The Latest on BCR and CBPR, Is Interoperability to be Expected?

IAPP Global Privacy Summit 2016

04/05/2016 11:00 a.m. - 12:15 p.m.

Privacy + Data Security

Washington Marriott Marquis Hotel &
Walter E. Washington Convention Center
Washington, D.C. 20001

Lokke Moerel

Lokke Moerel

Speaking Engagement

Though BCR and CBPR took flight, companies considering introducing them still have many choices and concerns, including: Shall we choose CBPR, BCR or both? Is interoperability between the two systems foreseeable? What is the status of recognition of BCR in non-EEA countries? Are BCR a global solution? How can the gaps be addressed? The concept of BCR is also still in flux in the EEA: Even if BCR received EU authorization, they still require national authorizations in some member states. Recently the CNIL announced a simplified registration procedure. Is this really an improvement? Also BCR-P still requires national authorization. Until recently, the DPAs required that authorization should be obtained by the customers of the processor, as they are the controllers responsible for transfers. A solution is forthcoming.

What you’ll take away:

  • Status of BCR as a truly global tool
  • The current gaps and how to address them
  • What to expect in the global policy arena as to mutual recognition of BCR and CBPR
  • How to navigate the EU member states regarding the national requirements posed by individual countries on top of the EU authorization


Lokke Moerel, Senior Of Counsel, Morrison & Foerster


Caitlin Fennessy, CIPP/US, Senior Policy Advisor, U.S. International Trade Administration, APEC Data Privacy Subgroup

Sophie Nerbonne, Director of Compliance and Accountability, CNIL

Udo Oelen, Head Supervision, Private Sector, Dutch Data Protection Authority

Hirokazu Yamasaki, Deputy Director, Specific Personal Information Protection Commission, Japan

Email Disclaimer

Unsolicited e-mails and information sent to Morrison & Foerster will not be considered confidential, may be disclosed to others pursuant to our Privacy Policy, may not receive a response, and do not create an attorney-client relationship with Morrison & Foerster. If you are not already a client of Morrison & Foerster, do not include any confidential information in this message. Also, please note that our attorneys do not seek to practice law in any jurisdiction in which they are not properly authorized to do so.

©1996-2018 Morrison & Foerster LLP. All rights reserved.