CPDP 2015: Data protection authorities and data protection officers ...

Описание: Data protection authorities and data protection officers: their relationships.

Organised by CPDP

Chair: Charles Raab, University of Edinburgh (UK)

Moderator: Ivan Szekely, Eötvös Károly Policy Institute (HU)

Panel: Emma Butler, LexisNexis/Elsevier (UK), Waltraut Kotschy, Data Protection Compliance Consulting (AT), Stephen McCartney, Royal Mail Group (UK), Peter Schaar, European Academy for Freedom of Information and Data Protection (DE)

DPAs and DPOs (or CPOs) both play important roles in ensuring legal compliance and promoting good data protection practice, but there may be tensions between them. An organisation might expect its DPO to be: (a) the DPA’s ‘agent’, reporting on unlawful activities; (b) the controller’s quasi-defence lawyer, concealing questionable operations from the DPA and discouraging data subjects from complaining; (c) a compliance officer, acting as an internal auditor. The DPO acts in a buffer zone between the data controller’s organisation and the DPA, but companies vary in the way they have developed and embedded DPO roles in their organisational practice, and in their intended purposes. DPAs vary in the way they relate to DPOs of regulated organisations, and in their expectations. This panel examines the DPA-DPO ‘pair’ through the eyes of experienced practitioners on both sides of the fence. They will address the following questions:

What are the relationships between DPAs and organisations’ DPOs?
Where do these relationships lie on a continuum between adversarial and collaborative?
Is there a danger of ‘regulatory capture’ through close relationships, whereby DPAs ‘go native’ and restrict the possibility of enforcing compliance on companies?
How are these relationships likely to change under the proposed Data Protection Regulation?