Posts

Singapore Convention enforcement

In this 9/12 the United Nations Convention on International Settlement Agreements Resulting from Mediation, known as the Singapore Mediation Convention, came into force. This is a remarkable day for the international scenario of dispute resolution.

Article 14 of the Convention provides that it would enter into force six months after three of its signatories had ratified it into their domestic law, what happened in the 12 March this year, when Qatar became the third state to ratify the Convention.

The goal of UNCITRAL Working Group dedicated to the draft of the Convention was to create an international regime for the enforcement of mediation settlements that would contribute to increase the use of mediation as a conflict resolution method in international trade. With the Singapore Convention the role of mediation is strengthened and the reached agreements enforcements will be simplified.

The Singapore Convention applies to commercial cross border mediation. An important issue to pay attention at is the fact that Singapore Convention is not based in reciprocity between member states, as its “sister” New York Convention.

And what does it mean? It means that a member state shall enforce mediated settlement agreements even if it comes from a non member state. For example, if an international mediation was located in Brazil (a non signatories) it might be enforced in Saudi Arabia (a member state).

On the other hand, under the Convention, the states may adopt a reservation provision, which allows them to declare that they will apply it only to the extent that the parties to the relevant settlement agreement have agreed that the Convention will apply.

Thus, international mediation players from all nationalities should from now bear in mind that Singapore Convention matters.

It is never too soon to deal with privacy by design under Brazilian LGPD

Data protection has definitively remarked the discussions during the last years. The European experience in its General Data Protection Regulation (GDPR) spread over many countries and has inspired legislation regarding such matter.

Brazilian General Data Protection Law (LGPD) passed in 2018 will enter into force soon, after a postponement caused by the current pandemic. It is expected that the law will bring more security for data subjects under the Brazilian legal framework.

Although LGPD will take effect only next year, both business and organisation need to prepare their data management and processes since now to avoid fines and, a little worst, loss of consumer trust.

Regarding measures to start the compliance program, the Privacy by Design (PbD) principles are likely a good way to ensure end-to-end privacy during data processing. The concept of PbD was developed in the 90’s by the former information and privacy commissioner of Ontario, Canada, Ann Cavoukian.

Several studies in such field aims to prove that Cavoukian’s 7 foundational principles are paramount to protect privacy, from IT systems and physical design to business practices. Both GDPR and LGPD have similarities, which may make it easier to develop PbD.

Cavoukian’s principles such as privacy as something proactive and preventive, transparent, and that is developed to guarantee end-to-end security (i.e. during the full data lifecycle) match some of the LGPD articles and provisions, although in an unexpressed manner.

On the other hand, GDPR has adopted the “data protection by design and by default” in its article 25, with reference to technical and organisational measures to implement data protection principles. It ensures privacy requirement from the very first moment of data collect until the erasure of the information.

Therefore, PbD deals with privacy and respect for the user from “cradle to grave”, in Ann Cavoukian’s words. However, that does not mean that business and organisation’s reputation and credibility need to follow the same way. Data protection legislation are not just a framework to comply with. Instead, if the business does not respect its user’s privacy, more than receiving fines, it will bury its image before the activity sector.

To sum up, the 90’s bring to us many technological and legal advances, such as the World Wide Web, Directive 95/46/EC of the European Parliament and of the Council and, of course, the PbD. But what it really teaches us is that it is never too soon to discuss and implement privacy as an organisational default.

The next 90’s lesson is still unclear, but for now we are more than experts to start seeing privacy as benefit, not as an issue.