Presentation is loading. Please wait.

Presentation is loading. Please wait.

Peter Swire Engage CISO Roundtable with the

Published byShannon Walters Modified over 5 years ago

Similar presentations

Presentation on theme: "Peter Swire Engage CISO Roundtable with the"— Presentation transcript:

1 The European Union as Global Information Regulator & Other Policy Topics
Peter Swire Engage CISO Roundtable with the GT Institute for Information Security & Privacy Atlanta December 3, 2018

2 Overview Swire background Research highlights:
Intelligence agency oversight Cross-Border Data Forum Non-code aspects of cybersecurity The EU as global regulator of information You know about GDPR Irish standard contract clause case going to European Court of Justice – could massively cut off flows of personal data from EU to U.S.

3 Swire Activities Today
Professor GT, privacy and cybersecurity Associate Director for Policy, GT Institute for Information Security and Privacy Senior Counsel, Alston & Bird (Jim Harvey, David Keating, etc.) 2018 Andrew Carnegie Award for “Protecting National Security and Human Rights in the New Era of Data Localization”

4 US, EU, and Global Data Flows
1998 book from the Brooking Institution on US/EU privacy disputes

5 Background President Clinton’s Chief Counselor for Privacy
Negotiation of US/EU “Safe Harbor” for privacy Chaired White House Working Group on updating wiretap and intelligence law for the Internet President Obama’s Review Group on Intelligence and Communications Technology (2013) (“NSA Review Group”)

6 The Situation Room: December 2013

7 U.S. Intelligence Oversight & Reform Since 2013
Review Group: 46 recommendations White House in 2014 reported 70% had been adopted More since then, notably USA Freedom Act (2015) I remain active in this area: was the U.S. speaker last Friday in Malta at International Intelligence Oversight Forum GT Professor Annie Antón announced last month as one of the first technology amicus curiae for the Foreign Intelligence Surveillance Court, and the only academic.

8 MLA & Cross-Border Government Access to Data
Technology/market changes Before, evidence for serious crime in Paris was in Paris Now, , social network, and other content often held in a different nation EU E-Evidence report: 55% of cases have evidence across borders We need to build a new international system as cross-border law enforcement requests become the norm

9 Cross-Border Developments
GT project since 2015: US passed CLOUD Act in March, 2018 New system of “executive agreements” first announced in our research EU proposed E-Evidence rules as well US/EU negotiations slated for January US/UK agreement may be made public in January

10

11 Goals of Cross-Border Data Forum
Fulfill legitimate law enforcement requests for data relevant to the investigation of serious crimes.    Protect and promote privacy and human rights as essential to new legal approaches.  Provide a workable regime for the companies holding data of interest to law enforcement.  Safeguard the internet by resisting calls to localize data and splinter the internet. 

12 Non-code Aspects of Cybersecurity
October 2018, Communications of the ACM “A Pedagogic Cybersecurity Framework: A Proposal for Teaching the Organizational, Legal, and International Aspects of Cybersecurity” New framework for organizing and emphasizing the non-code aspects of cybersecurity OSI stack has 7 layers Layer 8: organizational Layer 9: legal/government Layer 10: international

13 EU as Global Information Regulator
EU Data Protection Directive in effect since 1998 GDPR went into effect this year The spread of privacy laws to > 120 countries Most are based on the EU approach GDPR enforcement is just beginning New, serious challenges to online advertising on claim that no “consent” to third-party advertising tracking CNIL Vectuary Privacy International complaint about Experian, Acxiom, and others

14 1998 Privacy Laws Comprehensive Proposed Sectoral None

15 2018 Privacy Laws Comprehensive Proposed Sectoral None

16 Will the EU Create the Great Firewall of Europe?
2000: Safe Harbor agreement October 2015: European Court of Justice struck down Safe Harbor in Schrems decision One concern – strict enough commercial privacy rules Major concern -- scope of US surveillance activities; may not be “adequate” if NSA and other surveillance takes place once the data gets to the US December 2015: Swire testimony about safeguards and reforms in US surveillance law July 2016: final approval of EU/US Privacy Shield to replace Safe Harbor

17 The Legal Challenges European Court of Justice in Schrems did not (quite) find that US surveillance made transfers “inadequate” It did strike down Safe Harbor, expressing detailed concerns that NSA surveillance is so pervasive that data of EU citizens cannot be safe in the US

18 Case Headed to European Court of Justice
Current Schrems v. Facebook case: Challenge in Ireland to “standard contract clauses” that are used as lawful basis to send data to US and elsewhere Irish privacy commissioner – SCCs seem as legally weak as Safe Harbor 300-page Swire testimony on actual U.S. law and practice: Irish judge: agreed with the privacy commissioner, and has referred broad questions to the ECJ

19 What if the ECJ Rules the US is Not Adequate?
If ECJ says SCCs are illegal, no good way to over-rule that Binding legal effect of ECJ decision No mechanism for constitutional amendment Would require change to Lisbon Treaty What will happen? ECJ briefing in early 2019 Result is unclear If the court remains strict, may need large data separation between EU and US operations Consider that possibility as you establish your systems

20 Questions and discussion?
Intelligence oversight Cross-Border Data Forum Non-code aspects of cybersecurity EU and online advertising EU and may block transfers to US

Download ppt "Peter Swire Engage CISO Roundtable with the"

Similar presentations

The Role of the Federal Government in Privacy Policy Professor Peter P. Swire The Ohio State University Center for American Progress The Privacy Symposium,

The Role of the Federal Government in Privacy Policy Professor Peter P. Swire The Ohio State University Center for American Progress The Privacy Symposium,
The Strategy of Using Security to Protect Privacy Peter P. Swire Ohio State University Consultant, Morrison & Foerster, LLP Data Protection Commissioner.

The Strategy of Using Security to Protect Privacy Peter P. Swire Ohio State University Consultant, Morrison & Foerster, LLP Data Protection Commissioner.
The Agency for Cooperation of Energy Regulators (ACER) – UK Government views Sue Harrison Head of European Energy Markets 13 February 2008 EPP-ED Public.

The Agency for Cooperation of Energy Regulators (ACER) – UK Government views Sue Harrison Head of European Energy Markets 13 February 2008 EPP-ED Public.
1 PRIVACY ISSUES IN THE U.S. – CANADA CROSS BORDER BUSINESS CONTEXT Presented by: Anneli LeGault ACC Greater New York Chapter Compliance Seminar May 19,

1 PRIVACY ISSUES IN THE U.S. – CANADA CROSS BORDER BUSINESS CONTEXT Presented by: Anneli LeGault ACC Greater New York Chapter Compliance Seminar May 19,
Monti II Regulation and Enforcement Directive on Posting of Workers CBSP Committee 7 November 2012 Jorma Rusanen.

Monti II Regulation and Enforcement Directive on Posting of Workers CBSP Committee 7 November 2012 Jorma Rusanen.
EU: Bilateral Agreements of Member States

EU: Bilateral Agreements of Member States
Lecture to Carleton University, Center for European Studies, December 1, 2010.

Lecture to Carleton University, Center for European Studies, December 1, 2010.
Why Privacy Now Goes Far Beyond Complying With Your Privacy Policy Peter Swire Facebook: June 3, 2015.

Why Privacy Now Goes Far Beyond Complying With Your Privacy Policy Peter Swire Facebook: June 3, 2015.
The U.S.-E.U. Safe Harbor Framework The U.S.-E.U. Safe Harbor Framework New Developments in Data Flows, Standards, & Compliance Damon Greer U.S. Department.

The U.S.-E.U. Safe Harbor Framework The U.S.-E.U. Safe Harbor Framework New Developments in Data Flows, Standards, & Compliance Damon Greer U.S. Department.
Transborder dataflows Flow of information across national borders Much of this data involves personal information.

Transborder dataflows Flow of information across national borders Much of this data involves personal information.
Data Protection: International. Data Protection: a Human Right Part of Right to Personal Privacy Personal Privacy : necessary in a Democratic Society.

Data Protection: International. Data Protection: a Human Right Part of Right to Personal Privacy Personal Privacy : necessary in a Democratic Society.
THE CHOICES WE MAKE THAT MATTER – International Data Privacy/Protection JILL L. UREY, ASSISTANT GENERAL COUNSEL MID-ATLANTIC CIO FORUM NOVEMBER 20, 2014.

THE CHOICES WE MAKE THAT MATTER – International Data Privacy/Protection JILL L. UREY, ASSISTANT GENERAL COUNSEL MID-ATLANTIC CIO FORUM NOVEMBER 20, 2014.
How Can We Deal with Risks from the Internet: Why Privacy Legislation Is Hot Right Now Professor Peter Swire Ohio State University/Center for American.

How Can We Deal with Risks from the Internet: Why Privacy Legislation Is Hot Right Now Professor Peter Swire Ohio State University/Center for American.
LexisNexis Confidential EU Privacy Framework Michael Lamb LexisNexis Risk Solutions Vice President and Lead Counsel: Regulatory, Privacy & Policy May 19,

LexisNexis Confidential EU Privacy Framework Michael Lamb LexisNexis Risk Solutions Vice President and Lead Counsel: Regulatory, Privacy & Policy May 19,
A LIGHT ON LISBON. The Treaty at a Glance Came into force 1 December 2009 Modernises and reforms the EU Three main changes: – Amends treaties – Changes.

A LIGHT ON LISBON. The Treaty at a Glance Came into force 1 December 2009 Modernises and reforms the EU Three main changes: – Amends treaties – Changes.
Introduction to EU Civil Judicial Cooperation Dr. Francesco Pesce Assistant Professor in International Law Università degli Studi di Genova (IT)

Introduction to EU Civil Judicial Cooperation Dr. Francesco Pesce Assistant Professor in International Law Università degli Studi di Genova (IT)
The European influence on privacy law and practice Nigel Waters, Pacific Privacy Consulting International Dimension of E-commerce and Cyberspace Regulation.

The European influence on privacy law and practice Nigel Waters, Pacific Privacy Consulting International Dimension of E-commerce and Cyberspace Regulation.
European civil procedure law Judicial cooperation in civil matters.

European civil procedure law Judicial cooperation in civil matters.
UKRAINIAN INTERNET GOVERNANCE FORUM Kyiv 1 October 2014 State of play of the answers to Ed. Snowden revelations: TIME OF REPORTS USA National, EU, CoE.

UKRAINIAN INTERNET GOVERNANCE FORUM Kyiv 1 October 2014 State of play of the answers to Ed. Snowden revelations: TIME OF REPORTS USA National, EU, CoE.
1. 2 Amendments Allowed by Article V The Constitution proposes two methods for proposal and two methods for ratification This makes four total methods.

1. 2 Amendments Allowed by Article V The Constitution proposes two methods for proposal and two methods for ratification This makes four total methods.

Similar presentations

Ads by Google