We are honored to have as the moderator for the panel probably the most qualified and knowledgeable person possible, founder and leader of the cybersecurity practice. And a reminder for those that are just joining the panel, joining the session now, ask questions in your browser. Please take it away. Having him muted myself, thank you for that introduction. Whether or not there is a consensus on your comment about me it certainly sounds like there is a consensus about the desirability at aspen so maybe we do that before too long and looked to getting together. Our panel is in fact the most distinguished and knowledgeable panel that we could provide to discuss the subject on the privacy regulations and very timely. One of the problems with giving talks and making remarks and addressing International Privacy developments is you can prepare the remarks three or four weeks earlier you would have to do it all again. Its a Constant Development and here we are going to be talking on the union back in july and the kind of counterpoint of the rebuttal responding to the decision, the doj, the department of commerce and we are now honored and pleased to report theres also the Privacy International decision that we expect will be addressing the court of justice this last week and in france regarding privacy developments. So, theres very much new to talk about. My guess is while there may be some consensus on the interest and importance of the subject, little consensus i would imagine on both sides regarding possible double standards between the application of the privacy and the National Interest standards through the United States versus the eu Member States and the need for convergence and government and the importance of Digital Commerce as a trade matter to ensure the data flows between the United States and European Union continue. Its not just the u. S. And the eu. Its the rest of the world, tomac. I apologize that we do not have a pack represented here, but i know that the speakers have knowledge experience. I will introduce the speakers and then turn over to each for some introductory remarks and then we will begin the kind of a roundtable discussion. And i would certainly address the audience questions as indicated by packing the questions. So, the head of the International DataProtection Unit he has led the commissions work in the area of Data Protection and legislative reform which i think certainly is a lifetime appointment opportunity for him. In that capacity, he headed the delegation and that resulted in the adoption of the regulation and also Law Enforcement. He was one of the lead negotiators in the Privacy Shield agreement and recently negotiated the arrangement with japan. He previously served as a member of the Legal Service and assistant judge to the European Court of justice having practiced law in the private sector before that. He holds degree in laws and Political Science and is the author of numerous publications. The head of the austrian Data Protection authority and became the head of the epa in 2014 and holds a doctorate degree in law. While a student she worked as a consultant at the science fund and later as a training lawyer and legal officer. Later she moved to the ministry of interior where she worked as a legal officer and later at the department of legal and legislative development. One of her specialties help determine her career she was later the head of the vienna Foreign Police and before that the first woman in vienna to be appointed the head of the Police Commissioners office. She then became chair of the working party under the prior directive on the Data Protection and now serves as the chair of the Data Protection board. Kenneth is a senior fellow at the Atlantic Council and adjunct professor of law at georgetown. He is a senior fellow on the council of the future Europe Initiative and consultant for the Technology Company on the transatlantic digital policy issues. He is a contributor to the end valuable welfare blog and also serves as a director of trade policy. From 2011 to 2015 he was a legal counselor to the u. S. European union in brussels where he led the governments engagement in the eu on Digital Privacy law and policy. He previously was in office as a senior attorney in the office and the department of state and he served as the Legal Advisor to the u. S. Embassy in germany and holds a law degree and bachelors degree so with that you can see that we have a qualified and distinguished panel and we will turn it over to the commission for introductory comments. Thank you very much. Im very happy also to be here with my co panelists and i consider you friends and have been working together on these issues on different sides for many years. You want us to dive into the complexities and then [inaudible] the transatlantic point of view. Im ready to do this but maybe it would be helpful to start the conversation to step back and put these issues into a broad perspective. When looking at this perspective, there are two considerations to keep in mind. First, it must sound obvious in todays world the demand for the protection of the noteholder it is a true truly global phenomenon and question as recognized by many frameworks around the world. It is a comparative at the time. Its also Consumer Confidence in the way that they handled no Sustainable Growth of our increasingly Global Economy and what is interesting and remarkable is that countries and societies around the globe are facing similar challenges and tend to equip themselves increasingly with new silos that tend to share commonality in terms of enforcement mechanisms. From chile to south korea, just to mention a few examples. The strength to which the global convergence implies the standards is that it can be, can and is a very positive one that brings the opportunities and tangible benefits to increase the production. That brings me to the second concentration which is [inaudible] for the individuals, governments, companies and atlarge. That is an inescapable fact in our interconnected world with trade, cooperation between public authorities and also social interactions. In this respect, it highlights the activities in the research and diagnosis, treatment, cyber crimes, successful exit strategy. If you are expecting me to address [inaudible] you might be surprised that im starting with these two considerations. But more than ever before, it appears they have to go hand in hand, and at the same time they are difficult questions, almost a dilemma that for instance the initiatives and the decisions [inaudible] how to reconcile those imperatives, the protection of privacy and the need to ensure that it can move around the globe. When in other words, how do you ensure the connectivity in the interconnected work that is the issue and that the goal of the decision and the decision of the french [inaudible] you also mentioned. It isnt a european issue. I say fortunately because this isnt an issue the eu is trying to address alone or wants to address alone. It is this needed to reconcile privacy and to make privacy a co element at the center of the initiative launched by the former japanese Prime Minister and in the meantime which has been endorsed by the g20 and the g7. This recognition that they are assets that require protection is also more and more relevant in the u. S. Context not only because you see the development of the legislation but if you look for instance at the initiative by the secretary of state pompeo, the same Network Initiative suggesting for instance to use privacy and Data Protections high suppliers of the Network Elements that shows also they are coming from different angles, different legal traditions and looking at the issues in a slightly different way we have these challenges. We have to address complex and difficult issues and today it is probably more Common Ground between the eu and the u. S. And other underlying countries. And then a few years ago. Ive been dealing with these issues for some years. When i started to travel to the u. S. To discuss these privacy issues, the question was brought up why are you trying to adopt this and [inaudible] today i must say the question is much less. We have discussions about how and why do you choose that solution are that approac or thr another one, but in the amount of time its a very significant. And we need to work on to face. And those which may not share the same challenges and with the same opportunities. I hope i wasnt too long i just wanted to say some introductory remarks and also why but having said that i am happy to answer any questions with Privacy International and the saga around them. Thank you im looking forward to the conversation and answering as many questions as possible. One quick followup if i understand you correctly to be optimistic or positivity maybe those are indistinguishable but and with shared values and Common Ground obviously between the two jurisdictions that has been optimized. Candy audience take away from your optimism or positivity the commission will be issuing guidance that will help organizations and companies and governments go beyond the concerns . Where they do something contributing to the development of a solution and then to and then after finalizing with the social distancing in the full or half empty cup the moon to extend this judgment and the judgment the higher court and then to understand that the countries around the world and then to embrace at the opportunity the economy in general and with those individual rights and those issues is much higher on the agenda with the department of longlasting solutions and with other International Organizations and other possibl possible. So doctor have any of the remarks. First of all i want to thank you for inviting me because to show the big picture and then to very deeply and her share. Now to summarize this the action taken in the coming weeks and on july 16 with the Privacy Shield according to the court with the National Security and with those fundamental rights and as a result on these grounds to be developed. And that there is no greece. In the same conditions with the validity as they are right now and then when using and then to rely on binding corporate will on a casebycase basis and with that Data Protection it is important to note that applies not only in that the number of cases that level of protection and then to determine what the impact hundreds of thousands and then to understand the need for organization and with the small or mediumsized organization and with the 23rd of july and with the courts ruling and with that data importer to verify and then have the right to privacy. And with that data is unable because of competing obligations and then to ensure the level of perfection that is guaranteed. So if they come to the conclusion with that equivalent standard so if they continue with the data and with that transparent data and that cannot be ensure. And in the economic area. And while also having a major obligation so in order to ensure consistency and to be prohibited. Who would take place in the corporation and with the European Union amendment was be limited to a specific situation in the we have a task force that will develop Additional Information and recommendations in that is currently preparing recommendations in collaboration to identify complementary measures with that level of perfection. The technical and organizational in nature. And then irony mentioned in the interview two weeks ago that means it should be ready in about six weeks. So however the context of Data Transfer so each would need to evaluate and then to bear in mind or in addition to the task force to look into complaints were to be withdrawn and with the Facebook Services that the complainant from the and geo and then in the basis of the us. According to the recent judgment of the court the controller is unable to ensure and then to ensure the corporation with the members of the board and then is necessary and then it also follows the actions at the National Level and with the permission to gather with the us and to comply with the Data Protection law and i judgment of the court. And with the transfer there any questions i am able to answer and have not already answered i will be there. Thank you. We appreciate your comments and then as full on as clean on as fully as possible. And then with the indication with that guidance and then to transfer data. So with regard to the recommendations are supplemental measures are you able to foreshadow with the technical organizational measure or so on. So what sorts the guidance can you give us on what to expect . And is there a factor to be taken into account for litigations in the eu courts for the redress that the court of justice requires . And in what we can expect with the full recommendation . As i already said that i want to disclose anything because it isnt fair for that are still working and am already disclosing our ideas but there will be a lot and there in the paper it will not be just one page. Thank you and forgive me for trying to extract preliminary perspectives and we may be heading i do understand it is a work in progress. So now let me turn to ken for his perspective from the United States and international as well with regard to Digital Commerce. I first wanted to echo something that despite the chronic difficulty this is a Community Working on privacy issues. And then the conditions actually are as he says with a general political solution and its not just the legal solution. And to have stable circumstances to have a number of elements to make it politically stable as well and then to briefly sketch out and as just explained there was an enormous effort going into the same standard that they had insisted upon but obviously their future with that transfer mechanism is also uncertain and as she indicated herself and with the none of your business organization. That word create considerable uncertainty. So i anticipate there is a further effort by the Us Government and European Commission to focus on a specific problem with Privacy Shield its not an easy exercise obviously they have been struck down but the point is if thats necessary at this point and obviously addressing the issue of the lack of individuals redress for foreigners is at the top of the agenda right now. I have been doing some writing and thinking on this subject so in those institutions in the United States that can be adapted to create better remedies in this area one can work with the privacy that has important goals with the counterterrorism room area. There is the Foreign Intelligence Surveillance Court with institutional oversight with the foreign Intelligence Surveillance act and it could conceivably with the individual oversight responsibilities as well. There is some serious thinking underway on the subjects and im hopeful it will yield some curves. And with that comprehensive privacy law. And to respond for the criticisms with baseline privacy rights and the independent regulatory to enforce them. And enacting such a law the Us Government sends an important signal to the rest of the world it has entered the global privacy law mainstream and the credibility gained would be very significant for future international negotiations. The third element and in privacy circles, that comes from the area of trade law there have been efforts from these trade agreements and with digital trade and specifically in these are drawn and that president and they are included in the us the Mexico Canada Free trade agreement for example. And preaching with japan last year. And under negotiation with the United Kingdom in the Bilateral Agreement and with the crossborder transfers that were protectionist or discriminatory and then based on privacy law and not be done on the arbitrary basis this will serve the negotiations between the United States and European Union for the Transatlantic Trade Partnership that would pursue during the obama administration. And it was revisiting were the United States and the United Kingdoms could come to an agreement and there would be some inspiration there for future discussions for the us and eu and that is the multilateral engagement. And then to mention in the focus on us surveillance with those Data Transfer that the focus in europe has expanded and then coming down from the court of justice and with those eu Member States themselves. And with the fundamental rights for a broader look with government access to data what that development and with those practices may understand the Us Government is participating in that in that has important function and also interested on the subject. And with that competitive government surveillance could lead to a broad consensus for the Intelligence Community feel very strongly within the Us Government and to compare favorably with other countries including europe so i think a discussion on these principles in this area could help the transatlantic or the Data Transfer. Let me just mention and in closing one other point that came up in the Commerce Department white paper and it has to do with intelligence cooperation between the United States that is sometimes lost in the focus on the privacy and the white paper and then they went to describe the important intelligence equity across the ocean they declassified numerous examples and instances where the United States has provided intelligence to member state governments who have served to obstruct and enable weapons proliferations. There is a view that these activities do not qualify under Public Interest in the gdpr because only activities that arise under european law meet that standard. I think this is a narrow perspective and i think one needs to take a broader view of National Interest. Why is it the National Interest of the european government for some reason is not implicated when it is important from the United States government to prevent a terrorist attack . I think thinking like this has to be part of an overall solution and a political solution. I will stop here and invite your questions thank you. Thank you for introducing the president s and other models that we have introduced so everybody who is listening is likely to agree with everything that i say that it makes such good common sense and for example the National Equities and the contributions with the security of europe to the us Intelligence Community but the fact of the matter is there is a judgment that is final with the court of justice and the Supreme Court thats final not because it is infallible but it is final like the European Union so i may have missed common sense and legal points that you made the us safeguards compare quite favorably to those of the eu on some are Even Stronger but nonetheless may have found us standards failing compared to the idealized version those that are in the fundamental charter of the eu. How do we find that durable political solution when its very difficult for the privacy negotiators to deal with National Security implications . And the court of justice cannot address the comparison surveillance standards but rather the comparison of us surveillance safeguards to those rights so what form of engagement will take place to get an actual political solution to bind to the court . What sort of approach would you suggest . I do think some form of negotiated solutions between the United States and the eu whether that takes the form of a treaty or something lesser is the way to come to a broader solution and in terms of bringing these other elements into play, i would just note again, the court of justice may have started the discussion in that direction regarding new Member States and their own National Security activity to bring those within the scope of the eu. The Member States are able to engage in a discussion through the European Union. And the council is deeply involved in international agreements. And perhaps to the council one word see some of the elements i mentioned here for discussion. Thank you and thank you for introducing the council and perhaps that can be a vehicle to establish a process that could be a counterpoint. Bruno, you have a great perspective not only in the development of work on Law Enforcement so perhaps what can we extract from you any comments or the supplemental measures that you might recommend for importing data into the United States and if there is a trade angle or any other political process with the issues at hand can be addressed or be resolved . Thank you very much. Many i agree with all soul already chosen who would be on that side and he knows enough to know that it would be the commission under the control of the European Parliament and the Commission Work comply with the adjustment of the highest court and then try to hold the right balance so with the question of National Security, of course the us National Security needs and there is an enormous benefit to change that information to protect the lives of the citizens on both sides of the atlantic and with Law Enforcement. And of course also take into account and cooperating internationally and that might be the expression and then they have to say that because the commission on behalf of the eu would get a litigated that in the Microsoft Case that one aspect to reflect that but the problem is under the strict conditions with the delegation and then the conditions for a transfer and then i would say why not but with that limited frequency so that we talk about how to assist and then we talk about with those other tools and delegation and that is the role of modernization and compliance with judgment. We also by the way take the approach on that approach and we believe no modern trade agreement today cannot have a chapter on digital trade or a provision on the data flow. And then to explain the effects we are taking but this is to distinguish what it would take and the lawful reasons to exercise the economy with the important consideration of National Security so its not only we think this should be a part of it but we have cars and affect and for the moment the only one in the world that prohibits those Organization Efforts so now that is also part of the eu approach and third with the need to discuss and agree on common principles and common rules because is not only an issue for the eu and us but for those that is the system and with those approach to privacy issues and then to have a very broad accepted access to get that its at the center of a number of issues being addressed in the us in particular concerning one way or another. In japan one of the starting points of the japanese initiatives how to organize the freethrow one dash free flow of ideas and then the work that we very much support and it can be part of the department of commerce that we agree with that solution. And to your point and back to the technicality the very important aspect and then to give you a onesizefitsall solution. And then by the way part of the risk affect so with that obligation and then to look at a number of the elements of that transfer subject to certain rules or not. And the volume of the transfer so those that expect and with that flexibility. And provided by the court but then to speak to what is the guidance but i very much respect and in that instance you will have so as a checklist and then with the safeguards and one of those technologies safeguards and with that Business Model is it is very different with the situation with two Companies Transferring and with those points of the social network. And then to be organizational and this is what we are hearing from the market and then to review the legality. And they could be challenged and that would be possible for some information. But of those policy principles that those that have a role to play and how you answer bs aspects. So you think im just sitting in my office they themselves dont how the power to shape and National Security. And with that element that the guidance of going to a very different direction with that decisionmaking process. We are perfectly aware of the company on one hand and the role of government without political durable solution mentioned. I tried to cover everything i could but these other issues to be another conversation. Thank you bruno that was terrific. Thank you for your comments. Can you respond with your thoughts as you wish but that flexibility that i thought was interesting and also Public Interest components and those justifications and those transfers perhaps i am under a bed of apprehension but the eu was from the department of justice and those of the eu Member States as opposed to the nonMember States. And what about flexibility in Public Interest . As bruno already promised in the beginning of the conversation and every question would have been possible and very grateful for that and sometimes we are of different opinion on this issue we share the same points of view and to show the flexibility so they should be kept as they are and i fully agree on this specific topic its really important. Thinks. One followup. Is it reasonable for data exporters and importers to assume they can safely wait for the new draft of guidance . So not to take precipitous action at this time but agree they will have the final revision along with guidance . And when those materials are issued and their practices accordingly not a risk immediately and waiting for the additional guidance. And as i have already said and during other sessions since the 16th of july to have invalidated this issue with immediate effect and the Supreme Court and also of our higher court so is Everybody Knows we are investigating every complaint and we have to look into every detail. Can you respond to what you heard . Sure. I would just emphasize that what we have here is a crisis. Because Enforcement Actions are not occurring at the current time. The cases before the regulators and litigators take some time to work their way through procedures. But currently without Privacy Shield a mechanism for more than 5000 companies, companies are scrambling and will be to adapt standard clauses to the new circumstances by the court and commission this is not a situation that can continue indefinitely without consequence and for the time being the Us Government has exercised forbearance and is approaching this in a calm fashion. I hope that will continue and those initiatives we talked about today will have time to take root for a permanent solution. But this is not business as usual. Do you think that should be the objective and would be warranted and could be the durable political solution that you mentioned to the extent it could be established in the manner . Is that what we should be headed towards in the United States . I think as a practical matter that will be there the Us Government is putting its emphasis in the shortterm simply because that is the framework often required. Adequacy has its limitations it is interpreted an extremely restrictive way by the court of justice nobody knew adequacy actually meant the equivalent and that meant absolute equivalent in the number of circumstances. So this is a tight framework for Foreign Government to fit into and as time goes on and the European Union may have difficulty not just with the United States but with other countries fitting into the adequacy framework that only works for a very limited number of countries. The doors open to Potter Solutions but i cant think of what that might be. I think your comment about adequacy and then being upgraded i would go even further to say the court of justice requires absolute equivalence to your idealized version of the fundamental charter of human rights and there is a not a realistic comparison with privacy standards both the commercial sector and the National Security sector. You mentioned in your remarks about greater reliance of Civil Liberties but perhaps the Foreign Intelligence Surveillance Court and the court of justice did not focus with the powerful oversight role and the court of justice disparage the significance of the policy director 28 which afforded privacy rights and protections to nonus persons. Do you think Us Government is developing responsive measures designed to reassure the European Courts . That me merits there is a tone that continues to press arguments. So yes, it is necessary that there be new thinking at this point and i think that message from the court has gotten through to the u. S. Government. There is an interagency process going on in washington right now and i think they are looking at what steps could be taken. Some of them could require a change in u. S. Statutes. That is a hard proposition particularly in the legislation. So it may be that they are looking for steps to be taken without changing u. S. Law. I think we may be seeing a creative thinking. There was an effort to do this in the negotiation as we all know with the development of the office and institution, but that was found alarming by the court of justice, so its time to do something a little more deeply embedded in u. S. Law, and thats why i recommend. Thank you for that response. A point i would mention is while its a bad idea if there isnt a vehicle for it. But as bruno mentioned, each company has to undertake case by casebycase and country by country the judgment it tends to require. I would submit as it is characterized in a Risk Assessment and the paper jointly issued the factors there which you could view. I did want to ask a question regarding the database and anonymity they might encourage in terms of who is behind the registration of the various domain names, u. S. Government agencies considered it critical to protect consumers from harm and to identify the people behind the domain name registration. Is that a matter they have a point of view on . Its been an issue since 2012. We issued guidance to support them and to fulfill the measure. Its another longlasting issue so nothing new. Bruno mentioned the commissions perspective. Is this an issue that comes before . Some of it has been gaining ground, you are right. I believe there are some merits the reinforcements for the other fundamental rights is contributing to the Data Protection of citizens from around the world. Governments seeking to maintain to raising the global scale and i hope that in the nottoodistant future we will continue that for the benefit so always positive thinking of the best for all of our citizens not only now but also for the future. For sure the citizens are also part of the organization and then because all the people working in the organizations. Thank you for the enlightened point of view as well as the thoughts of the other panelists. One of the things weve come to the end of the time and have to talk about working on and he had to leave a minute earlier to address the question situation that will pose challenges different from the transatlantic data flows and channel. If you seconds ago he did disagree with my stance so i would take the opportunity to note my perspective on that doesnt necessarily represent a consensus. I will close with a thought of comedy. We talked about and mentioned the solution and multilateral approaches and engagements. I think bruno discussed the emergence as well. I would point out for the audience the cloud act that may not be viewed as a model that certainly should be taken seriously by all parties. There is an attention and how they are between the u. S. Law including privacy and the government accesgovernmentaccesy interests of other countries and resolve those so i would refer the audience and the panelists to the cloud act. With that, we have come to the end of our time. The comments of the panelists here couldnt possibly have been more timely, more thoughtful and i think to a great extent, reassuring. Its going to be almost eminent with suggestions and concrete approaches coming to some sort of resolution of the difficulties and the crisis as he put it which is so important on both sides. I think there are some grounds for optimism. So join me in thanking the