Web Conference: Why the 3LoD Model No Longer Works When Privacy Compliance Itself is Subject

This web conference was a part of the IAPP European Data Protection Intensive Online 2021.  

Original broadcast date: May 25, 2021

Privacy by design and ethics by design are not about choosing between clear-cut options. They are about developing new strategies to mitigate the negative impact of a new technology on the individual and society. As first line of privacy program defense, commercial departments are responsible for developing innovative approaches. However, they are often not capable of doing so in practice. This leaves the privacy function with no other option but to reject the innovation. Responsible innovation is only possible in practice if the relevant privacy compliance experts are part of the innovation team and if teams take joint responsibility for compliance. This leads to the conclusion that the current three lines of defense model prescribed by supervisors is not suitable for achieving responsible innovation. Years of controls by the compliance function have undermined the self-learning capacity of the business to make contextual assessments and factor in ethical considerations. This session explored the role of the second line of defense privacy function, specifically the blurry areas where rules may not exist. How can we innovate the 3LoD model, taking ethics into account and facilitating responsible innovation?

Dave Cohen, CIPP/E, CIPP/US, Senior Knowledge Manager, IAPP

Lokke Moerel, Senior Of Counsel, Morrison & Foerster; Professor, Global ICT Law, Tilburg University

Coen ter Wal, AI and Data Policy Lead, Dutch Central Bank
Wouter-Bas van der Vegt, CIPP/E, Global Data Protection Officer; Director, Global Legal, Randstad
Wojciech Wiewiórowski, European Data Protection Supervisor