrews Kurth LLP, is celebrating 20 years of working with industry leaders, regulatory authorities and policymakers to develop global solutions and best practices for privacy and responsible data use.

Hunton Andrews Kurth LLP is pleased to announce that POLITICO has named Centre for Information Policy Leadership (“CIPL”) President Bojana Bellamy among its Tech 28, the news organization’s inaugural list of top “rulemakers, rulebreakers and visionaries” shaping the future of technology in Europe and beyond.

On August 20, 2020, Secretary-General of the Presidency of the Republic, Jorge Antônio de Oliveira Francisco, announced that the administrative decree to create the new Brazilian data protection authority (the Autoridade Nacional de Proteção de Dados, or “ANPD”) is ready and may be published at any time, after final technical adjustments are made. The Secretary-General made this statement during his remarks at the webinar “The ANPD: from the letter of law to the practice,” jointly organized by the Centre for Information Policy Leadership (“CIPL”) and the Centro de Estudos de Direito, Internet e Sociedade of Instituto Brasiliense de Direito Público (“CEDIS-IDP”) and hosted by the news channel JOTA.

In one of the most important cases on global data transfers, the Court of Justice of the European Union (“CJEU”) will rule on the validity of the Standard Contractual Clauses (“SCCs”) in the Schrems II case (case C-311/18) on July 16, 2020. Invalidation of the SCCs would leave businesses scrambling to find an alternative data transfer mechanism. But there may be significant practical challenges for businesses even if the SCCs survive.

On June 3, 2020, the Centre for Information Policy Leadership (“CIPL”) at Hunton Andrews Kurth LLP published its report, What Good and Effective Data Privacy Accountability Looks Like: Mapping Organizations’ Practices to the CIPL Accountability Framework (“Report”). The Report consolidates the findings of CIPL’s Accountability Mapping Project launched in September 2019, which is part of CIPL’s broader work on the central role of organizational accountability in data privacy.

The Centre for Information Policy Leadership (“CIPL”) at Hunton Andrews Kurth LLP is pleased to announce Matthew Starr and Giovanna Carloni have joined CIPL, adding to its expertise in global privacy and data protection policy.

On June 12, 2019, Hunton Andrews Kurth and its Centre for Information Policy Leadership (“CIPL”) hosted a roundtable discussion in the firm’s Brussels office on the update of the EU Standard Contractual Clauses for international data transfers (“SCCs”). More than 30 privacy leaders joined together to discuss the challenges of the current SCCs and provide their insights on the updated versions. Hunton partner David Dumont led the discussion, while CIPL President Bojana Bellamy illuminated CIPL’s work in this area. The session also featured Cristina Monti, Policy Officer in the International Data Flows and Protection Unit of the EU Commission DG Justice and Consumers.

On May 3, 2019, the International Association of Privacy Professionals (“IAPP”) honored Centre for Information Policy Leadership (“CIPL”) President Bojana Bellamy with the 2019 IAPP Privacy Vanguard Award during its Global Privacy Summit in Washington, D.C. The IAPP also honored European Data Protection Supervisor Giovanni Buttarelli with its 2019 Privacy Leadership Award. Since the early 2000s the IAPP has recognized professionals and organizations making a difference in the world of privacy through these yearly awards.

During the week of April 1, 2019, the Centre for Information Policy Leadership (“CIPL”) at Hunton Andrews Kurth LLP hosted its annual executive retreat in Washington, D.C. (the “Retreat”). During the Retreat, CIPL held a full-day working session on evolving technologies and a new U.S. privacy framework followed by a closed members only half-day roundtable on global privacy trends with special guest Helen Dixon, Data Protection Commissioner of Ireland.

On January 16, 2019, Hunton Andrews Kurth hosted a breakfast seminar in London, entitled “GDPR: Post Implementation Review.” Bridget Treacy, Aaron Simpson and James Henderson from Hunton Andrews Kurth and Bojana Bellamy from the Centre for Information Policy Leadership (“CIPL”) at Hunton Andrews Kurth discussed some of the challenges and successes companies encountered in implementing the EU General Data Protection Regulation (the “GDPR”), and also identified key data protection challenges that lie ahead. The Hunton team was joined by Neil Paterson, Group Data Protection Coordinator of TUI Group; Miles Briggs, Data Protection Officer of TUI UK & Ireland; and Vivienne Artz, Chief Privacy Officer at Refinitiv, who provided an in-house perspective on the GDPR.

On October 22, 2018, the Centre for Information Policy Leadership (“CIPL”) at Hunton Andrews Kurth LLP co-hosted a workshop in Brussels on “Can GDPR Work for Health Scientific Research?” (the “Workshop”) with the European Federation of Pharmaceutical Industries and Associations (“EFPIA”) and the Future of Privacy Forum (“FPF”) to address the challenges raised by the EU General Data Protection Regulation (“GDPR”) in conducting scientific health research.

On October 5, 2018, the Centre for Information Policy Leadership (“CIPL”) at Hunton Andrews Kurth LLP hosted a workshop on how to implement, demonstrate and incentivize accountability under the EU General Data Protection Regulation (“GDPR”), in collaboration with AXA in Paris, France. In addition to the workshop, on October 4, 2018, CIPL hosted a Roundtable on the Role of the Data Protection Office (“DPO”) under the GDPR at Mastercard and a pre-workshop dinner at the Chanel School of Fashion, sponsored by Nymity.

On May 29, 2018, Bojana Bellamy published a letter on the importance and value of data protection officers (“DPOs”) on the International Association of Privacy Professionals’ Privacy Perspectives blog, entitled A Letter to the Unsung Hero of the GDPR (the “Letter”). The Letter acknowledges the herculean efforts and boundless commitment DPOs and those in a similar role have demonstrated in preparing their organizations for the GDPR.

The Centre for Information Policy Leadership (“CIPL”) at Hunton & Williams LLP is pleased to announce that Nathalie Laneret will be joining CIPL as Director of Privacy Policy in May. She brings more than 20 years of experience in data protection policy both in-house and in private practice. She is admitted to the New York and Paris bars and has experience in both France and in the U.S. on data protection, IT and security matters, contracts, competition law, compliance issues and litigation.

On January 23, 2018, multinational consulting firm Capgemini interviewed Bojana Bellamy, President of the Centre for Information Policy Leadership at Hunton & Williams, for their “Jane Meets” video series with the Chief Information Security Officer (“CISO”). Bellamy spoke with the CISO of Capgemini about companies’ readiness to comply with the EU General Data Protection Regulation (“GDPR”). In response to a question about the key responsibilities of a CISO in GDPR compliance, Bellamy said, “…where I see great involvement for CISO also is in ensuring that the company is ready to deal with security breaches. So it’s not just about preventing the breach, which is obvious, but it’s also about readiness to deal with the breach and readiness to then manage the breach and notify individuals and regulators, because that is what [the] GDPR requires.”

Last week, the Centre for Information Policy Leadership (“CIPL”) and several privacy team members at Hunton & Williams LLP attended the 39th International Conference of Data Protection and Privacy Commissioners in Hong Kong (the “Conference”). The weeklong event hosted by Stephen Kai-yi Wong, Privacy Commissioner for Personal Data, Hong Kong was attended by over 3000 privacy professionals from data protection authorities (“DPAs”), industry and research sectors. CIPL hosted two events at the conference, as well as a joint roundtable with Hunton & Williams and Citibank, throughout the week.

On March 16, 2016, the Centre for Information Policy Leadership (“CIPL”) at Hunton & Williams LLP co-hosted a one-day workshop in Amsterdam, Netherlands, together with the Dutch Ministry of Security and Justice, to kick off CIPL’s new long-term project on the implementation of the EU General Data Protection Regulation (“GDPR”).

On March 17, 2016, Bojana Bellamy, President of the Centre for Information Policy Leadership (“CIPL”), participated on a panel of experts at a hearing in front of the European Parliament’s Committee on Civil Liberties, Justice and Home Affairs (“LIBE Committee”) about the new EU-U.S. Privacy Shield for commercial transfers of EU personal data to the U.S.

On March 16, 2016, the Centre for Information Policy Leadership (“CIPL”) at Hunton & Williams LLP will co-host a one-day workshop in Amsterdam, Netherlands, together with the Dutch Ministry of Security and Justice, to kick off a new long-term CIPL project on the implementation of the EU General Data Protection Regulation (“GDPR”).

On October 27, 2015, Hunton & Williams LLP’s Centre for Information Policy Leadership (“CIPL”) will conduct a joint workshop with Nymity on Bridging Disparate Privacy Regimes through Organizational Accountability. As a side event to the 37th International Privacy Conference in Amsterdam during the week of October 26, the workshop is specifically designed to support and further explore the theme of global “Privacy Bridges” that will be discussed at the International Privacy Conference. Organizational accountability is one of the proposed bridges in the Privacy Bridges Report which the international expert group released earlier this week.

On October 21, 2015, the EU-U.S. Privacy Bridge Initiative, a group of transatlantic privacy experts that was convened in April of 2014, released its report on Privacy Bridges – EU and US Privacy Experts in Search of Transatlantic Privacy Solutions.

On October 6 and 7, 2015, the Centre for Information Policy Leadership at Hunton & Williams LLP (“CIPL”), a global privacy policy think-tank based in Washington D.C. and London, and the Instituto Brasiliense de Direito Publico, a legal institute based in Brazil, will co-host a two-day Global Data Privacy Dialogue in Brazil, at the IDP’s conference facilities.

How do we focus on individuals and ensure meaningful control and the empowerment of individuals in the modern information age? What data privacy tools would drive empowerment in the digital world of today and tomorrow, perhaps more effectively and more nimbly than traditional individual consent? At a time when many countries are legislating or revising their data privacy laws and organizations are searching for best practices to embed in their business models, these questions are more relevant today than ever. In an article published on July 2, 2015, in the International Association of Privacy Professionals’ Privacy Perspective, entitled Empowering Individuals Beyond Consent, Bojana Bellamy and Markus Heyder of the Centre for Information Policy Leadership at Hunton & Williams argue that consent is no longer the best or only way to provide control and protect individuals. There are alternative and additional tools in our toolkit that can deliver effective data privacy and greater individual empowerment.

On June 24, 2015, DataGuidance will host a complimentary webinar on Brazil: Towards Privacy Compliance. The panel of speakers includes Bojana Bellamy, President of the Centre for Information Policy Leadership (“CIPL”) at Hunton & Williams; Esther Nunes, Partner of Pinheiro Neto Advogados; and Renato Leite Monteiro of Opice Blum, Bruno, Abrusio & Vainzof Advogados Associados. The speakers will discuss the Draft Bill for the Protection of Personal Data (Anteprojeto de Lei para a Proteção de Dados Pessoais) that was issued in January 2015. Concepts and provisions in the ...

On May 5, 2015, the Centre for Information Policy Leadership at Hunton & Williams (“CIPL”) filed comments in English and Portuguese on Brazil’s draft law “on the processing of personal data to protect the personality and dignity of natural persons” (the “Draft Law”).

As part of its ongoing Brazil outreach initiative, a delegation of the Centre for Information Policy Leadership at Hunton & Williams (“CIPL”) is in Brasilia and Rio de Janeiro the week of March 23, 2015. The delegation will meet with Brazilian government representatives, organizations and experts to discuss global privacy law and best practice developments and other issues of mutual interest, as well as a joint global privacy dialogue workshop in Brazil planned for later this year.

On February 12, 2015, the International Association of Privacy Professionals (“IAPP”) will host a web conference on The Role of Risk Management in Data Protection – From Theory to Practice. Panelists will include Bojana Bellamy, President of the Centre for Information Policy Leadership at Hunton & Williams (“CIPL”), Fred Cate, Senior Policy Advisor of CIPL, and Hilary Wandall, Associate Vice President, Compliance and Chief Privacy Officer of Merck & Co., Inc. Together, they will lead an online discussion on some of the key considerations in risk assessment and management.

On December 14, 2014, the University of Amsterdam and the Massachusetts Institute of Technology issued a press release about two recent meetings of the EU-U.S. Privacy Bridges Project in Washington, D.C. (held September 22-23, 2014) and Brussels (held December 9-10, 2014). The Privacy Bridges Project is a group of approximately 20 privacy experts from the EU and U.S. convened by Jacob Kohnstamm, Chairman of the Dutch Data Protection Authority and former Chairman of the Article 29 Working Party, to develop practical solutions for bridging the gap between EU and U.S. privacy regimes and legal systems. Bojana Bellamy, President of the Centre for Information Policy Leadership at Hunton & Williams (the “Centre”), and Fred Cate, the Centre’s Senior Policy Advisor are members of this group.

At the International Association of Privacy Professionals’ (“IAPP’s”) recent Europe Data Protection Congress in Brussels, the Centre for Information Policy Leadership at Hunton & Williams (the “Centre”) led two panels on the risk-based approach to privacy as a tool for implementing existing privacy principles more effectively and on codes of conduct as a means for creating interoperability between different privacy regimes.

On November 18, 2014, Hunton & Williams’ Global Privacy and Cybersecurity practice group hosted the latest webcast in its Hunton Global Privacy Update series. The program covered a number of privacy and data protection topics, including a report on the International Conference of Data Protection and Privacy Commissioners, highlights on the Council of the European Union’s proposed revisions to the compliance obligations of data controllers and data processors included in Chapter IV of the forthcoming EU General Data Protection Regulation, and U.S. highlights on California’s breach report and Federal Communications Commission enforcement actions.

On November 18, 2014, the Centre for Information Policy Leadership at Hunton & Williams (the “Centre”) held the second workshop in its ongoing work on the risk-based approach to privacy and a Privacy Risk Framework. Approximately 70 Centre members, privacy regulators and other privacy experts met in Brussels to discuss the benefits and challenges of the risk-based approach, operationalizing risk assessments within organizations, and employing risk analysis in enforcement. In discussing these issues, the speakers emphasized that the risk-based approach does not change the obligation to comply with privacy laws but helps with the effective calibration of privacy compliance programs.

This week, the Article 29 Working Party (“Working Party”) prepares to debate various proposals on the “one-stop-shop” mechanism under the proposed EU General Data Protection Regulation (“Regulation”). Hunton & Williams’ Global Privacy and Cybersecurity practice and its Centre for Information Policy Leadership submitted a strategy paper on the one-stop-shop to the Working Party. The paper proposes a methodology for selecting and defining the role of a lead regulatory authority with the objective of making the one-stop-shop more operational, flexible and viable. The work draws on a more detailed article published on November 3, 2014, by Hunton & Williams senior attorney Rosemary Jay in the magazine for the Society for Computers and Law, entitled The “One Stop Shop” – Working in Practice.

On July 15, 2014, Hunton & Williams’ Global Privacy and Cybersecurity practice group hosted the latest webcast in its Hunton Global Privacy Update series. The program covered a number of privacy and data protection topics, including the recent judgment in the Costeja case, the Centre for Information Policy Leadership’s work on a risk-based approach to privacy, the new Canadian anti-spam legislation that went into effect on July 1, and other developments in the U.S. and EU.

The Centre for Information Policy Leadership at Hunton & Williams (the “Centre”) has published a white paper entitled A Risk-based Approach to Privacy: Improving Effectiveness in Practice. This is the first paper in the Centre’s new multi-year Privacy Risk Framework Project. It follows the Centre’s March 2014 Risk Workshop, held in Paris with Centre members, privacy experts, regulators and other stakeholders. The Risk Framework Project is the next phase of the Centre’s earlier work on organizational accountability, focusing specifically on one important aspect of accountability – conducting risk assessments that identify, evaluate and mitigate the privacy risks to individuals posed by an organization’s proposed data processing.

Hunton & Williams LLP’s Centre for Information Policy Leadership president, Bojana Bellamy, has been selected to participate in the “Privacy Bridge Project,” a new transatlantic initiative that seeks to develop practical solutions to bridge the gap between European and U.S. privacy regimes. Bellamy joins a distinguished group of approximately 20 privacy experts from the EU and U.S., convened by Jacob Kohnstamm, Chairman of the Dutch Data Protection Authority and former Chairman of the Article 29 Working Party.

On March 18, 2014, Hunton & Williams’ Global Privacy and Cybersecurity practice group hosted the latest webcast in its Hunton Global Privacy Update series. The program focused on some of the recent developments in privacy, including observations from the International Association of Privacy Professionals’ Global Privacy Summit in Washington, D.C., earlier this month, the National Institute of Standards and Technology final Cybersecurity Framework and the Article 29 Working Party’s recent Opinion on Binding Corporate Rules and Cross-Border Privacy Rules.

The Centre for Information Policy Leadership at Hunton & Williams LLP (the “Centre”) announces Markus B. Heyder, International Consumer Protection Counsel at the U.S. Federal Trade Commission, will be joining as Vice President and Senior Policy Counselor, effective March 17, 2014. In this role, Heyder will work on policy development, research and publishing activities at the Centre, and will develop and maintain relationships with policy and regulatory authorities in North America, Asia and Latin America, among other tasks. He will be resident in the firm’s Washington, D.C. office.