Mr Alexander White
Commissioner Alexander White serves as Bermuda’s first Privacy Commissioner, appointed by H.E. the Governor of Bermuda to take office in January 2020 as founding head of the country's data protection authority.
Mr White is a lawyer licensed in the United States (Illinois and the District of Columbia) and previously served as a US federal privacy advisor, appointed to the U.S. Department of Homeland Security Data Privacy and Integrity Advisory Committee (DPIAC) for a three-year term. He served as a founding member of the International Association of Privacy Professionals' Privacy Bar Section Advisory Board and is the founder of the IAPP State, Local, and Municipal Government Affinity Group.
Prior to establishing the Office of the Privacy Commissioner for Bermuda, Mr White served as State Deputy Chief Privacy Officer for the U.S. State of South Carolina, developing a statewide privacy program from its earliest days for over 70 state agencies and entities operating in finance, healthcare, education and higher education, law enforcement, and other sectors. In his early career, he worked as a lawyer, consultant, and non-executive director in insurance and education, focusing on emerging issues, enterprise risk management, regulatory compliance, government affairs, and product development, including cyber liability.
He hold a variety of privacy, legal, cybersecurity, and risk management qualifications and is a two-time graduate of the University of Georgia, where he earned a bachelor's degree in history and a Juris Doctor (cum laude), with further coursework and study with the Harvard Kennedy School, City University (London) Law School, Law Society of Ireland, Vrije Universiteit Brussels Institute for European Studies, Tsinghua University School of Law, and Fudan University Law School.
Sessions auxquelles Mr Alexander White participe
Lundi 10 Juin, 2024
Introduction While data protection regulations are adopted by a growing number of countries, there are some divergences in their adoption. Some jurisdictions also question the universal nature of the rig...
Mercredi 12 Juin, 2024
Introduction In this engaging session, the speakers explore the imperative of fostering international cooperation for data protection and privacy. High-level authorities will share their views on the ways to reinforce international cooperation and convergence in data protection. They will discuss identified challenges and opportunities to build an ocean of privacy that overcomes regio...
Vendredi 14 Juin, 2024
Introduction Following last year's discussion, this session will discuss and explore the possibility to support convergence and interoperability in the field of data protection certification between three major international data protection normative frameworks: Convention 108+ of the Council of Europe, the EU GDPR, and the Global CBPR Forum. It will also explore and discuss different...
Sessions auxquelles Mr Alexander White assiste
Lundi 10 Juin, 2024
This rich introduction to the Privacy and Democracy track represents a compelling journey into the heart of democratic values and individual privacy rights, featuring high-level speakers from the Italian Institute for Privacy and Data Valorisation and the European Centre for Certification and Privacy.
Introduction The concept of privacy can be found in many cultures. It has roots that extend far back in history across various cultural, political, and social traditions. This concept has especially reached legal milestones through the recognition and solidification of privacy and data protection as a fundamental human right in contemporary legal systems. With this engaging session, a...
Introduction The constant and rapid evolution of the digital landscape directly influences the roles and responsibilities of professionals tasked with safeguarding data privacy and ensuring regulatory compliance. This is especially highlighted by recent EU legislations, such as the Digital Services Act, Digital Markets Act, Data Act, Data Governance Act, together with European Data Sp...
Transparency and accountability are indispensable principles for modern data protection, from both, legal and technical viewpoints. Regulations such as the GDPR, therefore, require specific transparency information to be provided including, e.g., purposes, storage periods, or legal bases for personal data processing. However, it has repeatedly been shown that all too often, this information is practically hidden in legalese privacy ...
Introduction In democratic societies, the protection of individuals’ privacy is closely connected to the preservation of civil liberties, which in turn highlights the essential role that privacy rights play in sustaining democratic principles and fostering civic engagement. This enriching session will focus on the multifaceted ways in which privacy and democracy intersect, shaping the...
Most of the global initiatives in the field of artificial intelligence are designed as globally-minded soft regulation. “Soft” law or the Brussels Effect can complement but will not be able to replace “hard” law. In the case of AI, a technology that has the potential to revolutionise our society, what will make the difference is the enforceability of the law. In the EU’s AI Act, the EU co-legislators make a wise choice to depart fro...
Introduction The revised Convention 108 of the Council of Europe is being ratified by a growing number of countries. It will soon reach the required threshold to trigger the entry into force of the convention, as well as bring a paradigm shift in the landscape of global data governance. This session will discuss the key implications of this treaty, in addition to its role in shaping t...
Location: Scuola Grande di San RoccoIntroduction Privacy and democracy are pillars of modern society, both of which shape the contours of individual freedoms, social values, and governance structures. This session will focus on perspectives regarding privacy and democracy, by giving the floor to several authorities and high-level spea...
Introduction Digital transformation is heading towards growing data integrations in the form of large-scale data spaces. In line with the European data space strategy, this session will discuss the implications in terms of privacy and data protection, as well as present insights from European research projects, such as AD4GD and IDEA4RC. The panel will provide guidance on how to best ...
Introduction Democratic societies must address dual obligations: to protect their population and to preserve the fundamental rights of their citizens. They seek to balance national security interests wit...
Introduction The evolution of Earth observation allows to collect more and more granular data. Satellites, drones, and other technologies are capturing increasingly detailed imagery of our planet, which raises new questions on how to preserve privacy and ensure data protection by design and by default. It also raises challenges in terms of data subject rights, such as the right to acc...
Introduction This session will wrap up the track on privacy and democracy, by reflecting on the key insights, trends, and challenges discussed over the course of the sessions on privacy and democracy. Key questions and objectives What is the main takeaway on privacy and de...
Introduction This Welcome Reception invites you to discover the Privacy MelodIA: An original musical composition on data protection, performed in an outstanding setting and surrounded by the largest collection of Tintoretto’s paintings.
Mardi 11 Juin, 2024
The International Cooperation track serves as platform for dialogue, exchange, and collaboration, where we get to explore innovative solutions and build meaningful partnerships beyond borders and across various disciplines. This session offers an introductory discussion that brings together an esteemed panel of high-level speakers and experts, such as the Italian Minister of Justice, US Federal Trade Commissioner, Pr...
Introduction This session will explore regulatory frameworks and best practices in terms of video surveillance. It will explore the ethical, legal, and technical considerations that should be taken when applying video surveillance, exploring ways for reducing privacy risks without compromising security goals. Key questio...
Introduction Most companies perceive compliance with data protection regulations as a source of costs. This session will explore a new perspective: how to turn compliance into a source of economic and financial value creation, and how to move from cost to investment perspective. This session also focuses on the relationship between compliance efforts and their financial and economic e...
Introduction This session will discuss major national data regulation developments, with a focus on British, Canadian, and Indian regulations. Key questions and objectives What are the implications of these regulatory evolutions?
Introduction This session provides an in-depth analysis of the recent evolution and current status of cross-Atlantic data protection collaboration and convergence. It will discuss the challenges and opportunities for both regions to overcome their differences and develop common frameworks. The panel will consider the common interests and interdependencies of the two regions and their ...
Introduction We live in a world defined by unprecedented data flows and digital interconnectedness, which means that protecting personal information across borders has become a pressing concern. This session focuses on the progress in terms of multilateral data protection, with a focus on three major international organizations: the Council of Europe, the OECD, and the UN. ...
Introduction This session will analyze the policies, initiatives, and collaborative efforts undertaken by G7 member countries to establish solid frameworks that prioritize individuals’ privacy rights, while maintaining innovation and economic growth. The attendees will explore the challenges, responsibilities, opportunities, and aspirations in building a world where privacy and data r...
Introduction While national regulations are impacting data processing activities and data flows, international research seems to be more and more needed. This session will focus on the needs and opportunities to develop international cooperation to support research in privacy and data protection. It also aims to identify practical actions to move forward and set the basis of an intern...
Introduction Data protection is essential. This session will explore inspiring use cases of data processing for good. The transformative power of data could drive positive social impact and advance humanitarian causes. From using data analytics for disaster response to studying insights for sustainable development goals, the speakers on this panel will explore inspiring and innovative...
Introduction The panel of this session will examine the dynamic interplay among various European Data Regulations, including the Digital Markets Act (DMA), Digital Services Act (DSA), Data Act (DA), Artificial Intelligence Act (AIA), and Market in Crypto-assets Regulation (MICA). It will also focus on unraveling the complexities surrounding these regulations and offer insights into ov...
In an increasingly AI-driven world, we need effective tools to navigate the intersection of data privacy and technology. This session explores the dynamic landscape of privacy, cross-border data transfers, and the impact of artificial intelligence. We’ll delve into whether a trust gap exists and examine how those concerns are being addressed from a global regulatory perspective. We will also discuss practical steps that organizations can take to foster trust through privacy.
Introduction Through insightful discussions and comparative analyses, speakers in this session explore the dynamic landscape of data protection regulations and practices at regional levels. They will also discuss various regional perspectives, from Asia-Pacific to Africa and Latin America, as well as present a comprehensive view on ongoing regional evolutions, commonalities, and disti...
Introduction This session is dedicated to exploring tangible strategies and frameworks for fostering international cooperation in research in the field of data protection. From joint research programmes and calls, to mutualizing research infrastructures and expertise, the participants will discuss potential actions that could enhance collaboration across borders to drive forward meani...
In 2022 and 2023, the EU Agency for Fundamental Rights (FRA) conducted 70 interviews with heads and staff members of the EU-27 national Data Protection Authorities. Through these interviews, FRA collected experiences, challenges and good practices when it comes to enforcing the GDPR. In this report, FRA 1. identifies common trends and difficulties across Member States, 2. showcases how difficulties can practically harm the effective implementation of DPAs’ mandate, and 3. presents close to 40...
Introduction The EU GDPR entered into force on 24 May 2016 and is applicable since 25 May 2018. It had a worldwide impact and triggered the adoption of many similar regulations across the world. This session will explore the lessons learned. What has been successful and what could be considered for future regulatory evolution? Join top-level authorities and experts for an insightful e...
Mercredi 12 Juin, 2024
Introduction In humanitarian crises, every bit of information can be a lifeline for those in need, which makes data a vital factor in providing food, shelter, and basic human needs. In this session, the speakers will explore the fascinating relationship between data protection and humanitarian action, from aiding disaster response to tracking displacement trends, where data plays a cr...
Introduction In this session, discover how international cooperation and mutual assistance are reshaping the landscape of privacy regulation in order to uphold digital rights and combat global privacy threats. Experts on the panel will uncover the mechanisms, limits, and triumphs of collaborative privacy enforcement cooperation efforts, paving the way for a safer digital future. ...
Introduction The right to private communication is enshrined in several international treaties in the telecommunication, human rights, and humanitarian law domains. Quantum technology is expected to be soon able to uncypher encrypted communications. It poses a threat on conventional encryption methods and will constitute a major blow on confidentiality and privacy of electronic commun...
Introduction Global challenges increasingly transcend national borders, which means that the development and adoption of codes of conduct offer a promising avenue for fostering cooperation, promoting ethical standards, and addressing shared concerns across diverse sectors. The speakers will explore the transformative potential of international codes of conduct, by providing real-world...
Introduction The EU GDPR makes over 70 references to certification, and its Article 42 sets the basis for a European Data Protection Seal. In October 2022, the European Data Protection Board approved the Europrivacy criteria to serve as European Data Protection Seal. In March this year, European Accreditation validated the accreditation of Europrivacy at European level in line with Ar...
While the EU–U.S. Data Privacy Framework, OECD Gov’t access principles and G7 Data Free Flows with Trust Initiative have paved the way for democracies to find common ground and cooperate on challenging data sharing issues, there are still gaps to fill and issues to solve. Law enforcement agencies worldwide are battling with a cumbersome process to investigate and prosecute cross border crime, while companies grapple with their ...
Introduction While the GDPR has established a powerful mechanism to reinforce cooperation for data protection among EU an EEA Member States, major European countries, such as UK, Switzerland, and others, are not associated to this cooperation mechanism. They often benefit from adequacy decisions but are not involved in EDPB discussions. This session will explore the potential to reinf...
Introduction Data regulation is essential, not to mention critical, in the financial sector. With the introduction of key regulatory frameworks, such as the Digital Operational Resilience Act (DORA), the Markets in Crypto-Assets Regulation (MICA), and specialized tools tailored for DPOs, navigating compliance has never been more needed. With the industry experts in this session, gain ...
Introduction Concerns over data privacy and market concentration have intensified over time, which makes regulatory compliance more extensive to encompass competition policy and privacy protection. This session will explore key EU legal principles related to PET, examining how practices such as user profiling, tracking, and targeted a...
Introduction In this engaging session, the speakers explore the imperative of fostering international cooperation for data protection and privacy. High-level authorities will share their views on the ways to reinforce international cooperation and convergence in data protection. They will discuss identified challenges and opportunities to build an ocean of privacy that overcomes regio...
Introduction The number of compliance regulatory frameworks is getting higher and higher, which can often feel like navigating a maze of rules and requirements. However, compliance sandboxes offer opportunities for innovation to stay ahead of the curve. This session explains the concept of compliance sandboxes, which is a controlled environment where regulators and industry experts co...
Introduction Data protection and international trade are increasingly interleaved. The traditional doctrine consisted in dissociating the two topics. However, current WTO negotiations on electronic services highlight inherent connections and interdependencies between trade and data protection. The panel will explore how trade agreements and policies intersect with data protection fram...
The transfer of data across borders is essential to the functioning of the cross-border payments system. Market participants are subject to a range of laws, rules and regulatory requirements as well as technical data standards (“data frameworks”) that relate to transfer of data across borders. Enhancing the interaction between data frameworks and cross-border payments is a priority action to move forward the G20 Roadmap for Enhancing Cross-Border Payments, which aims to address th...
Introduction While several mechanisms exist to support international data transfers, certification is characterized by a higher level of trustability. Contrary to SCCs, for instance, a certification relies on effective third-party audit and validation by qualified experts. It ensures that data is effectively adequately handled without having to cross borders. This session will discuss...
Introduction This session sheds light on the practice of data scraping, its implications, and its role in today’s data-driven landscape. Data scraping, which is defined as the automated extraction of data from websites, APIs, and other online sources, has emerged as a common practice for data gathering across various industries, which raises many questions such as consent for secondar...
Jeudi 13 Juin, 2024
Introduction This session will present views on the risks and opportunities associated with artificial intelligence, by giving the floor to senior experts and authorities from the European Data Protection Supervisor (EDPS), European Parliament, Commission nationale de l'informatique et des libe...
Introduction With the Digital Markets Act (DMA) shaping the rules governing online platforms, businesses must adapt to new compliance requirements in this evolving regulatory environment. This session offers a deep dive into the DMA’s provision, their potential impact, and strategies for ensuring compliance in a rapidly changing regulatory world.
Introduction All democratic regimes recognize both the need to protect fundamental rights of its citizens, while ensuring that authorities can enforce law and protect their citizens against threats, such as terrorist attacks. There is an increasing awareness of the need to balance public interest and fundamental rights. How do government agencies in democratic countries ensure the rig...
Introduction This session offers an outstanding opportunity to learn how the US regulation on privacy and data protection work, with a focus on the Data Protection Framework in Practice. This deep dive-in session organized by the US Department of Justice will be delivered by senior representatives and experts, who will present the framework, clarify potential misperceptions, and addre...
Introduction This deep dive-in session will present, step by step, the data protection certification journey in practice, with senior experts explaining the procedure to certify data processing activities with the European Data Protection Seal (Europrivacy) under Art. 42 GDPR. They will illustrate the detailed process of moving from compliance to certification, as well as the benefits...
Introduction With the adoption of AI-related regulations, this session focuses on the critical imperative of making AI trustable, transparent, understandable, and accountable, as it continues to be integrated in various aspects of society. The speakers will explore strategies and practices for achieving these goals, by empowering organizations and professionals to benefit from the ful...
Introduction From the GDPR to the ePrivacy Directive and beyond, Europe has established a comprehensive regulatory framework for data processing, some of which have their own implementation scheme with dedicated bodies. This session will discuss data regulations interplay and oversight in practice. Key questions and objectives...
Introduction This session will discuss the redress mechanisms in the field of national security. The speakers will examine the effectiveness, challenges, and multiple considerations regarding redress mechanisms, aiming to strike a balance between security imperatives and the protection of civil liberties and fundamental human rights.
Introduction Artificial intelligence ingests existing data to generate new data. AI technologies continue to revolutionize industries, but questions surrounding the ownership of data and the protection of intellectual property have become increasingly complex. In this session, the speakers will explore the intersection of artificial intelligence, data ownership, and intellectual prope...
Introduction The Internet gives children access to many resources and opportunities to learn, play and socialize, but it also exposes them to a series of risks. The Regulation on Child Sexual Abuse Material (CSAM) provides a first attempt to regulate some of these risks for combatting online exploitation of children, aiming to conciliate the need to protect children, while preserving ...
Introduction The panel of this session will examine the significance of cross-border accountability in the field of data processing, in order to ensure accountability and demonstrate compliance with data protection regulations. The speakers will discuss and compare available mechanisms, practices, and regulatory frameworks for enhancing transparency in these activities.
Introduction Generative AI drives innovation in various sectors, but compliance with the GDPR presents both future challenges and future opportunities. In this session, the speakers will analyze the relationship between generative AI and the GDPR, in addition to presenting pathways for using generative AI while highlighting best practices, legal considerations, and ethical application...
Introduction Under European law, Transfer Impact Assessment is mandatory when transferring personal data in third world countries that are not recognized as adequate. It is the responsibility of the data controller to perform the transfer impact assessment and to assess, for instance, the legal framework of third world countries. This session will focus on practical guidance to perfor...
Introduction Experts of this panel will challenge the notion that compliance and accountability must be tedious or burdensome. With today’s regulatory frameworks, compliance can be transformed into an advantage by embracing innovative approaches and fostering a culture of accountability. This session explores practical strategies, stories, and practices for making compliance and accou...
Introduction This session will discuss the interplay between freedom of expression and content monitoring: How to find the balance between these two requisites. The speakers will review and discuss different models and approaches to find a harmonious balance between content moderation and the preservation of free speech, in addition to possible legal and ethical considerations to keep...
Introduction An increasing number of regulations are being adopted in diverse jurisdictions to regulate artificial intelligence and address the challenges and opportunities presented by this transformative technology. This session will discuss AI evolution, with a particular focus on the convergences and divergences among regulations. Are we heading towards similar rules? The speakers...
Introduction The Court of Justice of the European Union (CJEU) stands as a central pillar in shaping legal frameworks across the European Union. In this keynote address, attendees will learn about the profound influence the CJEU exerts on European jurisprudence, and explore its crucial role in interpreting EU law, resolving disputes, and protecting fundamental principles of the Union,...
Introduction The ethical considerations surrounding the design of technology and its implementation have never been more crucial. This session explores the proactive integration of ethical principles in the development of the design of technological innovations, ensuring that it serves the common good while it reduces potential harm. From AI algorithms to data privacy protocols, atten...
Introduction The UN, the Council of Europe and the OECD are all working on multilateral artificial intelligence norms and obligations. As AI technology continues to advance rapidly, the need for a cohesive global regulatory framework becomes increasingly apparent. In this session, the speakers will present the latest developments at an international level, with a special focus on the ...
Introduction Over the years, the decisions of the Court of Justice of the EU have played a significant role in shaping the legal framework for privacy rights within the European Union and beyond. From landmark rulings on data protection to the interpretation of fundamental rights, the speakers will explore the interplay between judicial decisions and the evolution of data protection a...
Introduction This session is designed to reflect on the key insights that have been discussed in the collective exploration of artificial intelligence. To conclude, speakers will talk about the most crucial learnings, trends, and actionable steps, in addition to valuable reflections to inform future endeavors in the realm of AI.
Vendredi 14 Juin, 2024
Join professionals and experts from esteemed institutions united in the commitment to upholding the highest standards of data integrity and privacy in the medical field. This Track sets the stage for enlightening discussions, insightful presentations, and collaborative exchanges aimed at fostering compliance excellence in healthcare data management.
Introduction In recent years, data protection certification has emerged as a new mechanism for demonstrating compliance with the regulation. The European Data Protection Seal under Art. 42 GDPR has recently been unlocked in Europe, and other jurisdictions are adopting similar regulations. This session will review and discuss lessons learned from privacy and data protection certificati...
Introduction Recent years have seen the emergence of regional and international data protection certifications, including the European Data Protection Seal in Europe and the Global CBPR. This session will discuss the opportunities and challenges for international convergence and interoperability in terms of data protection certifications.
Introduction Following last year's discussion, this session will discuss and explore the possibility to support convergence and interoperability in the field of data protection certification between three major international data protection normative frameworks: Convention 108+ of the Council of Europe, the EU GDPR, and the Global CBPR Forum. It will also explore and discuss different...
Introduction This session will focus on discussing and exchanging lessons learned and good practices in the domain of democratic oversight of national security. Effective oversight mechanisms are essential to protecting democratic principles, protecting human rights, and ensuring accountability in security operations. This session brings together experts and practitioners to share exp...
Introduction This session will discuss and compare the value of synthetic data, pseudonymized data, and anonymized data for medical research. Beyond the ethical dimension and their relevance for data protection by design, the session will discuss their relevance for medical research. Key questions and objectives ...
Introduction In the field of healthcare data processing, consent has long been considered the primary legal basis. However, with evolving medical research and innovation, alternative legal bases are gaining more attention. This session will discuss and review these alternative approaches to support lawful medical data processing.
Introduction Since the implementation of the GDPR, individuals have been granted enhanced rights and protection regarding their personal data. However, in cases of data breaches or non-compliance, affected parties may seek compensation for damages. This crucial session is dedicated to exploring GDPR-related damage compensation, legal frameworks, precedents, and challenges regarding th...
Introduction Medical research often requires accessing large data sets from various geographic regions to avoid any bias in the results. This session will discuss the needs, opportunities, and challenges for sharing medical data beyond borders. The EHDS provides a mechanism for such international cooperation. How will it work in practice? What are the constraints in other jurisdiction...
As we draw the curtains on this enlightening conference with over 140 sessions and 300 experts from around the world, attendees will have the opportunity to carry forward lessons, connections, inspirations, and the spirit of collaboration necessary to shape the future of data protection, compliance, international cooperation, AI technologies, and fundamental human rights.