The 12th Annual Sedona Conference International Programme on Cross-Border Data Transfers and Data Protection Laws

Monday, June 7, 2021 - 10:00am to Wednesday, June 9, 2021 - 1:15pm

Online (Zoom)

                     Join the Leading Global Data Protection Authorities in Dialogue!

The 12th Annual Sedona Conference International Programme on Cross-Border Data Transfers and Data Protection Laws will convene online on 7-9 June 2021.

The Programme will address cross-border data transfers relating to commercial operations, government investigations, and discovery in litigation, and the related compliance, privacy and security issues. The Programme will provide the expert dialogue The Sedona Conference is known for between leading global data protection authorities, corporate counsel, outside counsel, and service providers. This distinguished group of faculty will lead all Programme participants in assessing how cross-border data transfers, privacy, and data security across the globe – but particularly in the United States and Europe – have evolved since the full implementation of the EU General Data Protection Regulation (GDPR) nearly three years ago. There will be benchmarking on information governance among corporate counsel at multinational corporations.  Key data protection authorities will provide insights into their challenges and priorities in their enforcement and advisory roles under their data protection regimes.  We also will engage in dialogue concerning the challenges presented by the interaction of data protection and new technologies, the recent developments in privacy and security in China, and the extraterritorial reach of various privacy and data security laws and regulations. 

Please see the full agenda below.  

Unlike other continuing legal education programs, all faculty members are asked to be present for the entire Programme and participate in all aspects of the Programme. The format involves dialogue not only among faculty members, but also with the Programme participants, who are invited and encouraged to contribute their comments and perspectives to the dialogue.

Attendance at the Programme is by invitation only to ensure a proper balance of participants and is limited in size to ensure that we have an intimate environment for meaningful dialogue.


Ropes & Gray LLP

London, United Kingdom

Confirmed Faculty


London, United Kingdom

Littler Mendelson, P.C.

New York, NY, USA

Kellerhals Carrard

Basel, Switzerland

European Data Protection Supervisor

Brussels, Belgium

Harris Bricken

Seattle, WA, USA

U.S. Dept. of Commerce

Washington, DC, USA

Morgan Stanley

London, United Kingdom

Chair of the European Data Protection Board

Brussels, Belgium

Dentons China

Shanghai, China

UK Government Department for Digital, Culture, Media & Sport

London, United Kingdom


Waterloo, Belgium


Dublin, Ireland

Ireland Data Protection Commission

Dublin, Ireland

Orrick Herrington & Sutcliffe LLP

Duesseldorf, Germany


San Diego, CA, USA

Perkins Coie LLP

Beijing, China

The Sedona Conference

Phoenix, AZ, USA

Brazilian Data Protection Authority (ANPD)

Brasilia, Brazil

The Sedona Conference

Phoenix, AZ, USA


Time Session Panelists
  Monday, 7 June 2021 (all times EDT)  
10:00 — 10:15 Welcome and overview Massey, Weinlein, Withers
10:15 — 11:30 GDPR three years on: From the page to practice Backhouse*, Greenstein, Harriman, McDermott
  The European Union General Data Protection Regulation (GDPR) went fully into effect on 25 May 2018. We convene online just over three years later, at a time when organizations and regulators are facing the challenge of operationalizing, and enforcing, privacy and data security compliance programs of all shapes and sizes. A panel of distinguished practitioners will focus on how organizations and regulators are grappling with their respective obligations under the GDPR and what a defensible compliance program looks like in practice.  
11:30 — 12:00 Break  
12:00 — 13:15 Information governance roundtable Artz, Brupbacher*, Harriman, Louveaux, McDermott
  Leading in‐house legal and technical professionals from global corporations will lead a dialogue on information governance considerations pertaining to cross‐border data transfers, privacy, and data security that organizations should be focused on to facilitate and monitor compliance and minimize legal exposure. They will discuss how their information governance programs are organized, changes to these programs in light of new data protection regimes, and investigation of data incidents, both in terms of internal corporate compliance and external consumer‐facing programs. They will share how interactions with regulators have changed under GDPR and offer perspectives on how they are addressing the challenge of competing legal regimes and requirements developing outside of the EU.  
Time Session Panelists
  Tuesday, 8 June 2021 (all times EDT)  
10:00 — 11:45 Data protection authority (DPA) roundtable Buchta, Greenstein, Jelinek, Jones, O'Carroll, Schroeder*, Wimmer
  Global DPAs will lead a dialogue on their respective challenges and priorities in both their enforcement and advisory roles under global data protection regimes. The dialogue will also address technological developments being adopted and implemented in business, such as the use of end‐to‐end encryption in international transfers, ephemeral messaging, and artificial intelligence (AI), and how they are shaping the outlook of regulators, legislators, and organizations.  
Time Session Panelists
  Wednesday, 9 June 2021 (all times EDT)  
10:00 — 11:15 Taking a different path: Privacy and data security in China Dickinson, Jiang, Shi, Sun, Withers*
  The People's Republic of China (PRC) has implemented several new laws significantly impacting privacy and data security, including the Multi‐Level Protection Scheme (MLPS), the foreign investment law, and the cryptography law. This panel will unpack these relatively new laws, explore their practical consequences for doing business in China or with Chinese‐based entities, and lead a dialogue on practical suggestions for maintaining the integrity of personal data, client confidences, and intellectual property.  
11:15 — 11:45 Break  
11:45 — 13:00 A global issue: Extraterritorial reach of privacy and data security laws and regulations Buchta, Jones, Louveaux, Massey*, Wimmer
  Privacy and data security laws and regulations are proliferating internationally. Some purport to be comprehensive, some are sector‐specific, and others address very narrow situations. No matter what the intended scope of the laws, they may contain provisions that intentionally, incidentally, or inadvertently reach outside the borders of the nation, state, province, or municipality that adopted them, leading to compliance headaches, traps for the unwary, and occasional litigation over applicability or enforceability. Even "data localization," which may appear to be strictly domestic, may have significant extraterritorial impact on foreign and multinational organizations. This panel will present concrete examples, explore the applicable principles of long‐arm jurisdiction and choice‐of-law, and propose strategies for the avoidance or resolution of conflicts.  
13:00 — 13:15 Closing Massey, Weinlein

*Panel Moderator