Into the next panel, we are honored to have the moderator for this panel, the most qualified and knowledgeable as possible, founder and leader of highly ranked security practices and a reminder for those just joining the panel, questions in your browser, go to sli. Io, aspen 2020 and ask your question. Take it away. Okay. I will thank scott for that much too generous introduction. Appreciate it. Whether there is a consensus, the desirability of years together in aspen before too long and look forward to getting together in person. Our panel is in fact the most distinguished and knowledgeable panel the we could provide to discuss the subject of International Privacy regulation or dataflows and a problem giving talks making remarks and addressing International Privacy development and dataflows, if you prepared the mom marks 3 or 4 weeks earlier, a constant flow of development to some extent on the court of justice and the European Union in july. The rebuttal, responding to the decision, the director of the intelligence, department of commerce one of whose principal architects at the Justice Department, i am honored and pleased to report, as of last week. There is also the national decision, last week and in france, privacy developments and very much to talk about and my guess is there may be consensus on the interest and importance of our subject, a little contentious on both sides of the atlantic regarding a possible double standard, and National Interest standards to the United States versus eu member state governments the need for encouragements and the importance of digital commerce, the invaluable data flows with the European Union to continue. The distinguished panel, comment on this, not just the usa eu the rest of the world too, but australia, going to join at the last minute said it was a conflict that arose so apologize, what was represented here but i know our speakers have tremendous experience to cover the world as well. I will introduce all the speakers and turn it over to each of them for introductory remarks and we will begin a roundtable discussion, and address questions as scott indicated by typing the questions so the head of the International Data flow and Protection Union of the European Commission, he has led the commissions work with Data Protection in the decisive phase of legislative reform, a lifetime Employment Opportunity for him. In that capacity, the delegation on institutional negotiations, with adoption of the general Data Protection regulation and Law Enforcement, one of the lead negotiators in the eu Privacy Shield and recently negotiated the mutual adequacy arrangement with japan, previously served with the European Legal service and assistance to a judge at the European Court of justice, practicing law in the private sector. He teaches eu competition law and author of numerous publications on eu law. The head of the austrian Data Protection authority. She became head of the austrian epa in 2014. Hold a degree in law, worked as a consultant at the Austrian Science Fund and legal officer, the general secretary of the austrian records conference and then moved to the ministry of interior where she moved is a legal officer and head of the legal and legislative, one of her specialties, asylum and immigration determined her career, she later head the vienna Foreign Police and the first woman indiana to be appointed head of Police Commissioners office, she then became chair of the article 29 working party under the prior directive Data Collection and served as chair of the european Data Protection board. Senior fellow at the Atlantic Council and adjunct professor of georgetown, senior fellow, nonresident senior fellow of future europe, technology company, transatlantic Digital Privacy law issues, a contributor to the invaluable blog and service, director of trade policy for the software alliance, 20112015, legal counselor with the European Union and brussels. And the Legal Advisor of the department of state. And a bachelors degree. We have a supremely qualified and distinguished panel and turn it over to the commission for comment, bruno . Can you hear me . Thank you. These two contributing virtually, happy to the cope analysts, to consider working together on issues on different sides for many years and we want to dive into the complexities, for privacy, with this point of view, to stop this conversation to step back and put the issue, to that perspective. Two situations to keep in mind. It sounds obvious but in todays world and increasingly the demand for the protection, a truly global phenomenon of individual rights recognized by many constitutional frameworks around the world at a time the and economist for Consumer Confidence in how it was handled but no sustainable growth, to echo the economy. What is remarkable, societies on the globe facing similar challenges, they tend to equip themselves increasingly with privacy laws that share a number of commonalities in terms of Enforcement Mechanisms and it is truly universal from chile to south korea to japan to kenya to india to mention a few of them. And a word that is too often categorized by different if not divergent approaches, in privacy standards it can be and can and is a positive one that brings tangible benefits to increase the protection of citizens and participate in trade. That brings me to my second observation which is again seems to state obvious importance of that for individuals, governments, companies, and society at large. That is inescapable in our interconnected world, a different part of trade, cooperation between different authorities but also social interaction and i suspect the current part of the pandemic highlights how critical they are for many essential activities, with government and Business Operations with scientific research, diagnosis and new forms of cybercrimes, successful exit strategy contributing to the economy. If you expected me to address Something Else you might be surprised by these considerations. Against this background and more than ever before, the dataflows have to go hand in hand and at the same time different questions, almost a dilemma that poisons the judgment of the initiatives. How to reconcile those imperatives . Protection of privacy and the need to ensure the data moves. When some time and often it is moving outside the matter, how do you ensure the continuity of the protection in a borderless interconnected world . That is the issue, the bottom line i would say, the decision of the court of justice that you mentioned nor the disposition of the french mention that you also mentioned and contrary to what is often thought is not a european issue or a european issue, it is not an issue that the eu is trying to address alone or wants to address alone, it is the need to reconcile privacy to make privacy and core elements and trusted that approach, the center of the initiative launched by Prime Minister abe and flowing with trust which in the meantime was entered by the g 20 and the g7. With that kind of protection, also more and more relevant in the us context because you see the development of stations, the proposal for legislation. If i look for instance for secretary pompeo, is suggesting the protection as well as suppliers for the next elements. That shows coming from different angles, different legal traditions and looking at issues in a slightly different way, those challenges, with consequences, probably today more Common Ground and likeminded countries and two years ago, with a few years, i started to travel to the us, the question, adopting the gp are, today, that question is much less, we have discussions about how, why you chose that solution rather than another one. That is a significant evolution on those shared common challenges. What they needed to i would face in china, probably prefer, place them to gather and define some global rules of the game that are more necessary rather than leave that job to others access, that you may not share and may not have identified the same challenges. I hope i was not too long. Some introductory remarks, i was thinking aloud, and i hope it was clear enough. Having said that and happy to answer any questions, privacy international, around them, looking forward to contributing to the conversation and answering it as much as possible. One quick followup before we turn it over, if i am understanding you correctly, you sound optimistic or positive, optimism and positivity, you talk about shared values, similar challenges, Common Ground, but there is conflict between the two jurisdictions that is perhaps by the court of justice. Can the audience take away from your optimism or positivity that the commission will be issuing some guidance before too long, to get beyond concerns and cessation of data or doing something, contributing the solution here . It would be yes, very soon, and sorry if i dont answer too deep. And very soon issue something that closes, and in my office today, finalizing the drugs and some of my colleagues are keeping social distancing so this is live from brussels and we are contributing to guidance by the potential board. The half what i try to do is this judgment, a belated event, whether i agree or disagree, the adjustment of the highest course or constitutional nature but comply with it. There might be many commentators or observers who might have different ideas but the adjustment, addressing an issue which is common to a number of countries. I would say likeminded countries, would like to embrace the opportunities of the Digital Economy and the economy in general but are also aware of certain challenges, the need to protect certain basic individual rights, fundamental rights. That is the content, the judgment of the decision taking place, those issues are much higher on the agenda of europe, japan, this might facilitate the development of long life and solutions and went on to expand on this but we have already seen international organizations, of that those solutions or solutions. Opening remarks, we look forward to hearing your thoughts. Ladies and gentlemen, first of all, thank you for having invited me and thank bruno because he already showed us the big picture so i am able to concentrate on the Data Protection issues that are embedded in the big picture, it is really important to dig deeply in our shared values, this was very helpful. Surely needs no introduction, allowing me to summarize it to explain the Data Protection undertaken and will take in the coming weeks. On july 16th, invalidated the eu, according to the court, National Security, Public Interest and Law Enforcement and interference with fundamental rights. As a result, equivalents for the adequate protections is not satisfied. On these grounds, they found the eu any different and invalid. The embolization of the private issue as needed, this means there is no grace period, they can keep on transferring data, with safe conditions. Even though the validity was upheld by the court, they are right now, you heard from bruno the connection is working, with important qualifications. Companies relying on this, they were on a casebycase basis with Data Protection, this equivalence to european law. It is important, it is not only the us but any third country mentioned. And it is a country, eu member and all these, no way iceland. The court highlighted this is the possibility of the data exporter and importer, assessing levels of protection required by eu law, and to determine, by the pcrs. The european Data Collection, the impact on hundreds of thousands of businesses, in every sector. To understand the need for organization that allows the law for transferable states to the third country and the difficulties, especially if they are small or mediumsized, you all know this, immediately taking action, after the ruling. On the 20 third of july by adoption of the frequently asked question, amid ethical documents, with exporters or controllers, the legal machines exporting data. Exporters contact the data, in collaborating, specifically for methods for privacy and government states. If the data is unable to comply with the sbc because of competing obligations, they have to assess supplemental measures would ensure level of protection, the level of protection guaranteed in the eu. They may then be able to proceed to the third country. If, however, exporters come to the conclusion, they have the obligation to end the transfer. All they have to notify the Data Protection, if they intend to transfer data. They suspend or prohibit transferable data, the protection of the Data Transfer cannot be ensured. Many businesses rely on the transparency to the country outside the economic area. It has far reaching affects, with the responsibility and supporting a major obligation on the shoulders of supervisory authorities. In order to avoid the decision, in the european Data Protection, to ensure consistency, in particular it is not prohibited. This will also take place in the context of supervisory authorities, we also address the use of article 49 as a basis to the European Union to the us. With explicit content, it is necessary for the performance of the contract for reasons of Public Interest. While they remain valid, they cannot become the rules and specific situations. With that document, the first plenary after the summer, december 4th, will develop and is going to develop Additional Information and recommendations. The european Data Protection is currently preparing recommendations, sources may follow, in collaboration with enforcers to identify the measure that is needed to reach adequate level of protection. The recommendations could consider those select measures of organizational in nature in the first country and i already mentioned an interview two weeks ago that we tried in two months, it means from now on it should be ready in six weeks at the latest. Just to give you an update. However, implications of the judgments are wideranging and the context of data transparency is similar, therefore cannot be 1sizefitsall solution. Each organization would need its own basis of operations, take appropriate measures bearing in mind the legal order. With supplementary measures, in the aftermath, with one identical complaints and they have 99 complaints, with supervisory authorities. And and honorable chairman, max plane, to the us, relying on forces that according to the judgment of the court, the controller is unable to give adequate protection, they will analyze close Cooperation Among members of the board. The implication of the movement to controllers and processors and if necessary an update. It also follows, very closely and promote the exchange of information, let me conclude the following. The European Commission to build together, really complies with the eu Data Collection in line with the judgment of the court. The european protection board continues to construct the transatlantic, with the organizations. If there are any questions i am able to answer, i will be there. Thank you. Appreciate your comments as well as the focus on providing practical guidance as quickly as possible. Hearing from bruno that it is available imminently. Your indication of Additional Guidance for the case by case assessments that they are transferring data to each country. With regard to recommendations on supplemental measures are you able to foreshadow what is involved in technical organizational measures. Are there other what source of guidance can you give us about what to expect, is there a factor to be taken into account, with the eu courts for the redress capability the court of justice requires, and the recommendations. There are experts working on this. It is not fair, they are already disclosing, it will not be one feature. Forgive me for trying to extract preliminary perspectives on where youre heading, still a work in progress, looking for internal voices and external ones as well. Let me turn to ken for his perspectives on the United States and internationally for additional commerce. I first wanted to echo what bruno said at the outset. Despite the current difficulties, really a transatlantic and privacy issues, we not get this right yet. They are propitious as to aim for what the Commerce Department in its recent caper, a political solution. That was an interesting phrase, not just a legal solution. To briefly sketch out, with the elements might be. There was enormous effort going into purchasing standard, that is what the European Court of justice insisted upon. Their future as principal data systems, is also uncertain as she indicated herself. The organization there are proceedings in court, considerable uncertainty about it. I would anticipate further efforts by the Us Government and the European Commission to focus on the specific problem with Privacy Shields that were identified, and easy exercise, two previous agreements struck down but the court has given guidance, obviously addressing the issue of the lack of individual redress in the United States for foreigners who are subject, at the top of the agenda right now. Ive been doing some writing, with privacy related institutions in the United States that cant be adapted for better remedies. One can work with institutions like the privacy and civil liberty Oversight Board which has an Important Role in the counterterrorism area. A broader role, the Foreign Intelligence Surveillance Court which does institutional oversight of surveillance under the foreign Intelligence Surveillance act, section 702. It would be possible to test them with individual oversight responsibilities as well. There is serious thinking that is underway in washington on these subjects. I am hopeful, and has to be passage finally of comprehensive us privacy law. This would respond to the criticisms by establishing baseline privacy rights for individual handling of personal data, generally parallel to those in the gdp are, empower independent Regulatory Agency to enforce them. An important signal to europe and the rest of the world that it has entered privacy law, the credibility would be very significant for future international a third element is one that is a little more controversial in privacy circles and that comes from the area of trade law. There have been efforts by the Us Government, trade agreements to include protections for digital trade, and data flows. These protections are drawn from world trade organizations precedent included in digital trade Free Trade Agreement for example, also in the digital trade agreement reached with japan last year. And currently under negotiation with the United Kingdom and the Bilateral Agreements the us is pursuing a. The basic contest is there would be protection of crossborder transfers and electronic data for business purposes. This would guard against measures that are protectionist or discriminatory. It would not outlaw the transfer restrictions based on privacy laws but it would insisted not be done on a arbitrary basis on trade and they be taxed very narrowly to Public Policy objectives. One other table in the negotiations between the United States and the European Union for the transatlantic partnerships that were pursued and failed during the Obama Administration and it was an opportunity the European Union was not interested in pursuing, they had particular difficulty with provisions that i just described. It is a subject worth revisiting in the future. It will be interesting to see if the United States and the United Kingdom can come to an agreement because the uk has adopted privacy law that is largely taken from the eu privacy law. There is some inspiration for future discussions from the us and the eu. The final element that i would mention is the possibility of multilateral engagement, the subject of government access to data. Even though it is focused on us surveillance, applicable to Data Transfer from the eu to any third country. The focus in europe has expanded from the United States and there were important decisions that came from the court of justice in the last couple weeks looking at surveillance machines of eu member states, uk, france, belgium and collection practices and assertion of applicability of fundamental rights to those activities. The moments may be right for a broader look at government access to data and the organization has begun a dialogue on practices in this area. I understand the Us Government is participating in that, which has important function is also interested in undertaking this subject. I feel the discussions on comparative government surveillance could lead to broad consensus on the control needed in democratic societies. If you talk to people in the Us Government and the Justice Department they feel very strongly in these activities, they compare favorably with those in other countries including including in europe. A discussion on these agreed principles in this area could very much help transatlantic political atmosphere for Data Transfer. Let me just mention enclosing one other point. This is something that came up into the Commerce Departments white paper and it has to do with intelligence cooperation in the United States and europe which sometimes gets lost in the focus on the privacy dimensions. In the white paper the Us Government lend something to describe the importance of equities at stake across the ocean, they declassified numerous instances where the United States provided intelligence to eu member state governments that served to disrupt terrorist attacks, enable weapons proliferation. There is a view in the european privacy community. They do not qualify for Public Interest in gdp are, because only activities that arise under standard. This is a very narrow perspective and a nonselfevident one. One needs to take a broader view of National Interest here. Why is it the National Interests of the european governments for some reason not implicated when it receives intelligence information by the United States government that prevents terrorist attacks. Thinking like this has to become part of an overall political solution. I will stop here and invite your questions. That was terrific, thank you for introducing these aspects and possible models we would have had as you point out that we have introduced in the usmexico japan agreements. Everybody who is listening to your comments is likely to agree with what i will say which is everything you say makes such good common sense, for example the last point on the National Equities about the contribution to the security of europe and the beneficial mutual relationships of Us Intelligence but the fact of the matter is there is a judgment as final as bruno pointed out and like our Supreme Court which is final not because it is not infallible or final like the European Union so may have missed some of the common sense points like the fact that us safeguards compare favorably to those of the eu and many are stronger but nonetheless the court of justice, has found us standards failing compared to an idealized version of european rights, that are not in the actual practice of the eu. How do we find the durable political solution when it is difficult for the privacy negotiators, trade negotiators to deal with National Security implications and the court of justice is not inclined as demonstrated to address the comparison of surveillance standards but rather the comparison of us surveillance to the fundamental practices, what form of engagement will take place in order to get an actual political solution that would bind the court of justice. What approach would you suggest. I do think that some form of negotiated solution, whether it takes the form of a treaty or something lesser is the way to come to a broader solution. The senate is about a gavel in resuming business after a break as senators test positive for the coronavirus, senators will resume debate on the Southern District of ohio. Then we expect reports on covi p