First, in 2015, Safe Harbour bit the dust. That has been followed by the striking down of Safe Harbour’s successor - the Privacy Shield - in July 2020, with standard contractual clauses surviving but needing additional safeguards. So international data transfers from the EU to the USA, (post-Brexit) to the UK, and indeed to other ‘third countries’, will need to change. With thousands of organisations facing business disruption, given the uncertainties about how international data transfers under the GDPR may be legally effected, what happens next? What do you need to know?
Brian Runciman, Head of Content and Insight, BCS
Dr W Kuan Hon
Dr W Kuan Hon, author of Data localization laws and policy - the EU data protection international transfers restriction through a cloud computing lens (Edward Elgar, 2017), is an English solicitor and New York attorney. Kuan is a Director in the Privacy, Security and Information Law team of leading technology law firm Fieldfisher. She advises on data protection (including transfers) and security-related laws and also broader tech law issues, having degrees in computing science as well as law.
Kuan previously volunteered for the UK Information Commissioner's Office and the UK National Cyber Security Centre. She is also an Editor of the Encyclopedia of Data Protection and Privacy, a guest lecturer for computing science students at Imperial College London, and a member of the UN Privacy Preserving Techniques Legal Task Team.
Adam Leon Smith
Adam Leon Smith is Chief Technology Officer and Data Protection Officer of Dragonfly, a UK/European consultancy, training and products. He is the current Chair of the BCS SIGIST. In his past, Adam has held senior roles at multinational financial services institutions, as well as ambitious startups. He is very active in ISO/IECs technical standardisation community.
Adam is a Fellow of the British Computer Society, and ForHumanity, an independent oversight body auditing the use of AI and contact tracing technology. He is a regular speaker at conferences and a resident podcaster for the Ministry of Testing.
Chiara Rustici is an independent academic and data regulation analyst. Formerly a research fellow with Italy's CNR, teaching fellow in Jurisprudence at the University of Genoa, and research scholar at the Universities of Milan and Edinburgh, she Chairs the BCS Law Specialist Group and is part of the BCS governance team with the PPP committee.
She sits on the editorial board of the Journals Frontiers in Blockchain and Journal of Data Protection and Privacy and has published extensively on legal reasoning for academic publishers Computer Law Review International, Journal of Data Protection and Privacy, Bloomberg, O'Reilly books, Ragion Pratica, Contemporary Political Theory.
In 2019 she was recognised by her peers in the inaugural DPO200 list compiled by the GDPR Institute as one of the ‘individuals who have made significant contributions to the privacy and security sectors’.
Introduction to the issues - 5 min overview by Dr Kuan Hon
The discussion - 25 mins
- Is there an incompatibility between US and EU privacy principles – or is it about surveillance law?
- What do the effects on standard contractual clauses mean for UK business?
- What does ‘due diligence’ mean in this context?
- What are the implications for the need of an ‘adequacy decision’ for the UK post Dec 2020?
- What next for the Privacy Shield?
- Would this story benefit the public if more widely known – the implication being that our personal data is being taken seriously as a key legislative issue?
Q and A - 15 minutes