Privacy and Cybersecurity Law Developments in China, the EU and the US: Cross-Border Alignment and Compliance

Friday, March 1, 2019
8:30 a.m. Registration & Breakfast
9:00 a.m. Welcome

Professor Robert Merges, Professor of Law and Co-Director, Berkeley Center for Law & Technology, UC Berkeley School of Law
Professor Guo Li, Vice Dean, Peking University Law

9:15 a.m. Setting the Stage

Professor Zhang Ping, Peking University Law School
Jim Dempsey, Berkeley Center for Law & Technology

9:30 a.m. Privacy and Cybersecurity Frameworks in China, Europe and the US: Do Recent Developments Herald Convergence or Confusion?

Although privacy law in the US has been characterized by the sectoral, or industry-by-industry, approach, the states, led by California, are adopting comprehensive laws. The US Congress may be compelled to follow, if only to preempt the states. Meanwhile, Europe is implementing the GDPR, with global impact, and China is developing robust frameworks for commercial data protection and cybersecurity. Are we likely to see convergence, or will companies operating globally face growing complexity? Do we even have agreement on what information is to be protected?

Christopher Millward, USITO

Professor Xue Jun, Peking University Law School
Bruce McConnell, EastWest Institute
Jeff Rabkin, Jones Day
Graham Webster, New America

10:45 a.m. Break
11:00 a.m.

Cybersecurity: Defining Reasonable Cybersecurity in a Global Marketplace

Across the globe, there are expanding legal mandates for “reasonable” cybersecurity of both critical infrastructure and commercial systems that hold consumer data. What is reasonable cybersecurity? Should standards be mandatory or advisory, technology-specific or flexible, absolute or risk-based? Who sets the standards? National governments, sector-specific regulatory agencies, independent standards setting bodies? And how do global companies develop products and services that will meet the legal test across multiple jurisdictions?

Samm Sacks, DigiChina Project, New America

Zhou Hui, Deputy Secretary General of China Cyber and Information Law Society
Jim Dempsey, Berkeley Center for Law & Technology
Andreas Kuehn, Senior Program Associate, EastWest Institute

Jim Dempsey

12:00 p.m. Lunch
1:00 p.m.

Data Governance and Consumer Privacy under GDPR, APEC, China, and US Frameworks

How should global companies develop privacy and cybersecurity strategies? How are companies responding to data localization requirements? Will the evolving legal systems allow the cross-border data transfers?

Li Yuanyuan, Assistant Dean, Director, External Affairs Office Deputy Director, Center for Public Participation Studies and Supports, Peking University Law School

Professor Zhang Ping, Peking University Law School
Phillip Armstrong, Privacy and Regulatory Affairs, Microsoft
Michael Hamilton, Chief Privacy Officer, Invitae

Prof. Zhang Ping

2:00 p.m. Break
2:15 p.m.

Enforcement: The Emerging Practice of Privacy and Cybersecurity Enforcement

Comparing Europe, the US and China, what are the core characteristics of an effective enforcement agency? Are enforcers cooperating across borders? Should regulators seek to ensure cross-border alignment of requirements? How can companies reconcile competing demands and respond to enforcement actions outside their headquarters country?

Jiang Huasheng, Judge, Guangzhou Intellectual Property Court, Guangdong Province


Zhang Xu, JDD
Jared Ho, Division of Privacy and Identity Protection, Federal Trade Commission
Francoise Gilbert, Greenberg Traurig

Francoise Gilbert

3:30 p.m.  Closing Ceremony

UC Berkeley School of Law certifies this event for 5.0 hours of CLE credit.