The 13th Annual Sedona Conference International Programme on Cross-Border Data Transfers and Data Protection Laws

Monday, June 27, 2022 - 8:00am to Tuesday, June 28, 2022 - 2:15pm


The Offices of Sidley Austin LLP, Washington, D.C.
Online (Via Zoom)

Returning to the United States for the first time since 2010, the 13th Annual Sedona Conference International Programme on Cross-Border Data Transfers and Data Protection Laws will be held on 27-28 June 2022 at the offices of Sidley Austin LLP in Washington, D.C. and online (via Zoom). There will be a welcome reception at McCormick & Schmick's in the evening of 26 June, from 18:00 - 20:00.

The Programme will address cross-border data transfers relating to commercial operations, government investigations, and discovery in litigation, and the related compliance, privacy and security issues.

We will dialogue on the latest developments in cross-border data transfers and data protection laws in the Asia Pacific (APAC) region, the Middle East, and Africa. We will also examine the challenges and practical solutions for privacy litigation with cross-border implications; how multinationals and their counsel reconcile the competing demands of ever-increasing global cyber threats; and how to define privacy and data protection harms. As always, we will hear from leading global DPAs on the challenges they are facing and their current priorities. For the first time, we will hear insights from a distinguished panel of former DPAs who possess experience on both sides of the regulatory divide. Our annual case law update will explore, among other case law, cases which suggest that judges are taking on a regulatory role – so to speak – with regard to data protection.

At the crossroads of these developments, the Programme will provide the expert dialogue it is known for between leading global data protection authorities, corporate counsel, outside counsel, and service providers, both on the faculty and among the Programme participants.

Unlike other continuing legal education programs, all faculty members are present for the entire Programme and participate in all aspects of the Programme. The format involves dialogue not only among faculty members, but also with the Programme participants, who are invited and encouraged to contribute their comments and perspectives to the dialogue.

Attendance at the Programme is by invitation only to ensure a proper balance of participants and is limited in size to ensure that we have an intimate environment for meaningful dialogue.

We will seek CLE accreditation for this event in selected jurisdictions as dictated by attendance.

Working Group Meetings

In the morning of 29 June, from 9:00-12:30, there will be a members' meeting of The Sedona Conference Working Group 6 on International Electronic Information Management, Discovery and Disclosure (WG6). In the afternoon of 29 June, from 13:30-17:00, there will be a members' meeting of The Sedona Conference Working Group 11 on Data Security and Privacy Liability (WG11).

You must be a Working Group Series (WGS) member to attend the WG6 and WG11 meetings.

If you are a WGS member who would like to attend either or both of the meetings, please indicate this during the application process for the International Programme – you will be prompted to select which meeting(s) you plan to attend.

If you are not a WGS member, you can sign up for a WGS membership here. Once a WGS member, one is eligible to become a member and take part in the activities of all Working Groups, including WG6 and WG11. If you have any questions about how to sign up for a membership or encounter any difficulties while doing so, please contact our office at [email protected].

Corporate Counsel Meeting

There will be a meeting of corporate counsel on Tuesday, 28 June, from 14:30-17:00. The meeting is limited to corporate counsel and The Sedona Conference leadership to discuss and benchmark cross-border transfer best practices in a more relaxed and informal setting. This intimate forum will allow for a discussion of issues of specific importance to in-house counsel. If you are invited to participate in the Programme, the organizers of this meeting will contact you separately with more details.



Orrick Herrington & Sutcliffe LLP

Düsseldorf, Germany

Privacy Commissioner for Bermuda

Hamilton, Bermuda


Africa Digital Rights Hub

Accra, Ghana

Dubai International Financial Centre Authority

Dubai, United Arab Emirates

Bermudez Durana Abogados

Bogotá, Colombia


London, United Kingdom

Norton Rose Fulbright South Africa Inc

Sandton, South Africa

Sidley Austin

Washington, DC, USA

U.S. Department of Commerce, International Trade Administration

Washington, DC, USA

Baker McKenzie LLP

London, United Kingdom

International Association of Privacy Professionals

Concord, NH, USA



Personal Information Protection Commission

Seoul, South Korea

The Sylint Group

Sarasota, FL, USA

Bulgarian Commission for Personal Data Protection

Sofia, Bulgaria


Waterloo, Belgium

Former Privacy Commissioner of the National Privacy Commission

Quezon City, Philippines


Waterloo, Belgium

Ropes & Gray

London, United Kingdom

Georgetown University Law Center

Washington, DC, USA


London, United Kingdom


Paris, France

European Court of Justice

Luxembourg, Luxembourg

European Academy for Freedom of Information & Data Protection

Berlin, Germany

Italian Data Protection Authority

Rome, Italy

Railway Safety Regulator

Pretoria, South Africa


Montréal, Québec, Canada

Orrick, Herrington & Sutcliffe

Boston, MA, USA

Federal Trade Commission

Washington, DC, USA

Office of the Director of Public Prosecutions

Kampala, Uganda

University of South Carolina

Columbia, SC, USA

Clyde & Co

Abu Dhabi, United Arab Emirates

Bavarian Data Protection Authority for the Private Sector

Ansbach, Germany

The Sedona Conference

Phoenix, AZ, USA

Gilt Chambers

Hong Kong

Future of Privacy Forum

Washington, DC, USA

Turkish Personal Data Protection Authority (KVKK)

Ankara, Turkey


Time Session Panelists
  Monday, 27 June 2022 (all times EDT)  
7:00 — 8:00 Sign-In and Breakfast  
8:00 — 8:15 Welcome and overview Schröder, Weinlein, White
8:15 — 9:30 Cross-border data transfers and data protection laws in the Asia Pacific (APAC) region: Emerging frameworks and hot topics CoeHoHwangWhite*, Wong
  Innovation in data transfers mechanisms and regulation of data protection has been a feature of the APAC region of late, with the Cross-Border Privacy Rules (CBPR) and interoperability initiatives such as Data Free Flow With Trust (DFFT) serving as notable examples. Building upon the dialogue from our 2019 Programme in Hong Kong, a distinguished panel of thought leaders from across APAC will update attendees on the latest developments in the region.  
9:30 — 9:45 Break  
9:45 — 10:45 Cross-border data transfers and data protection in the Middle East and Africa: New laws and regulatory approaches Akuetteh, BakerBowan, SewlalTorachWilkinson*
  Few regions have seen as much explosive growth in new data protection laws and regulatory offices as the Middle East and Africa. The panel will lead a dialogue on the commonalities between recent rules and regulatory guidance in these regions and whether there is an emerging consensus on cross-border data transfers and compliance requirements.  
10:45 — 11:00 Break  
11:00 — 12:15 Key challenges and practical solutions for privacy litigation with cross-border implications Blair, KoningMassey, Räther, Schröder*, Sussman
  Regulators are not the only parties becoming increasingly active in strongly enforcing privacy violations with significant fines. The private enforcement of rights, including damage claims, is also on the rise. This panel will lead a dialogue on how companies can mitigate the risk of privacy-related litigation from regulators, individuals and/or organizations claiming individual rights, and how to best defend against such claims should litigation become unavoidable.  
12:15 — 13:15 Lunch  
13:15 — 14:30 The rapid proliferation of global cyber threats: how do multinationals and their counsel reconcile the competing demands? Brown, Jorgensen, Louveaux*, Massey, Sussman, Vieyra, Zengin 
  Companies are increasingly facing global cyber threats from private organizations and state actors alike. These threats require robust IT security and organizational measures to prevent incidents, but also pose serious legal and compliance challenges for multinationals, including managing various counsel, the diverging notification laws across the world, and the risk of impending privacy litigation. The panel will lead a dialogue on practical solutions for multinationals facing the unique challenges of global cyber threats, both in terms of preparation and response.  
17:00 — 19:00 Reception at Dauphine's (guests invited)  
  Tuesday, 28 June 2022 (all times EDT)  
7:00 — 8:00 Sign-In and Breakfast  
8:00 — 9:30 Data protection authority (DPA) roundtable Karadjov, Raynal, ScorzaWhite*, Will, Sylvain
  Global DPAs will lead a dialogue on their respective challenges and priorities in both their enforcement and advisory roles under global data protection regimes. The dialogue will also address technological developments and data transfer mechanisms (e.g., SCCs; Trans-Atlantic Data Privacy Framework).  
9:30 — 9:45 Break  
9:45 — 10:45 Insights from former DPAs Bermúdez, Denham, Liboro, Schaar, Schröder*, Stoddart, Wong
  Examining issues of cross-border data transfers and data protection can look very different for a regulator than a business or other organization. How does being a DPA shape one’s view of the issues? This panel brings together former DPAs from across the globe who have experience on both sides of the regulatory divide to dialogue on what they see as the most important trends in the data protection field, how working in a regulatory capacity has changed how they speak with organizations about data protection, and what they see as the critical foci for DPAs.  
10:45 — 11:00 Break  
11:00 — 12:00 Cross-border data transfers case law update: Will judges be the new DPAs? Propp, Rodin, J., Withers*
  Each year, the International Programme features a detailed discussion of recent court decisions on privacy, data security, and cross-border data transfer issues. This year’s panel of privacy and data security legal scholars will lead a dialogue on the most instructive cases from the past year, with a particular focus on cases which suggest judges are taking on a regulatory role - so to speak - with regard to data protection. The panel will compare regulatory and judicial interpretations of law and discuss the implications these interpretations have for organizations.  
12:00 — 13:00 Lunch  
13:00 — 14:15 What's the harm? Understanding and proving privacy and data protection harms BrownLouveaux, Fennessy*, Zanfir-Fortuna
  Many data protection laws or cross-border frameworks discuss the prevention of harms to individuals, and legal actions must often prove a specific harm to succeed. However, the idea of harms can be a difficult one to put into concrete terms. In this panel, scholars examine how to define and evaluate the idea of a privacy harm in different jurisdictions and whether these harms are universal or specific.


*Panel Moderator

Monday, June 27, 2022 - 7:00am to Tuesday, June 28, 2022 - 2:15pm