Cookies were not the only hot topic of conversation as Sophie Narbonne addressed a packed house of Compliance Officers. As well as dealing with the inevitable questions about the Right to Be Forgotten, and progress with the EU Data Protection Regulation she used her keynote presentation to focus on two data protection concepts: accountability and interoperability.
Alongside strengthened powers of enforcement and sanctions in the proposed new EU Data Protection Regulation she welcomed a new “middle layer of accountability”. Sanctions are important – and she didn’t mince her words calling the current maximum of 150K euros “ridiculous” and stating that the amount would “drastically increased as it is not credible otherwise.” But she was clear that this wasn’t enough: “You can’t regulate by sanctions you need something else and I welcome the new approach of accountability – not self-regulation but co-regulation.”
Highlighting the CNIL’s support for Binding Corporate Rules (BCR), she focused on the second key concept of interoperability. While it had been possible to achieve “mutual recognition” for the BCRs process in the EU as countries have the same legal heritage outside of the EU she said it was important to “build bridges” with programs such as the APEC Cross Border Privacy Rules (CBPRs) which are similar but different to BCRs. She welcomed the new bridges such as the APEC-EU Referential earlier this year that have started to join the principles and the applications of these two approaches.
As privacy experts from across the globe gather in Mauritius for the 36th International Conference of Data Protection and Privacy Commissioners the weather may not be the same as Brussels but with a conference strapline of a “World Order for Data Protection” the conversations are likely to have a similar focus on interoperability and building bridges.