The u. S. And eu are each others leading partners in trade and Digital Services doing more business with each other than they do with others including china. This makes the rules surrounding International Transfer of personal data an important element in stable and global economy. The last few years, however, Data Transfers from europe to the United States have been under legal threat. The privacy law in europe, gdpr. Requires recipients of the data of eu residents to protect the data by taking certain measures even at the data is transferred outside the you of europe to the u. S. Or india or somewhere else. Concerns have been expressed that Data Transfers to the u. S. Might be called up in bulk surveillance by National Security agencies. Twice European Court of justice has ruled the existing mechanism to protect Data Transfers to the u. S. Is insufficient. The last three years the u. S. And eu have been negotiating a new arrangement, data privacy framework, which we will talk about today. It is not just about u. S. And eu. The last few years other arrangements seeking to cover the transfer of personal data has arisen around the world. Were going to talk about those and how they may intersect with the eu u. S. Framework. As increasing amounts of personal data move around the world, how can you be protected without creating multiple conflicting systems of government . We have a great panel to discuss this. We have Lucrezia Busa from the European Commission. She is on the part of a step a commissioner for justice the d. A. Renders Justice Didier reynders along with working on the privacy framework covering Artificial Intelligence, policy and values and transparency initiatives with extensive experience working on European Competition and digital policy. She is joined by steve lang Deputy Assistant secretary for International Information and communication policies in the loop Bureau Cyberspace and digital policy at department of state. Before taking this positioned in november 2020 two, he served as minister counselor for economics at u. S. Embassy in japan. Before that worked on International Communication policy at state for several years. He has served as u. S. Diplomat in mexico, china, taiwan, bangkok, and have been a. We have my colleague Kenneth Propp and nonresident senior fellow at the Atlantic CouncilEurope Center and adjunct professor of european law at the Georgetown University law center and a senior fellow with crossborder data forum. He is one of the leading nongovernmental voices on issues surrounding Data Transfers and privacy. From 20112000 15 he was legal counselor at u. S. Mission to the you where he worked directly on many of these issues. Last week failing to cancel release his most recent paper last week out to cancel release his most recent paper. We are allowed to have you with us. We have had an announcement earlier this week from u. S. Commerce Department Regarding negotiations for data privacy framework and it looks like things are coming to the culmination. Could you give us an update . Also, we note the data privacy framework is reported has received criticism in europe from ngos and members of the European Parliament, how sustainable do you think the new framework will be . Are another legal challenge . Expecting another legal challenge . Lucrezia thank you. Good morning everyone. I should say im speaking on my own capacity so whatever i say cannot beat me to the commissioner mitigated by the commissioner. Expanding our process and most important steps as you correctly said, we are presented job decisions some time ago. This decision being assessed by european protection law, European Network involved in authority. They have express an opinion. Also, European Parliament has given an opinion and after that the procedure for sees the text omitted to the court submitted to the court of the 28 Member States and after that subject to the approval by 28 Member States that European Commissioner can adopt the decision. We are on track with all of the procedures and be we hope to adopt the decision soon. Two important steps have happened this week also on the u. S. Side. On the what and the fact that one end the fact that it has been planed intelligence agencies have abated evaded the guidelines that take into account the new requirements that are containing executive order that was adopted by President Biden last year then the second important step is the eu and switzerland and norway have been recognized as sorry, i should stay norway heaven recognize as the qualifying stays. That means these are the state that can benefit of the new safeguards and the new mechanism that has been created by the new executive order of President Biden last year. Given these two steps are important for the entry to the decision once it is adopted. After a bit of an explanation on our side of the important steps, to reply to your question on the stable the stability of the arrangement we have put in place, we are confident on our side that these arrangement is stable and meets the requirement of our European Courts of justice. Equivalent to the Supreme Court of the u. S. Judgments are very important to us and latest adjustment judgment amounts Privacy Shield constituted our mandate in negotiations with his counterparts in u. S. The most important requirements from the Court Related to the introduction of sectors on one end and the other end to adjust avenues for european citizens. The new arrangement we have put in place has creates place creates important safe because cuts when it comes to the safety. It is important to say these safeguards are concrete when it comes of the reasons why this data can be collected because there are it is explained in the executive order there are a number of priorities for which these data can be collected. The conditions under which this can happen, the time under for which the data can be retained. It is important is leach try to spell out that we try to spell out during the new arrangement to be as concrete as possible when it comes to the nature of the data that can be collected to the seriousness of the threat and also to the likely impact on the rise of the universe the collection. For each of these important considerations, we have a concrete the terminations determinations and also, this will be subject to an oversight. We have created the creation of a new Data Protection review course which is different from the previous. The Data Protection review court is important because it facilitates access to address to european citizens of who can access the court in their own language and the procedure in the court is facilitated and what is important is the fact that court is independent because it is considered by judges that are appointed based on the system. They cannot be removed. It is important because it creates understanding the judgments of the course, the decisions of the court cannot be changed by any member of the executive bodies in u. S. All of these we are confident. On the safeguards and the remedies and this is why we cannot exclude a challenge before the court, we confident this time the result will be a positive one. Let me press you on the timing. Businesses, every time i talk to someone about this in the business world, it is about how soon will this be done. Weve had the announcement from the u. S. This week. What is your thinking on the timing of the actual issuing of the final adequacy of determination . Lucrezia i can only say is going to be soon. Soon this month such as jess you all stay tuned on this. Suggest you all stay tuned on this. You will not be disappointed. We will be watching. Let me turn to steve lang, although the u. S. Arrangement has grabbed attention, it is not the only game in town. U. S. Has been involved with other potential arrangements on Data Protection such as the data free flows with trusts. In the asiapacific privacy rules. Could you give us a picture of these other initiatives multilateral initiatives and the approach of the by and administration . How do they relate to the gdp are and euus system . Are these alternatives to each other are they things that can be linked together somehow . Steve thank you for this opportunity to join such an esteemed panel to talk about a really important subject. I would say businesses have flagged for us many times that having more tools in the toolbox can assist crossborder Data Transfers. We have counted more than 150 Data Protection laws currently in force around the world. No two of them are exactly the same. Regulatory divergence has contributed to digital trade restrictions that mean that no one tool could possibly address all the laws at the same time. As a result, United States has adopted all of the above approach that includes the use of Data Protection framework for useu Data Transfers following the appropriate adequacy determination of European Commission but also standard contractual clauses and model contractual clauses and binding corporate rules. However given the proliferation of Data Protection laws we are focused on promoting Data Transfers models and tools that promote interoperability among Data Protection regimes around the world and tools that are ultimately scalable, recognizing the variety of historical traditions, constitutional norms, and legal standards on data privacy and Data Governance around the world. We believe the crossborder privacy rules form represent a great example of this approach. Cbpr system is a government recognize data privacy certification system. Companies can use to certify their Global Operations international;y recognize standards. Requirements are based on recorded privacy recognized in 1980s and revised in 2013 privacy guidelines. These are these core possibles reflected in data privacy regimes around the world. There are nine economies that participate in the system as full members. United states, canada, mexico, japan, republic of korea, singapore, australia, chinese, type a, and philippines supporting 4. 4 trillion in trade and investment between u. S. And these economies and we are happy the United Kingdom has also applied for associate status and we hope they will be admitted soon. Frances thanks very much. Let me follow up and say, do you see how this might intersect at all with gdpr . Im wondering how the u. S. Government is seeing this as they get ready to sign finalize the Data Protection framework. Steve i think we really see these tools are in mystery. We feel there is a need for more than one option given the vast variety in different approaches around the world that are informed by different histories, backgrounds, and perspectives. Frances thank you very much. Jane, congratulations on the paper. It is a very clear explanation of the Current Situation and of these very many initiatives steve is just discussing. I would like to focus on useu part of this and then were going to expand the discussion more on the multilateral side. What is your view, having gone through some of the earlier iterations of useu data privacy arrangements, of the sustainability of this particular framework being put forward . What other avenues that see you u. S. Have to build some kind of Data Protection arrangement should this not prove to be sustainable . Kenneth thank you. It is great to have this opportunity this morning with such a distinguished colleagues of u. S. Government and brussels. Lucretia has outlined the key aspects of the new framework. It is very likely that there will be a challenge from the court of justice and the focus will be on these aspects necessity and functionality of u. S. Analysis and oversight for individuals in the treaty. Necessity is significant for the first time the u. S. Has actually agreed to to necessity. Theyve indicated it will be interpreted according to u. S. But if you look at the agreement itself you see that the concepts are very well fleshed out. There are risk of legitimate objectives as well as ones that are prohibited. One question that will arise before a court of justice has to do with collection. The framework which says all collections not prohibited but european [indiscernible] comes quite restrictive. That is an issue for the court. The other one and it is a legal proposal to sort out was how to strengthen oversight and mechanisms. U. S. Took steps here to strengthen oversight through the Intelligence Community itself. There is involvement of the privacy and civil agreement oversight aboard which is independent federal agency, not a part of the Intelligence Community. Then most notably the creation of Data Protection new court under authority of regulation issued by the department of justice. One can find aspects of the structure on redress that are different from house some European Countries structure it, notably created by executive action rather than by statute. It is technically administrative communal window it is called board and is nothing said about the possibility of a traditional body. Does that mean he is excluded but it is not specified. My initial assessment is the stands a better chance of being sustained by the court of justice than his two predecessors. If the court looks at the framework holistically rather than looking for something exactly laws and practice there are strong bases here. The standard is social equivalents essential equivalents. At the same time it is conceivable that the court could find u. S. Does not court standards, fundamental right standards for the reasons i have outlined. The court has tradition in this area and it sees fundamental rights as one of his signature topics. I think this is a to be determined question in the end. Your second question was what else u. S. And eu might do and it might seem perverse, i am grateful to be suggesting they should do more when ungrateful to be suggesting they should do more when framework comes into fruition but given the reality that the framework might not survive at the court of justice, i think it is important for washington and brussels to be thinking about other conversations that could be fruitful. I suggest in the report one of them is engaging trade and Technology Council and the second is perhaps having discussions in context of the digital trade commitment. Data privacy framework was not negotiated by the form. That was a conscious choice. It was an ongoing negotiation at the time. Had a friend bases and front bases and finally the agencies involved particularly on the e. U. Side not necessarily the ones that are leaders in the there is a bureaucratic complexities there. For now establish itself as a useful form for finding common ground. There are topics that could be brought in. For example, it is unfairly solid work on assessing release solid work on assessing Artificial Intelligence. Why not take up the protection of privacy risk which underlines this whole conversation. The second aspect is there is commonality between u. S. And eu on the concept of accountability, blink in rules to make companies responsible stewards for the data i think that profit as well is something that can be flushed out further bilaterally and multilaterally. The last one is an additional trade agreement. There were corrections on data flows and in those negotiations. There were errors that were addressed. On data, and that negotiation. As the u. S. Starts to add trade with additional regions in the world to go back to this conversation. Some interesting options there. I wanted turn to get reactions. The need to keep talking as we go forward. If there is a legal challenge it will take some time to play out. And thinking about these multilateral initiatives and how compatible they may or may not be. One thing that those of us who have tracked this of learned is the eu system uses gdpr, its a designation by the eu, its not a negotiation. How do you see that intersecting with these multilateral initiatives . Are they something that could be compatible with gdpr, is there a way to build a compatible governance system . What are your reaction on the bilateral issues and that we will talk about that more. The consolation is, we have no borders its an important part of our economy. It contains Important Information about people. That is where we speak about customer data, who people are, what they think. Other important things, and for our public policy, its important to protect privacy. It is why in e