The 11th Annual Sedona Conference International Programme on Cross-Border Data Transfers and Data Protection Laws

Tuesday, June 18, 2019 - 8:30am to Wednesday, June 19, 2019 - 1:00pm

The Langham
Hong Kong

Returning to the Asia Pacific (APAC) region for the second time, the 11th Annual Sedona Conference International Programme on Cross-Border Data Transfers and Data Protection Laws will be held on 18-19 June 2019 at The Langham in Hong Kong. There will be a welcome reception at the Hotel in the evening of 17 June 2019, from 18:00 - 20:00.

With a concentrated focus on the APAC region, the 2019 International Programme will address cross-border data transfers for government investigations, discovery in litigation, and various business purposes, and the related compliance, privacy and security issues. We will assess how privacy and data security have evolved in Asia, and the impact of that evolution on cross-border data transfers and the operations of companies based inside and outside of the region. Since its full implementation nearly a year ago, the European Union General Data Protection Regulation (GDPR) has significantly impacted practitioners and organizations in APAC and across the globe, as have new and evolving data protection laws and frameworks throughout Asia. At the crossroads of these developments, the Programme will provide the expert dialogue it is known for between leading global data protection authorities, jurists, corporate counsel, outside counsel, and service providers, both on the faculty and among the Programme participants.

Unlike other continuing legal education programs, all faculty members are present for the entire Programme and participate in all aspects of the Programme. The format involves dialogue not only among faculty members, but also with the Programme participants, who are invited and encouraged to contribute their comments and perspectives to the dialogue.

Attendance at the Programme is by invitation only to ensure a proper balance of participants and is limited in size to ensure that we have an intimate environment for meaningful dialogue.

Hotel Accommodations

We have secured a highly favorable group rate of $2,160 HKD (currently $275.16 USD) + 10% service charge (buffet breakfast included at the Food Gallery) per night on a block of rooms at The Langham Hong Kong for the nights of 17-19 June 2019. The group rate is also available for the three nights preceding and the three nights following the Programme, but subject to room availability because no room block is held for these nights.

Complete hotel reservation information will be provided with your Programme registration confirmation email. Accordingly, you should submit an application for the Programme as soon as possible, so we can consider your application and extend an invitation to you to participate in the Programme in a timely fashion.

Working Group Meetings

In the afternoon of 19 June, following the conclusion of the International Programme, from 13:30-17:00, there will be a members' meeting of The Sedona Conference Working Group 6 on International Electronic Information Management, Discovery and Disclosure (WG6) (for more details, please visit the meeting webpage here). In the morning of 20 June, from 8:30-12:00, there will be a members' meeting of The Sedona Conference Working Group 11 on Data Security and Privacy Liability (WG11) (for more details, please visit the meeting webpage here).

You must be a Working Group Series (WGS) member to attend the WG6 and WG11 meetings.

If you are a WGS member who would like to attend either or both of the meetings, please indicate this during the application process for the International Programme – you will be prompted to select which meeting(s) you plan to attend.

If you are not a WGS member, you can sign up for a WGS membership here. Once a WGS member, one is eligible to become a member and take part in the activities of all Working Groups, including WG6 and WG11. If you have any questions about how to sign up for a membership or encounter any difficulties while doing so, please contact our office at

Corporate Counsel Meeting

There will be an off-site meeting of corporate counsel in the afternoon of 17 June, from 13:00-16:00. The meeting is limited to corporate counsel and The Sedona Conference leadership to discuss and benchmark cross-border transfer best practices in a more relaxed and informal setting. This intimate forum will allow for a discussion of issues of specific importance to in-house counsel. If you are invited to participate in the Programme, the organizers of this meeting will contact you separately with more details.



Hong Kong

Mayer Brown

Hong Kong


Spring, TX, USA

Redgrave LLP

Chantilly, VA, USA


National Privacy Commission

Pasay City, Philippines

Personal Information Protection Commission

Tokyo, Japan

Littler Mendelson, PC

New York, NY, USA

Kellerhals Carrard

Basel, Switzerland

Dorsey & Whitney LLP

Minneapolis, MN, USA

Center for Information Policy Leadership

Brussels, Belgium

Asian Business Law Institute




Swiss Re

Armonk, NY, USA

The Sylint Group

Sarasota, FL, USA

Norton Rose Fulbright US LLP

New York, NY, USA


San Francisco, CA, USA

Lee & Ko

Seoul, Korea

Vidhi Centre for Legal Policy

New Delhi, India

Federal Trade Commission

Washington, DC, USA

Crowell & Moring LLP

Washington, D.C., USA

The Sedona Conference

Phoenix, AZ, USA

Gilt Chambers

Hong Kong


Tuesday, June 18, 2019 - 7:30am to 8:30am

Privacy and data security in Asia: the cultural, economic, and legal evolution

Tuesday, June 18, 2019 - 8:45am to 10:00am
Panel Description: 

In recent years, the world has witnessed a profound change in awareness and in fundamental attitudes about privacy and data security. This has been driven by a number of factors such as digitization, economic globalization, increased individual awareness about data privacy, and recognition of the value of personal data as an economic asset. This has resulted in a spectrum of legal frameworks motivated by concerns about personal data privacy on one end, and the desire for an unrestricted flow of information in commerce on the other. The panel will lead a dialogue on the evolution of these changes in Asia.

Morning Break

Tuesday, June 18, 2019 - 10:00am to 10:15am

Practical impacts of the GDPR on APAC-based organizations

Tuesday, June 18, 2019 - 10:15am to 11:30am
Panel Description: 

The GDPR went into effect in the European Union (EU) in May of 2018, but its impact has reached far beyond the EU, affecting any organization anywhere in the world doing business in the EU, and global information infrastructure in general. This panel will lead a dialogue on whether and how countries in the APAC region have addressed GDPR in their own laws and regulations, and how APAC-based organizations have adjusted their privacy and data security practices in response to GDPR.

Court and regulatory enforcement update

Tuesday, June 18, 2019 - 11:30am to 12:45pm
Panel Description: 

Each year, the International Programme features a detailed discussion of recent court decisions—mostly from the United States—on privacy, data security, and cross-border data transfer issues. This year the focus has shifted to regulatory enforcement actions, as European data protection authorities closed out their dockets under their old national laws and started enforcement under GDPR. One year in, the GDPR is already resulting in notable decisions providing guidance for practitioners, with sizeable fines in a few exemplar cases. Data protection authorities in the APAC region are flexing their regulatory muscle as well. Our panel of privacy and data security legal scholars will lead a dialogue on the most instructive cases from the past year.

Data protection authority (DPA) roundtable

Tuesday, June 18, 2019 - 2:00pm to 3:30pm
Panel Description: 

Global data protection authorities will lead a dialogue on their respective enforcement priorities and advisory roles under global data protection regimes. The panel will also discuss how the regulatory enforcement and consultation structure impacts organizations. The dialogue will focus in particular on data transfer requirements and recent regulatory developments.

Cross-border internal and regulatory investigations in APAC

Tuesday, June 18, 2019 - 3:45pm to 5:00pm
Panel Description: 

Internal investigations and cross-border regulatory investigations can present unique challenges to organizations seeking to comply with an array of global privacy laws, blocking statutes and data localization laws. The increasing regulatory complexity in APAC adds to the risk. Regulators are increasingly familiar with these challenges, but nonetheless require companies to meet their obligations to conduct fulsome investigations and produce relevant materials. A panel including in-house counsel from global corporations will lead a dialogue on practical approaches to effectively conduct internal investigations and comply with government inquiries, while nevertheless remaining in compliance with data protection laws.


Wednesday, June 19, 2019 - 8:00am to 9:00am

Towards a model data protection and data security framework: What can we learn from recently developed laws or frameworks in the region?

Wednesday, June 19, 2019 - 9:00am to 10:15am
Panel Description: 

We have several years of experience with different approaches to privacy and data security regulation world-wide. What strategies have been the most or least effective? What have been the measurable benefits or costs? What problems have been solved, what have become more severe, and what can we anticipate in the future? The panel will lead a dialogue on various legislative and regulatory approaches that have been taken with respect to privacy and data security, with a particular focus on APAC, and discuss the elements that might lead to a convergence of policies, or at least minimize conflict globally.

Morning Break

Wednesday, June 19, 2019 - 10:15am to 10:30am

Choice of law for data in the international context

Wednesday, June 19, 2019 - 10:30am to 11:45am
Panel Description: 

The Sedona Conference Commentary and Principles on Jurisdictional Conflicts Over Transfers of Personal Data Across Borders will be published for public comment in advance of the International Programme. This Commentary builds on the historic principles of “choice of law” and “law of the sea,” which resulted in treaties and norms of international commerce in the 19th and 20th centuries. The Commentary proposes extension of well-established principles of international law to the field of cross-border transfers of personal data. Through the use of a number of hypothetical scenarios, the panel will utilize the six basic Principles and related analysis, and lead a dialogue with the Programme attendees to ensure that the final publication incorporates consideration of the legal culture and practical realities of digital commerce in the APAC region.

Global data incident and breach response

Wednesday, June 19, 2019 - 11:45am to 1:00pm
Panel Description: 

In recent years there have been countless country-specific data protection laws and regulations enacted that dictate requirements for handling potential data breach response and notification. This panel will lead a dialogue on how companies are managing often differing and competing notification requirements, particularly as related to notice timing and the definition of a breach in various jurisdictions. In order to determine when an incident rises to the level of a legally defined breach, companies face numerous questions regarding the type of data involved, the security surrounding the system involved, and how the data may or may not have been accessed or further used. The panel will also address the current state and potential future state of data breach notification in the APAC region, discussing enforcement trends and regulatory collaboration across jurisdictions.