Webinar on The Future of Safe Harbor: Where do cross-border eDiscovery and data transfers go from here?

Time:     11:00 to 12:30 pm EST The Sedona Conference Webinar on The Future of Safe Harbor: Where do cross-border eDiscovery and data transfers go from here? Just over 15 years ago, the European Commission adopted Decision 2000/520 (Safe Harbor Decision), which affirmed the Safe Harbor framework as “adequate” protection for the transfer of personal data from the U.S. to the EU, pursuant to Directive 95/46 (the EU Data Protection Directive). Safe Harbor was established as a voluntary and legal means for US organizations to transfer personal data from the EU to the U.S. Through a certification that was made publicly available, organizations voluntarily indicated their commitment to a number of privacy principles promulgated by the U.S. Department of Commerce. Over 4,400 entities were self-certified under Safe Harbor. In 2013, Max Schrems, an Austrian citizen and Facebook user since 2008, filed a complaint with the Irish DPA, arguing that his personal data was not adequately protected by the U.S., given the surveillance of U.S. intelligence agencies, and in particular, the National Security Agency (NSA). In rejecting the complaint, the Irish DPA held that the Safe Harbor Decision did afford adequate protection of the personal data in question. Schrems then went to the Irish High Court, seeking judicial review of the Irish DPA’s rejection of his complaint. The Irish High Court stayed the proceedings, and put to the Court of Justice of the European Union (CJEU) the question of whether the existence of a Commission decision finding that a third country ensures an adequate protection of personal data - such as the Safe Harbor Decision - can eliminate or reduce a national supervisory authorities’ powers under the EU Data Protection Directive. On October 6, 2015, in an unambiguous and decisive fashion, the CJEU ruled that the Safe Harbor Decision is invalid. In the days since, government officials, data protection authorities, litigators, and entities self-certified under Safe Harbor - in both the U.S. and EU Member States alike - have begun in earnest to plan how to navigate the uncertain terrain. A leading group of EU and U.S. legal practitioners, data protection authorities, and privacy experts from The Sedona Conference Working Group 6 have closely monitored the developments in the days since the CJEU ruling, in order to more fully assess the trend lines for U.S.-EU cross-border discovery and data protection in the coming weeks and months. In this webinar, these experts will: Present pre- and post-ruling analysis from Working Group 6 briefing papers (which will be included in the webinar materials) Update webinar participants on the latest developments in the aftermath of the ruling Provide practical guidance for both legal practitioners and organizations going forward Specific topics to be addressed include: How will the ruling affect the ongoing negotiations for a new Safe Harbor framework between the EC and the U.S. Department of Commerce? Will these negotiations lead to an adequate resolution of the current situation? How will the ruling impact the ongoing trialogue negotiations for the General Data Protection Regulation (GDPR)? What does the Article 29 Working Party have to say about this ruling? Will there be a grace period before enforcement actions are commenced by data protection authorities? Can organizations rely on standard contractual clauses (SCCs), binding corporate rules (BCRs), and consent as viable alternatives to Safe Harbor? How can The Sedona Conference International Principles on Discovery, Disclosure & Data Protection: Best Practices, Recommendations & Principles for Addressing the Preservation Discovery of Protected Data in U.S. Litigation (and subsequent Working Group 6 guidance) be effectively utilized for the cross-border transfer of data in litigation? As time allows, we will also take your questions during the Webinar. Questions may be submitted during the Webinar by text. CLE credit: The Sedona Conference does not apply for CLE accreditation for webinars, but registrants may submit documentation to their respective state CLE office for potential credit. You can view system requirements here. Moderators Natascha Gerlach, Cleary Gottlieb, Brussels, Belgium Cecilia Álvarez Rigaudias,Spanish Privacy Professionals Association, Madrid, Spain Panelists Dr. Alexander Dix,Commissioner for Data Protection and Freedom of Information, Berlin, Germany Amor A. Esteban,DLA Piper LLP (US), San Francisco, CA Christopher Hoff, Crowell & Moring, Washington, DC Dr. Christopher Kuner,Brussels, Belgium