European Privacy Officers Network

European Privacy Officers Network

3rd meeting – 4 July 2002

Royal Cambridge Hotel

Trumpington Street, Cambridge, CB2 1PY

Telephone: + (44) (0) 1223-351631 Fax: + (44) (0) 1223-352972

9.15 / Coffee and Registration
09.30 / 1. Introduction

• Report from last meeting

/ Chair: David Trower

Sandra Kelman

Privacy Laws & Business

09.35 / 2. EPON’s Role
2.1Rules of Procedure –

• Confidentiality statement

• Membership issues (if any)

2.2Update on EPON/EPOF relationship / Chair: David Trower

Stewart Dresner,

Privacy Laws & Business and
Barbara Wellbery
Morrison & Foerster, Washington DC
09.45 / 3. EU draft directive on E-Communications
How to develop a workable e-marketing policy in light of the new EU draft directive on E-communications?
Introduction:
Points for members to discuss:
3.1. What can we learn from countries with similar permission based laws for e-communications?
3.2.Opting-in for e-mail and other forms of marketing – Are there any practical problems about a uniform policy for: - different countries?
- different media channels?
3.3.Problems of changing from opt-out to opt-in
-rewording of contracts for providers of mobile device services and content
-online shopping contracts
-wording of privacy policies
3.4.How do companies develop a permission- based marketing system? How do you develop a privacy sensitive culture in the marketing department?
3.5.Interpreting the boundaries of a “soft opt-in” (marketing to existing customers and customers for similar products and services)
3.6. Marketing to: - other members of your group of companies
-companies in which you have a majority holding
3.7. How to avoid ISPs filtering out legitimate bulk e-mail identified as spam?
3.8. How to interpret ‘clear and comprehensive’ information about cookies?
3.9. How should companies inform web users about the existence of cookies and how they may be disabled?
3.10.The advantages and disadvantages of P3P for blocking cookies?
3.11.Other / Jessica Hendrie-Liano Company Lawyer, Freeserve.com plc
All members to contribute to discussion
11.00 / COFFEE
11.20 / 3. EU draft directive on E-Communications
(continued) / All members to contribute to
Discussion
13.00 / LUNCH
14.00 / 4. How to develop and implement a global data protection policy
Points for discussion
4.1.Where to start: A blank sheet or a current country policy?
4.2.Setting objectives and agreeing scope: Reconciling different national legal cultures with top management’s business objectives
4.3. A comprehensive privacy policy or one limited to certain areas, such as employees or marketing? How detailed should the policy be?
4.4.How best to obtain feedback on your draft policy from various stakeholders?
4.5.Do you extend the privacy policy to countries which have no or few legal requirements? What do you do if top management considers that extending the policy to such countries would put your company at a disadvantage compared with competitors?
4.6. If you are not sure whether your policy is compatible with a country’s national privacy law, what practical actions do you take to determine whether or not it is compatible?
4.7. How do you plan to implement your privacy policy? Prioritise target groups.Timetable, budget, resources?
4.8. What tools do you use? Intranet, staff notices, training sessions, annual report, website?
4.9. Sustaining the privacy policy as a living document
4.10. Other / All members’ experience (5 – 10 mins each)
15.15 /

1. EPON Future Programmes

5.1.Next meeting: Hilton Hotel, Cardiff, September 12th, 2002
5.1.1.Developing the agenda 1:
European Union’s Article 29
DP Working Party
Guest speaker: Diana Alonso Blas LL.M European Commission, DG Markt, Data Protection Unit
Initial ideas:
-Participants in the Art. 29 WP: the role of the European Commission, the observers and the accession countries
-The Art. 29 DP Working Party’s relationship with the European Commission and the Art. 31 Committee
-Rules of procedure
-How the Art. 29 DP Working Party’s agenda is chosen and prioritised
-How the Art. 29 DP Working Party conducts discussions and reaches decisions
-Main subjects dealt with by the Art. 29 WP
-Tasks of the Art. 29 WP in legal and practical terms. For example, the WP’s role concerning European codes of conduct, adequacy decisions and model contracts.
-Publicity for the work of the Art. 29 WP
-Future plans
5.1.2.Developing the agenda 2:
EU draft directive on E-Communications: Traffic data retention
Initial ideas:
-How long will records need to be kept?
-How to manage the process of more public bodies gaining access to the data?
-What information are public bodies seeking – level of detail expected?
5.2. Programmes suggested and venues offered for future meetings
5.3. Other /

Stewart Dresner

Privacy Laws & Business
All members to contribute to discussion
All members to contribute to discussion
15.50 /

6.Summary

Action points / Secretariat
15.55
16.00 /

Close

TEA

/ Chair: David Trower

EPON Secretariat:

Sandra Kelman, Consultant, Privacy Laws & Business,

5th Floor, Raebarn House, 100, Northolt Road, Harrow, Middlesex, HA2 0BX, UK

Telephone: + (44) (0) 208 423 1300 Fax: + (44) (0) 208 423 4536

E-mail: Website:

Privacy Laws & Business

EPON Meeting 3

4 July 2002, Cambridge

Page 1 of 4