Global Data PrivacyMeeting today’s business challenges

4780

Contents

1 Global Data Privacy: today’s business challenges

2 Pinsent Masons’ Global Privacy Practice: how can we help you?

3 Our approach

5 Effective, actionable advice

8 International reach

10 Meet the team – local knowledge, global expertise

1

Pinsent Masons | Global Data Privacy

Global Data Privacy: today’s business challenges

Information about individuals, whether customers, prospects, employees or suppliers, is essential to business and government. However attitudes towards the use of that information vary significantly between international legal systems and cultures; for example, in some cultures there is a strong commitment to disclose personal information for law enforcement and commercial purposes, in others a deep-rooted concern that disclosure of private information to the state may imperil individual freedom. These variations pose challenges for global business because they have resulted in a range of different laws governing the use of personal information and, of equal importance, a range of different approaches among regulators, courts and the individuals themselves.

International businesses need to navigate these differences with confidence and, where feasible, avoid multiple or inconsistent underlying business processes in order to deliver goods and services to their customers. And they need to do so in a way that maintains the trust of their customers, employees and business partners.

Firm profilePinsent Masons is an award winning international law firm committed to providing TMT solutions aligned with business needs: structuring IT programmes; enabling innovation and business transformation; addressing under-performance and litigating to secure recompense for project failure.

With a 42-strong team, including 12 partners, based across our international offices in Europe, Asia and the Gulf, legal directories rate us among the strongest technology and sourcing law firms across the globe.

4780

Pinsent Masons’ Global Privacy Practice: how can we help you?Pinsent Masons has many years’ experience of navigating international data privacy laws to deliver user-friendly, practical advice that can be readily implemented and meets our clients’ commercial requirements.

Many of our client mandates are multi-jurisdictional in nature. We have developed cost effective methodologies and know how for handling such projects, often front-loading the advice to develop an expected outcome and using local firms to provide an ‘exception report’ for their jurisdiction rather than producing expensive stand-alone advice.

Over the years in handling cross-border data privacy, e-business and more recently cyber security issues, we have developed an extensive network of firms with relevant expertise in jurisdictions where we do not have our own offices. We draw on our extensive market knowledge to deliver consistent, effective advice seamlessly across the jurisdictions in which they operate.

In addition we provide legal insight and perspectives on the latest international data privacy issues facing global businesses through Out-law.com – our award-winning legal information service that carries up-to-the-minute business news and plain-English guidance giving practical tips on data protection and other laws. It is one of the most heavily-used legal websites in the world because its sole purpose is to make sure that when we know something of potential relevance to your business, you do too.

A cross section of our comprehensive expertise is outlined below, and covers all global information law issues:

Outsourcing, cloud & IT contracts

Ethical hotlines

Audits

Social media & privacy BCRs: programme implementation

Corporate transactions

Civil claims – cyber

Contentious subject access requests

Defending ICO & other DPAs’ sanctions/investigations

Governance design & Implementation

Advisory Transactional

Implementation

Training programmes

Marketing consents

Cross border transfers & BCRs: strategic assessment

Cyber & data security incidents

CookiesPrivacy impact

assessments

2

3

Pinsent Masons | Global Data Privacy

Our approachWe listen to your needs and work hard to deliver commercial advice, seamlessly across the relevant jurisdictions. The type of qualities you can expect from our team, wherever they are geographically based are:• In the UK, our team is ISEB qualified. In other jurisdictions, our team utilises our internal training and/or is working towards

IAPP qualifications• Project management training• Parallel specialisms relevant to the engagement at hand (generally, in employment, dispute resolution, TMT and/or IP)• Shared values: all of our team members are team players, used to working in multi-disciplinary teams and focused upon delivering

practical, commercial advice• In-house experience, gained either from practising as in-house counsel or during secondment, to further sharpen our commercial focus.

More than half of our team has in-house experience.

SmartPlan In addition to providing you with the comprehensive legal expertise as outlined above, we are also proud to offer you SmartPlan – our bespoke tool that we use to plan, organise and manage our resources, and reduce internal costs to achieve your commercial goals whilst keeping to the budget. SmartPlan gives you cost control and certainty, and an ability to plan the efficient use of our resources. SmartPlan gives you real-time comparisons between actual cost and budget for each phase and task in the project, facilitating transparent reporting.

In summary we make it our priority to provide you with practical, user friendly and effective advice.

Listening to you and your needs

How to ...?

Strategic options ...?

Budget & timetable ...?

The right partner for you

The perfect partnership

Our distinctive approach and innovative delivery

On budget: SmartPlan

On time: project management

User friendly: consistent, well- presented expertise

“Marc [Dautlich] is commended by sources for his ability to ‘find viable, pragmatic solutions for his clients’.”(Chambers 2012)

“It [Pinsent Masons Data Protection team] has an impressive portfolio of work, with strengths in advising both the private and public sectors. The firm has invested heavily in its data protection practice and this shows through in a number of impressive new client wins.”(Chambers 2013)

4780

Case study – A global professional services and insurance brokerage group The issueA global professional services and insurance brokerage group specialising in providing solutions on risk, strategy and human capital, needed a review of their personal data collection and usage practices in their operations across Asia Pacific.

The solutionWith our experience in multi-jurisdictional compliance projects, we assessed our client’s priorities and data transfer agreements across the relevant countries for compliance with the local law requirements, and advised on the implementation and rollout of appropriate and consistent data collection and usage practices across their Asia Pacific operations.

Case study – Telecoms regulator and government department of a nation state in the Gulf region The issueOur client, a nation state in the Gulf region, sought our assistance with the creation of a new privacy law within its jurisdiction, including associated consultation with key stakeholders.

The solutionOur extensive experience in advising government and regulatory bodies, combined with our trusted ability to provide comparative analysis of international data privacy legislation, meant that we were uniquely positioned to: advise our client as to what would be the best privacy model for their proposed legislation; draft the new law; and assist in the management of the public consultation process. With our role concluded, the law remains pending, with the Government due to finalise the draft upon the outcome of their internal decision making process.

4

5

Pinsent Masons | Global Data Privacy

Effective, actionable adviceOver the years we have developed tools to present our advice in ways that will reflect the needs of your business. Approaches of course differ between organisations as much as between jurisdictions; here are some of the tools and the background research that supports our team.

1. Visual, colour-coded advice, to assist in identifying the key issues effectively, and without unnecessary complexity

.uk .de .fr

Cooling off requirements

Delivery/Returns

Governing law/jurisdiction

Sales promotions (“2 for 1” etc)

Cookies/e – or mobile marketing

(Note: True red, amber and green palette not shown here.)

Case study – A leading international hospitality group The issueA leading international hospitality group required advice and the training of their internal counsel in regards to best practice, policy and compliance with the privacy and data protection issues surrounding their website and online marketing activities in the Middle East.

The solutionOur team of experienced TMT lawyers based in the UAE and Qatar attended the client’s offices to deliver comprehensive training in regards to the relevant privacy and data protection issues surrounding the client’s website, use of social media platforms and other online marketing activities. The advice included conducting preliminary audits of the client’s sites and activities to assess compliance and providing practical tips and policy recommendations as to how any areas of concern might be addressed in a manner that was both conscious of relevant legal requirements in the Middle East and the client’s wider global imperatives and operations.

47806

2. Competitor benchmarkingIn privacy and e-business, sometimes the most valuable insights involve benchmarking against your competitors. This is especially so in jurisdictions with unfair competition laws, like Germany and France, where it is competitors rather than regulators or consumers who may be the first party to challenge your consumer-facing terms, policies or sales or prize promotions.

As part of our value-added services, we can monitor the market for you in those jurisdictions, including review and comparison of:• Online consumer-facing terms• Online privacy policies and consent/fair collection notices• Sales promotions• Prize draw terms.

An example is set out below, which focuses on the retail sector.

Example: Retail Sector – test purchases made from local e-commerce sites in Germany and France

Topic Retailer A Retailer B Retailer C

Language No separate websites for different jurisdictions.

No translation option – website only available in English.

Separate websites for France and Germany.

France: option to have website in French, German or English.

Germany: option to have website in German, French or English.

Separate websites for France and Germany.

France: website is in English (there is an option to have it in French but this does not appear to be working). Some items are in French (part of the advertising, sections and buttons available).

Germany: website is available in English and German.

Currency Pounds Sterling Euros Euros

Payment Methods Mastercard, Visa Debit and Credit Card, Solo, Maestro, Switch (Switch is not available for France) or Delta card and American Express, Clubcard Plus, Clubcard Vouchers, Tesco Gift Card, eCoupons.

Visa, Mastercard, American Express, Maestro and Paypal.

France: Visa, Mastercard, American Express, Diners, Carte Bleue and Carte Bancaire.

Germany: American Express, Visa, Diners & Mastercard.

Refunds Once receive returned order, it will be inspected within 24 hours and, refund will be processed.

Normal refund policy applies.

Refunds credited to original method of payment.

Full refund within 28 days.

Case study – A leading international home credit business The issueA leading international home credit business needed a risk assessment of the various cloud computing solutions that it was considering adopting across its international operations.

The solutionOur experience in handling complex, multi-jurisdictional compliance projects combined with a clear understanding of an emerging technology was critical in providing user-friendly, practical and commercial advice which enabled our client to clearly evaluate the security and privacy issues and implement an effective, compliant solution.

7

Pinsent Masons | Global Data Privacy

3. Background research – information security incidents and potential costs arising

3

1123456

2

45

6

Lost memory stick

Stolen laptop

Cyber attack

IP theft by competitor

Low High

High

Overall Impact*

Likelihood

Key: US dollars

= $40,000

= $75,000

= $150,000

=$400,000

= $600,000

= $775,000

Employee insider act

Financial services mailing errors

* Predictions of likelihood and overall impact will vary among sectors and organisations and depend upon the specific facts of each case. Our findings reflect trends identified during our research, tested against experiences taken from our client practice.

Case study – A leading manufacturer in the automotive sector The issueA leading international manufacturer in the automotive sector based in Germany sought ongoing advice on international data protection aspects of its products and services, in particular regarding new business opportunities related to infotainment and connectivity systems but also on questions related to data protection and e-commerce laws in regard to the set-up of community platforms and webshop solutions.

The solutionOur experience in handling multi-jurisdictional projects combined with an in-depth understanding of the technology, products and services in question was and continues to be key in structuring our review in order to enable our client’s group companies to control, so far as possible, its exposure to data protection risk, and, injunctions filed by competitors or consumer organisations based on unfair competition laws.

47808

Our

rece

nt e

xper

ienc

e in

cro

ss-b

orde

r dat

a pr

ivac

y an

d/or

e-

busin

ess p

roje

cts

We

have

rece

ntly

man

aged

cro

ss-b

orde

r dat

a pr

ivac

y an

d/or

e-c

omm

erce

pro

ject

s in

each

of t

hese

mar

kets

:Ar

gent

ina

Aust

ralia

Aust

riaBa

hrai

nBe

lgiu

mBr

azil

Briti

sh O

ffsh

ore

Isla

nds

Bulg

aria

Cana

daCh

ile

Chin

aCo

lom

bia

Croa

tiaCz

ech

Repu

blic

Den

mar

kEs

toni

aFi

nlan

dFr

ance

Ger

man

yG

reec

e

Hon

g Ko

ngH

unga

ryIn

dia

Indo

nesi

aIre

land

Isra

elIta

lyJa

pan

Latv

iaLi

thua

nia

Luxe

mbo

urg

Mal

aysi

aM

alta

Mex

ico

The

Net

herla

nds

New

Zea

land

Nor

way

Peru

Phili

ppin

esPo

land

Port

ugal

Puer

to R

ico

Qat

arRo

man

iaRu

ssia

n Fe

dera

tion

Saud

i Ara

bia

Serb

iaSi

ngap

ore

Slov

akia

Slov

enia

Sout

h Af

rica

Sout

h Ko

rea

Spai

nSw

eden

Switz

erla

ndTa

iwan

Thai

land

Tuni

sia

Turk

eyU

nite

d Ar

ab E

mira

tes

Uni

ted

King

dom

Uni

ted

Stat

es o

f Am

eric

aU

rugu

ayVe

nezu

ela

Vie

tnam

Pinsent Masons | Global Data Privacy

We

have

rece

ntly

man

aged

cro

ss-b

orde

r dat

a pr

ivac

y an

d/or

e-c

omm

erce

pro

ject

s in

each

of t

hese

mar

kets

:Ar

gent

ina

Aust

ralia

Aust

riaBa

hrai

nBe

lgiu

mBr

azil

Briti

sh O

ffsh

ore

Isla

nds

Bulg

aria

Cana

daCh

ile

Chin

aCo

lom

bia

Croa

tiaCz

ech

Repu

blic

Den

mar

kEs

toni

aFi

nlan

dFr

ance

Ger

man

yG

reec

e

Hon

g Ko

ngH

unga

ryIn

dia

Indo

nesi

aIre

land

Isra

elIta

lyJa

pan

Latv

iaLi

thua

nia

Luxe

mbo

urg

Mal

aysi

aM

alta

Mex

ico

The

Net

herla

nds

New

Zea

land

Nor

way

Peru

Phili

ppin

esPo

land

Port

ugal

Puer

to R

ico

Qat

arRo

man

iaRu

ssia

n Fe

dera

tion

Saud

i Ara

bia

Serb

iaSi

ngap

ore

Slov

akia

Slov

enia

Sout

h Af

rica

Sout

h Ko

rea

Spai

nSw

eden

Switz

erla

ndTa

iwan

Thai

land

Tuni

sia

Turk

eyU

nite

d Ar

ab E

mira

tes

Uni

ted

King

dom

Uni

ted

Stat

es o

f Am

eric

aU

rugu

ayVe

nezu

ela

Vie

tnam

Case study – Multinational energy businessThe issueOur client, a multinational energy business, sought our advice on the international compliance aspects of its proposed rollout of a global collaboration platform, hosted outside Europe, to co-ordinate client-facing projects across its international operations.

The solutionOur expertise in conducting cross-border projects of this nature and our proven track record in obtaining advice upon, and presenting in user-friendly fashion, often subtle differences in local laws was critical in structuring the review so that each client group company was able to control, so far as possible, its exposure to data protection and related risks.

Case study – A major investment company with active shareholdings and investments in diverse sectors based in Asia The issueIn light of new data protection laws in its jurisdiction, a major investment company with active shareholdings and investments in diverse sectors based in Asia recently sought our assistance to review its organisational practices and processes and to help implement a new and comprehensive data protection compliance program.

The solutionWith our international and practical experience in advising on the compliance of data protection requirements, we delivered training to our client’s key stakeholders about the new data protection regime and have been working with our client to assess whether it has appropriate and consistent polices and guidelines in place setting out data protection governance standards and also to deliver solutions to cover any identified gaps.

9

478010

Meet the team – local knowledge, global expertise

Marc Dautlich Cerys Wyn-Davies Peter Bullock Roger PhillipsIan Birdsey

Marc DautlichPartner, Global Head of Information LawLondon T: +44 (0)20 7490 6533M: +44 (0)7984 405672E: marc.dautlich@pinsentmasons.com

Cerys Wyn-DaviesPartnerBirmingham T: +44 (0)121 625 3056M: +44 (0)7836 527690E: cerys.wyn-davies@pinsentmasons.com

Peter BullockPartnerHong Kong T: +852 2294 3438M: +852 9104 5966E: peter.bullock@pinsentmasons.com

Roger PhillipsLegal Director Doha T: +974 4426 9206M: +974 6661 4082E: roger.phillips@pinsentmasons.com

Ian BirdseySenior AssociateLondonT: +44 (0)20 7490 6446M: +44 (0)7584 385496E: ian.birdsey@pinsentmasons.com

“Pinsent Masons houses an impressive data protection team which is capable of handling both contentious and non-contentious matters across a range of industry sectors. The team acts for an impressive array of clients in this sphere.”(Chambers 2012)

11

Pinsent Masons | Global Data Privacy

Florian Von Baum Stephan Appt Annabelle Richard Diane MullenexBryan Tan

Stephan ApptLegal DirectorMunichT: +49 89 203043 561M: +49 174 3332856E: stephan.appt@pinsentmasons.com

Diane MullenexPartnerParisT: +33 1 53 53 09 71M: +33 6 21 17 64 14E: diane.mullenex@pinsentmasons.com

Bryan TanPartnerSingaporeT: +65 63 058 490E: bryan.tan@pinsentmasons.com

Florian Von BaumPartnerMunichT: +49 89 203043 537M: +49 172 368 01 88 E: florian.vonbaum@pinsentmasons.com

Annabelle RichardLegal DirectorParisT: +33 1 53 53 02 23M: +33 6 21 17 64 05E: annabelle.richard@pinsentmasons.com

4780

Notes

Notes

4780www.Out-Law.comwww.pinsentmasons.com

Pinsent Masons LLP is a limited liability partnership registered in England & Wales (registered number: OC333653) authorised and regulated by the Solicitors Regulation Authority and the appropriate regulatory body in the other jurisdictions in which it operates. The word ‘partner’, used in relation to the LLP, refers to a member of the LLP or an employee or consultant of the

LLP or any affiliated firm of equivalent standing. A list of the members of the LLP, and of those non-members who are designated as partners, is displayed at the LLP’s registered office: 30 Crown Place, London EC2A 4ES, United Kingdom. We use ‘Pinsent Masons’ to refer to Pinsent Masons LLP, its subsidiaries and any affiliates which it or its partners operate as separate

businesses for regulatory or other reasons. Reference to ‘Pinsent Masons’ is to Pinsent Masons LLP and/or one or more of those subsidiaries or affiliates as the context requires. © Pinsent Masons LLP 2014.

For a full list of our locations around the globe please visit our websites: