Greetings from Brussels!
If you were tuning in to the IAPP Global Summit Online 2021 these past weeks, you would agree there have been some great panels, interviews and discussions bringing a wealth of content to your laptop. Perhaps not quite the face-to-face environment we all love and miss; nonetheless, I think the switch to digital offerings has allowed for some unparalleled and robust programming that may have been otherwise more challenging to organize for the broadest audience. All said, our Global Privacy Summit is a resounding success so far, with literally tens of thousands of people accessing the live and on-demand content.
One particular session I was keen to follow, as I suspect many of you were, was the marquee keynote 30 April entitled "EU-US Data Transfers: The Road Ahead" featuring European Commission Head of International Data Flows & Protection Bruno Gencarelli, as well as U.S. Department of Commerce Deputy Assistant Secretary for Services Christopher Hoff. They discussed two hot topics that are obsessively top of mind: The new standard contractual clauses and future of Privacy Shield was on the slate. Our very own IAPP Associate Editor Ryan Chiavetta gives a good rendition of the discussion. Gencarelli was upbeat, saying the new modernized SCCs will be adopted imminently, adding their alignment with the GDPR makes for a better adaptation to the reality of today’s digital economy.
The commission has been conscientious with their revision, taking their time and applying a good deal of due diligence to the process, including a successful public consultation following the draft publication. In fairness, it has been more than a decade since the SCCs were first introduced. Since then, the complexity of revision, accounting for the enormity of changes to international data processing, business practices and technology has necessitated more flexibility to cater to different business models and scenarios.
On the privacy shield front, both Gencarelli and Hoff spoke to the willingness on both sides of the pond to find a working framework that stands up to legal scrutiny — one that strikes a balance between national security requirements and privacy. No easy feat, as this will take some time; no one underestimates that surveillance laws at large are based on principles that run contrary to European privacy law and rights. Notably, the CJEU ruling of last year continues to generate significant legal and operational headaches for organizations globally as international trade becomes increasingly digital. In an interesting development this week, Microsoft announced a new service and commitment to EU commercial and public sector customers, which will enable the processing and storage of data in the EU. The “EU Data Boundary for the Microsoft Cloud” project, as it is called, will be completed by the end of next year. It seems that despite ongoing discussions around international data transfers, data localization solutions are becoming a reality.
On a final note, and in reference to international data transfer updates, I’d like to remind our German-speaking member community out there that we are holding a virtual DACH regional KnowledgeNet on 19 May. We have an exciting panel with Ralf Sauer, deputy head of unit at the European Commission for International Data Flows and Protection, and Alexander Filip, head of international data transfers at the Bavarian data protection authority, speaking on what is next for transfers. The panel will be moderated by Ulrich Baumgartner, IAPP regional leader for the DACH region and partner at Baumgartner Baumann. The panel will be auf Deutsch.
And last but not least, this week we launched our IAPP European Data Protection Intensive Online 2021, which provides additional content focused on the ever-shifting landscape of data protection in Europe. In short, there are a lot of discussions and thought opinion to consume.
Let us be honest; there is never a dull day working in data protection and privacy! So enjoy.