09.00h.

Registration

09.30h.

Welcome and Introduction

• Cecilia Alvarez Rigaudias , Counsel, URÍA MENÉNDEZ, Madrid
• Stewart Dresner , Secretariat, European Privacy Officers Network, and Chief Executive, Privacy Laws & Business, London

09.45h.

Getting started: Pre-employment screening of job applicants

• 1. Legal and ethical issues, changing cultural expectations, what may we look for? (performance, alcohol, drugs, financial affairs?)
• 2. Former employers
• 3. Use of open websites
• 4. Use of social networking sites
• 5. Use of other public information sources

Hester de Vries , Attorney, Kennedy Van der Laan, Amsterdam, The Netherlands

Eduardo Ruiz Montoya , Regional Counsel Iberia and Central Europe, Hewlett-Packard

10.15h.

Use of CCTV cameras, storage of the images, and access by management and staff in different scenarios

• 1. 3rd party involvement and contractual safeguarding of third parties
• 2. Biometric aspects (for example, facial recognition, fingerprints)
• 3. Communication, notice, cross border data transfers
• 4. CCTVs covering places outside company property (for example, a street)
• 5. Secondary uses of CCTV data
• 6. Relationship with labour law and regulations

Irene Agúndez Lería , Abogada del Estado (State Attorney), Agencia Española de Protección de Datos, (DPA, Spain)

David Smith , Deputy Information Commissioner, United Kingdom

11.45h.

Drug and alcohol testing

• 1. Background checks before and during employment
• 2. Reliability of third parties providing this information
• 3. A key problem for employees in services is that they cannot escape ongoing background checks requested by the companies they provide a service to. Most often they have no idea about a client company's personal data processing.

David Smith , Deputy Information Commissioner, United Kingdom

12.15h.

Whistle blowing lines

• France: New developments; recent case law

Sophie Nerbonne , Directrice adjointe, Direction des affaires juridiques, internationales et de l'expertise, CNIL, (France’s Data Protection Commission)

• 1. Cross-border transfer issues (EU - US)
• 2. Used for ethical issues / beyond United States Sarbanes Oxley Act requirements
• 3. Third party involvement
• 4. Attitudes to anonymous reporting in different countries
• 5. Privacy rights of accuser and accused are not clear and how to protect balanced system use and logging vs. local open door approaches

Cecilia Alvarez Rigaudias , Counsel, URÍA MENÉNDEZ, Madrid

Dr. Jürgen Hartung , Partner, Oppenhoff & Partner, Köln, Germany

John Rigau , Legal Vice-President, Pepsico, Europe

13.00h.

Mergers, acquisitions, divestitures and privacy

This session will consider the key data privacy issues that arise in international mergers and acquisitions. It will focus on the key stages of a corporate transaction – pre-contract, due diligence, contract, completion and integration. Share purchases and asset acquisitions will be each considered, along with the respective obligations and concerns of a buyer and a seller. The session will consider, in particular:

• 1. When can a data asset be lawfully sold?
• 2. Can a seller disclose personal data pre-contract?
• 3. What should a due diligence exercise consider?
• 4. What warranties should a buyer seek?
• 5. International transfers in an M&A context
• 6. Running a data room
• 7. How should transitional services be handled?
• 8. Case study from the real world: one US multinational buys another

Dr. Mark Watts , Partner, Bristows, London

14.30h.

Interacting with Labour Unions and Works Councils

Spain

Ms. Belén Cardona , Professor of Labour Law, Valencia University, Spain and President, Asociación Profesional Española de Privacidad (APEP) - Spain’s Privacy Professiona Association

Germany's new data protection law

• 1. Current cases
• 2. Consequences for employee data protection (Section 32 Federal Data Protection Act; new regulation of personal data processing; security breach notifications)
• 3. Considerations/planning of a draft Employee Data Protection Act

Peter Schaar , Federal Data Protection Commissioner, Germany

Dr. Jürgen Hartung , Partner, Oppenhoff & Partner, Köln, Germany

Employee black lists in France

Concrete cases from prior checking to complaints, investigation and sanctions

Sophie Nerbonne , Directrice adjointe, Direction des affaires juridiques, internationales et de l'expertise, CNIL, (France’s Data Protection Commission)

15.30h.

Monitoring employees’ use of telephone, e-mails, the Internet and social networking sites

Monitoring employees’ use of telephone, e-mails, and the Internet in Finland

• 1. Employers' rights to monitor employees' e-mails in Finland: "Lex Nokia" overview
• 2. Law making process - observations
• 3. Role of Law Supervisory Authority - Actions and current situation

Reijo Aarnio , Data Protection Ombudsman, Finland

• 1. Balancing people management, resources management, supplier management needs with privacy and labor law requirements;
• 2. Home working; monitoring and surveillance of workers’ productivity, and checking of working conditions at home by the employer and the Labour Inspectorate
• 3. Replacing certain digits of numbers with x’s and records retention of data logs
• 4. Internal investigations from management and employee perspectives
• 5. Employee monitoring from countries outside the European Economic Area
• 6. Data security issues from system security and intellectual property perspectives

Vanna Palumbo , Head, International Service, Garante (Data Protection Authority), Italy

Ana Higuera , Attorney, URÍA MENÉNDEZ, Madrid

Dr. Jürgen Hartung , Partner, Oppenhoff & Partner, Köln, Germany

Pilar Aranguen , Executive Director – Compliance, Goldman Sachs, Spain

16.30h.

Tea

16.50h.

Constructing a Europe-wide employee surveillance policy

• 1. Technological and organisational aspects of creating a policy.
• 2. The limits and opportunities of the techonologies in the practical implementation of privacy programmes (CCTV, whistleblowing/email archiving, etc.), addressing, in particular, the difficulties of traceability, for example:
• how to identify a specific e-mail among thousands or a specific image in a collection of CCTV data;
• the use of a specific document stored within a company’s IT equipment (access/sending by email/modifications, etc.)

Javier García Carmona , Director, Security of Information and Communications, Iberdrola, Spain

17.20h.

Exchange of ideas between the audience and the speakers on constructing a Europe-wide employee surveillance policy

• Strategy
• Negotiations
• Tools
• Auditing

Speakers and audience

17.40h.

Close followed by informal discussions on national issues with experts from Finland, France, Germany, Italy, the Netherlands, Spain, and the United Kingdom