***Open sessions can be viewed on YouTube by clicking their respective titles.***
Open Session
​
The Open Session is open to the local and international business communities for registration and will highlight panel discussions on some of the most relevant global 'privacy' topics.
Sunday, October 15th, 2023: Welcome Reception
​
The Welcome Reception will feature an opening keynote address, panel discussion and a performance by the Gombeys.
​
6:00pm Event Welcome
Blanca Lilia Ibarra - Commissioner and President, National Institute for Transparency, Access to Information and Personal Data Protection, Mexico
Rena Lalgie - Her Excellency the Governor of Bermuda
Alexander White - Privacy Commissioner for Bermuda
​
Keynote:
Dr. Charlotte Andrews - Head of Cultural Heritage, The Bermuda National Trust
​
6:30pm Session 1: Privacy Law Developments in the Caribbean Community
​
Panel Lead/Moderators:
​
Stewart Dresner – Chief Executive, Privacy Laws & Business
Laura Linkomies – Editor, Privacy Laws & Business
​
We are delighted to welcome the GPA to our corner of the world with this regionally focused panel. In this session, our discussions will provide a round-up to compare and contrast current national privacy laws and issues in the Caribbean region, as well as exchange experience from new data protection authorities in small jurisdictions and from organisations facing compliance challenges. Join us to see how privacy and data protection rights are being built right now.
Panelists:
​
Dr. Patrick Anglin - DPO, The University of the West Indies, Jamaica
Lisa Greaves - Data Protection Commissioner, Barbados
Bartlett Morgan - Director of Chancery Advocates in Barbados
Dr. Marisa Stones - Cabinet Office, PATI/PIPA Unit - Government of Bermuda
Laura Schwartz-Henderson - Advocacy and Research Advisor, Internews, US
Michael Wright - Data Protection Commissioner, The Bahamas
​
7:45pm Opening Reception
​
Hosted by The Office of the Privacy Commissioner for Bermuda
​
​
​
​
& Sponsored by Bacardi Ltd
​
​
​
Monday, October 16th, 2023 (9:00 am - 4:30 pm)
​
9:00am Opening Declaration/Introduction
9:05am Welcome
​
The Hon. Vance Campbell, JP, MP - Minister of Tourism and Cabinet Office, Bermuda
​
9:15am Advancing Technology Policy: A Fireside Chat with Deirdre K. Mulligan
Deirdre K. Mulligan - Principal Deputy U.S. Chief Technology Officer, Head of the White House Office of Science & Technology Policy (OSTP)’s Technology policy team
Jules Polonetsky - CEO, Future of Privacy Forum
​
9:45am Coffee Break
​
10:00am Session 2: Clear and Present Harms
​
Panel Lead/Moderator:
​
Commissioner Patricia Kosseim - IPC Ontario, Canada
​
What is privacy regulation supposed to achieve? How do we calibrate both the harms and benefits of data processing? Why does a reflection on the societal harms of technologies like AI matter? These are some of the questions to be discussed during this important session. Discussion will include the role of data protection authorities as front-line defense, as well as the reasonable, appropriate and fair use of data within the context it was intended.
Panelists:
​
John Edwards - Commissioner, ICO, UK
Kashmir Hill* - Technology Reporter, New York Times
Dr. Teresa Scassa - Canada Research Chair in Information Law and Policy, University of Ottawa
Rebecca Slaughter - Commissioner, Federal Trade Commission
Dr. Jeni Tennison - Connected by Data, UK
Zee Kin Yeong - Chief Executive, Singapore Academy of Law
*pre-recorded contributor
11:15am Session 3: What Can DPAs Learn from Other Regulators?
​
Panel Lead/Moderator:
​
Claudia Berg - General Counsel, ICO, UK
​
In this panel, we will explore the intersection of privacy and other regulatory spheres, such as competition law, to discuss the substantive or perceived tensions and synergies. This session will reference case studies that show ‘real world’ examples and talk about the practical realities and lessons for cooperation between different types of regulators that can provide mutual benefits in regulatory action.
Panelists:
​
Dr. Ana Brian Nougreres - Special Rapporteur on the right to Privacy, United Nations
Ulrich Kelber - Federal Commissioner for Data Protection and Freedom of Information, Germany
Jessica Rich - Kelley Drye & Warren
Ashkan Soltani - Executive Director, California Privacy Protection Agency
12:30pm Lunch
​
Sponsored by IAPP
​
​
​
​
​
1:45pm Session 4: Financial Services and Data Protection
​
Panel Lead/Moderator:
​
Vivienne Artz, OBE FCSI (Hon) – Strategic Advisor, Centre for Information Policy Leadership (CIPL)
​
This panel discussion will focus on the innovative privacy and data protection issues faces by the financial services industry. From anti-money laundering to Central Bank Digital Currencies, digital assets to the global inter-connectivity of financial services systems, this panel will explore how the personal information requirements of financial services can be successfully integrated with privacy and data protection responsibilities.
Panelists:
​
Lori Baker - Vice President - Legal and Director of Data Protection, DIFC
Jem Davis* - Data Protection Manager, Bank of England
Karamoko Dickens - Co-founder and C.E.O., Conci Bermuda Limited
Tami Dokken - Former Chief Data Privacy Officer, World Bank
Geoffrey Faiella - VP, Head of Legal & Regulatory Compliance, Clarien Bank Limited
Alessandra Pierucci - Garante Italia, and Coordinator of the EDPB Financial Matters Expert Subgroup
*pre-recorded contributor
​
3:00pm Coffee
3:15pm Session 5: Shifting Focus - Looking Towards AI and Emerging Technologies
​
Panel Lead/ Moderators:
​
Caitlin Fennessy – VP, Chief Knowledge Officer, IAPP
Brenda Leong – Partner, BNH, AI
Never before have emerging technologies had such a profound impact on privacy. This panel session will discuss the continued expansion of artificial intelligence systems, in particular Machine Learning systems, for an analysis of what DPAs must consider in order to evaluate "fair" outcomes, along with data protection requirements impacting AI and other emerging technologies. How can DPAs identify and address the risks around new AI applications? Does AI fit into existing regulatory models? Where do those models fall short, and what new oversight tools should be considered?
Panelists:
​
Dr. Halefom Abraha - Postdoctoral Researcher, Bonavero Institute of Human Rights, University of Oxford
Che Chang - General Counsel, OpenAI
Philippe Dufresne - Privacy Commissioner, Canada
Guido Scorza - Garante Italia
​
​
4:45pm Exclusive side-event brought to you by Future of Privacy Forum
​
​
​
​
Public Data, Free For All? Global Advances in Protecting Publicly Available Personal Data
​
This side event explores the approaches of key jurisdictions around the world to protecting publicly available personal data, an issue which is now front and center to data protection and AI governance. Such data is an important source for training AI models and fueling machine learning. At the same time, publicly available personal data is also relied on by researchers to study disinformation and hate speech, manipulation of electoral processes, censorship across the web and so forth. Join us to discuss these questions, among others:
• What are the lawful grounds for collecting and processing personal data that is publicly available, considering these various competing interests?
• What is old and what is new in the legal issues around accessing and processing publicly available personal data, due to developments of AI? What are the lessons we can draw from decades of online search engines and access to public Information?
• What role does Data Protection/Privacy by Design play in how personal data is made publicly available and in how it is subsequently collected and accessed?
​
Moderator:
Jules Polonetsky - Chief Executive Officer, Future of Privacy Forum
​
Panelists:
​
Tobias Judin, Head of the International Department, Norwegian DPA
Pansy Tlakula, Chairperson of the Information Regulator of South Africa
Hielke Hijmans, President of the Litigation Chamber and Member Executive Board of the Belgian Data Protection Authority
Blanca Lilia Ibarra, President Commissioner, INAI Mexico
​
Tuesday, October 17th, 2023
​
8:30am Session 6: Risk is our Business
​
Moderator:
​
Trevor Hughes – President and CEO, IAPP
​
Data protection authorities and organisations that use data must examine and understand risks in order to accomplish their respective missions while protecting the rights of individuals. In this panel, we will engage in a discussion on the nature of risk, how to quantify and explain risk, and how regulators can best set their expectations for risk-based decisions and identifying and mitigating harms in context of beneficial uses of data.
Panelists:
Mar España - Director, Spanish Data Protection Agency
Naomi Lefkovitz - Senior Privacy Policy Advisor in the Information Technology Lab at the National Institute of Standards and Technology, U.S. Department of Commerce
Emma Martins - Data Protection Commissioner, Guernsey
Anu Talus - Commissioner Finland/ Chair of the European Data Protection Board (EDPB)
Suzanne Williams-Charles - Director of Policy and Regulation, ABIR
9:45am Coffee
10:00am Session 7: Indigenous Perspectives on Privacy
​
Moderator:
​
Commissioner Michael McEvoy – OIPC BC, Canada
​
Panel session designed to provide unique perspectives on data privacy and examine the alignment of non-traditional world views with the modern legal perspective on privacy and data protection. Discussion will take a conversational approach and will include pre-recorded video perspectives regarding the most pressing privacy issues faced by indigenous peoples around the world.
​
Panelists:
​
Dr Jonathan Dewar - First Nations Information Governance Centre (Canada)*
Mercy King'ori - Future of Privacy Forum
Dr Tahu Kukutai - The University of Waikato*
Guest Speaker*
Prof Gehan Gunasekara - The University of Auckland
Josefina Román Vergara - Commissioner, Instituto Nacional de Transparencia, Acceso a la Información y Protección de Datos Personales, México
*pre-recorded contributor
11:15am Giovanni Buttarelli Award 2023
Presented by EDPS and INAI
11:45pm Lunch
1:00pm Session 8: Data Transfer Mechanisms
​
Moderator:
​
Bojana Bellamy – President, CIPL
​
The panel will assemble experts to discuss the various global efforts to promote consistency and interoperability in data transfers. What do these efforts have in common? Where are the divergences? Our session aims to capture the momentum on various developments regarding international data transfers law, policy, and practice, and to discuss the shared path forward, in which we as a global community can encourage and offer practical solutions and best practices for enabling trusted and accountable data flows that benefit individuals, organisations, governments, and our digital societies and economies.
Panelists:
​
Beatriz de Anchorena - Director of AAIP, National Data Protection Authority, Argentina
Yuji Asai - Commissioner, Personal Information Protection Commission, Japan
Elizabeth Denham, CBE - Chief Policy Strategist, Information Accountability Foundation
Bruno Gencarelli - Head for International Affairs and Data Flows, DG Justice and Consumers, European Commission
Neema Singh Guliani - Deputy Assistant Secretary for Services, International Trade Administration, U.S. Department of Commerce
Alex Joel - Senior Project Director, American University of Washington College of Law
Immaculate Kassait - Data Protection Commissioner of Kenya
2:15pm Session 9: A Call to Action
​
Moderator:
​
Commissioner Alexander White – PrivCom, Bermuda
​
Panelists:
​
Teki Akuetteh - Founder & Executive Director, African Digital Rights Hub
Malcolm Crompton - Founder & Partner, IIS Partners
Eduardo Ustaran - Partner, Hogan Lovells
Wojciech Wiewiorowski - European Data Protection Supervisor
Zee Kin Yeong - Chief Executive, Singapore Academy of Law
Dr. Gabriela Zanfir-Fortuna - Vice President for Global Privacy, Future of Privacy Forum
​
3:30pm Coffee
​
3:45pm Exclusive side event hosted by the European Commission
​
International Cooperation in Action: The Role of the GPA
Moderator:
Delores Dozo
International cooperation in data protection is a pre-requisite to respond to today’s integrated digital economy. As an influential and unique international forum, the GPA has played a key role in advancing international cooperation between regulators and beyond.
As the need for greater and more granular international cooperation continues to grow, this session will explore avenues for authorities, governments, and international bodies to “deliver” international cooperation in practice and work together for the advancement of modern data protection standards based on shared values as well as effective enforcement. In particular, as the GPA is taking stock of its achievements of the past years and preparing its new Strategic Plan, the discussion will explore how the GPA is uniquely positioned to support coordination for effective cooperation and enforcement in the digital age, including through exploring new avenues and identifying novel solutions.
​
Panelists:
​
Beatriz de Anchorena - Director of AAIP, National Data Protection Authority, Argentina; Member of GPA ExCo & Chair of GPA Strategic Direction Sub Committee
Cecilia Siu - Assistant Privacy Commissioner for Personal Data, Hong Kong
Gregory Smolynec - Deputy Privacy Commissioner, Canada
Ulrich Kelber - Federal Commissioner for Data Protection and Freedom of Information, Germany
Josefina Román Vergara - Commissioner, National Institute for Transparency, Access to Information and Personal Data Protection, Mexico
Omar Seghrouchni - President of the National Commission for the Protection of Personal Data, Morocco
Alexander White - Privacy Commissioner, Bermuda
5:30pm Exclusive side-event brought to you by META
​
​
AI and Society: Opportunities and Challenges for Responsible AI Development
​
Moderator:
Cecilia Alvarez - Director of Privacy Policy Engagement, EMEA, Meta
Artificial intelligence (AI) is rapidly transforming our world. From powering voice assistants to detecting fraud, AI is used in a wide variety of ways to improve how we live and work.
In addition to the flashy examples of AI, such as self-driving cars, facial recognition, or personalization, there are numerous other use cases of AI. In healthcare, AI is utilized to develop new drugs, diagnose diseases, and provide personalized care. In finance, AI is harnessed to detect fraud, manage risk, and make investment decisions. In education, AI is deployed to personalize learning, provide feedback, and grade assignments. In customer service, AI is in use to automate tasks, answer questions, and resolve issues. These are just a few examples of the many use cases for AI. As AI technology continues to develop, we can expect to see even more innovative and ground-breaking applications of AI in the years to come.
This panel will explore the many faces of AI. Experts will share how state of the art AI technologies generate impact in their respective sectors. The speakers will also discuss the ethical implications of AI and how to ensure that AI is developed in a responsible manner.
​
Panelists:
Gabriel Stefanini Vicente - Data Scientist at the Development Data Group, World Bank
Monika Tomczak-Gorlikowska - Chief Privacy Officer, Prosus Group
Teki Akuetteh - Founder & Executive director, Africa Digital Rights Hub
​
​
​
Wednesday, October 18th, 2023
10:00AM Networking Break: Sponsored by CCS Group Limited
​
​
​
​
4:00pm Report from the International Working Group on Data Protection in Technology (IWGDPT)
​
Moderator:
Ulrich Kelber - German Federal Commissioner for Data Protection and Freedom of Information, Chair and Secretariat for IWGDPT / "Berlin Group”
- What is the IWGDPT / Berlin Group? Presentation by Ulrich Kelber, Chair IWGDPT / Berlin Group
- What does the IWGDPT / Berlin Group do? Presentation by Sharon Azarya, PPA Israel on the "Smart Cities" Working Paper
​
4:30pm Exclusive side-event brought to you by CIPL
​
​
​
Responsible AI in Practice: Risk Assessments, Responsibility of Different Parties, and Transparency
Moderator:
Bojana Bellamy - President, CIPL
The era of artificial intelligence and machine learning is upon us with all its benefits and promises as well as risks and challenges. This event will explore a range of important questions associated with the responsible development and deployment of AI and consider concrete examples of current best practices and attempts to address the risks and challenges.
​
Thursday, October 19th, 2023
3:00PM Open Side Event hosted by The Privacy Pro
​
​
A Practical Privacy Chat
Moderator:
Lauren Reid – Founder and Principal, The Privacy Pro
Join this informal, interactive conversation between peers and privacy leaders. The Privacy Pro will share:
• Our top 5 tips for effective collaboration between privacy and business
• Guidance for how to prioritize your time and energy for maximum impact and minimum stress
• Our favourite free privacy resources and guidance, and how we use them in our practice.
This event is open to anyone who wants to learn, share, and connect - no ticket required.
Location: Twain Boardroom – Hamilton Princess & Beach Club
​
Closed Session
​
The Closed Session is scheduled for Wednesday, 18th October through Friday, 20th October from 9:00am – 2:00pm daily and is available to GPA Membership only. Additional (closed) side events are listed below.
Note that supplementary events that are open to all attendees are listed above as part of the ‘Open Session’ Agenda, above.
​
Wednesday, October 18th, 2023
​
3:00pm Closed Session Side-Event: 2023 GPEN Meeting: Enforcing against Deceptive Design Patterns
​
Moderator:
Christopher Moulder - Assistant Commissioner, Investigations, The Office of the Privacy Commissioner for Bermuda
Panelists:
​
Sharon Azarya
Guilherme Roschke
Brent Homan
Hannah McCausland
​
Thursday, October 19th, 2023
​
3:30pm Managing Breach Notifications and Investigations (IEWG)
Moderator:
Brent Homan - Deputy Commissioner, Office of the Privacy Commissioner of Canada
​
IEWG Capacity Building Workshops provide authorities with a unique forum for exchanging experiences and perspectives on topics of particular interest to their operational and enforcement activities.
This year, the focus will be on “Managing Breach Notifications and Investigations”. Breaches
require mandatory notification in many jurisdictions, while other jurisdictions are contemplating
to amend their laws to include this important privacy protection mechanism. Whether an authority regulates in a mandatory regime or otherwise, managing breaches has been identified as a global challenge shared by all DPAs.
In this session, authorities from many parts of the world with different legal frameworks and
resources will share their strategies to manage breach notifications and investigations. They will
have the opportunity to share the corresponding challenges, potential solutions and practical
examples and tools that participants can leverage to improve and adapt their own processes.
​
Panelists:
​
Claudia Berg - The General Counsel, ICO, United Kingdom
Alejandro Londoño Congote - SIC, Colombia
Tobia Judin - Head of International Section, Datatilsynet Norway
Rachel Masterton - Deputy Commissioner, ODPA Guernsey
Sami Mohammed - Commissioner, ADGM, Abu Dhabi
John Henry D. Naga - Commissioner, NPC Philippines
Cecilia Siu - Assistant Privacy Commissioner, PCPD Hong Kong
5:00pm The DPA STRAT Project
Learning from each other’s strategies and getting ready for the challenges and opportunities of
digital regulation.
Moderators:
Steve Wood – Consultant, formerly UK ICO Deputy Commissioner
Marie Charlotte Roques-Bonnet – Consultant, formerly CNIL, Microsoft & Amazon
Seb Page – Consultant, formerly Deloitte
Join an experienced team of former industry leaders in a robust discussion about the initial
findings of their self-funded research project into DPA strategies. There will be an opportunity to
hear from senior leaders in DPAs who have led a strategy development process and a chance to share good practice, discuss challenges and opportunities.
​
​
LIGHTNING TALKS - ***Lightning Talks can be viewed on YouTube by clicking their respective titles.***
​
A series of informative and thought-provoking topics have been selected by the Programme Advisory Committee to be featured in short video recorded interludes throughout the programme agenda, a sample of topics and speakers are listed below:
​
FemTech - Ana Karen Cortés Viquez - Law and Technology International Consultant
​
How Artificial Intelligence Implicates Privacy - Prof Ryan Calo - Prof. of Law: University of Washington
​
Reading Minds: Neuro Privacy - Susie Alegre - author 'Freedom to Think'
​
What Data Protection is Not – Prof Dan Solove - George Washington University Law School, President and CEO TeachPrivacy
​
Perspectives on Ancestry and Genetic Information – Dr. Tahu Kukutai - University of Waikato
​
The Thing Speaks for Itself: Case study in granting legal personality to inanimate objects -
Prof Gehan Gunasekara - University of Auckland Business School
​
Data Protection as a Corporate Social Responsibility – Prof/Dr Paolo Balboni - Professor of Privacy, Cybersecurity, and IT Contract Law at the European Centre on Privacy and Cybersecurity (ECPC), Maastricht University
​
PPC Japan Update on DFFT Efforts in G7 – Chairperson Mieko Tanno - PPC Japan
​
Identifying Dark Patterns - Dr. Luiza Jarovsky - Lawyer, Ph.D. researcher: Author of 'The Privacy Whisperer', and CEO at Implement Privacy
​
Political Targeting on the Internet – Commissioner Meike Kamp - Berlin Commissioner for Data Protection
and Freedom of Information
​
Privacy Laws and Employment – Duncan Card - Partner, Appleby (Bermuda) Limited
​
A Cannon-Shot Rule for Data – Commissioner Alexander White - Privacy Commissioner for Bermuda
​
​