 Good afternoon, a very warm welcome to the IAEA webinar on international data flows and data protection, harnessing value and protecting values. My name is Joyce O'Connor and I chair the digital group here at the IAEA. And I'm delighted to be joined by our two distinguished panel speakers, Bruno Gen Carelli, head of the Unit of Information of International Data Flows and Protection, and to Una Fitzpatrick, director of Technology Ireland. Unfortunately, our third speaker, Gwendolyn Del Voc Corfield, is unable to join us today. She's unwell. She's very disappointed that she can't be with us and we wish her all the best. But we're left in very good hands here with Una and Bruno. You're both very, very welcome. And thank you for being with us and giving up your time and out of your busy schedule. We appreciate that very much indeed. Bruno and Oda will speak to us for around 10 minutes, and then I'll go to questions and answers with you or audience. You will see the Q&A function at the bottom of our screen. I'll come to your questions after our speakers have finished their presentations. As is usual, today's presentation is on the record. Please feel free to join us on Twitter and our handle is at IAEA. Today's webinar is very timely. International data flows are seen as vital to Europe's economic success. Setting the right framework for data flows can have a high impact on our economy by experts say 2030. A global survey undertaken here in Dublin by the law firm William Fry in June 2021 found that data regulation replaces tax rates as a top investment factor. The regulatory regime is the biggest driver for firms seeking to make data related investments in the EU. At the same time, international data flows of personal data can present risks to the fundamental rights of European citizens. The interplay between privacy on the one hand and national security on the other is always a complex and difficult question. We have seen legal conflicts concerning data which can pose uncertainties for business. Shrems to judgment in July 2020 clearly demonstrated that what we want to develop is an arrangement that is sustainable and which will deliver the legal certainty that all stakeholders require. Our distinguished speakers today are central to this debate and play an active part in it. Bruce Gencorelli and Buna Fitzpatrick will discuss how Europe can best promote the benefits of international data flows while promoting citizens' fundamental rights. And our first speaker is Bruno Gencorelli. You're very welcome again. And indeed as head of the international data flows and protection at the European Commission, you're at the heart of this debate. You, he is also deputy to the director for fundamental rights and the rule of law. Bruno is currently in charge of the negotiations on a successor arrangement to the EU US privacy shield. Previously, he had led the EU's commission's work in the decisive phases of the legislative reform of EU data protection law and negotiations on transatlantic law enforcement areas, as well as the institution negotiations with the European Parliament and the Council on data protection reforms, our GDPR and the law enforcement director. He has also led successful negotiations of several data transfer arrangements, including the EU Japan Mutual Advocacy arrangement, creating the world's largest free and safe data flows. He co-leads the EU negotiations with UK on all aspects relation to justice and consumers in the context of Brexit. Bruno, we look forward to your presentation. And thank you very much again for being with us today. Thank you. Thank you, Josh. And thank you to IEA for the invitation. I'm very pleased to be with you this afternoon. You have asked me to introduce this topic of cross-border data flows. I will try to say a few introductory words, but also I guess the objective here is to leave as much time as possible to change and questions and I hope answers. Let me make a few points. First, and you have already said it to a large extent, but at the risk of stating the obvious, the importance of data flows is an inescapable fact in our interconnected world. And data flows constitute an integral part of so many activities from trade to cooperation between public authority or just social interactions. The pandemic has only highlighted how critical the change of personal data are, including for ensuring the continuity of government and business operations, developing cooperation in scientific research on diagnosis, treatment and vaccine, or just being able to communicate, to talk to each other as we do today for this event. At the same time, the demand for the protection of personal data knows no borders. There's a clear need in our digital world for rules of the game on the collection and use of that. And this is notably reflected in the adoption of privacy legislation, modern privacy legislation based on shared values and common principles in many countries around the world. This is truly a global trend running to mention just a few examples from Chile to South Korea, from Brazil to Japan, from Kenya to Indonesia or from California to Taiwan. And it was very, to give an example of such a trend, it was very interesting to see at the recent first ministerial forum of the EU, India, Pacific, in Indian Pacific communities. I think we are talking about a very large, very large geographic area that one of the document that was adopted was joint declaration precisely on privacy and the protection of personal data, quite detailed document that, apart from stressing the importance of privacy as a component of a human-centered approach to the digital transformation, goes in quite some details in what are those elements of convergence between our systems. And that's quite remarkable in a world that tends to be fragmented where you often have differences if not divergences between regulatory systems. So, against this background, importance of data flows, demand for standards and common rules of the games, and more than ever before, protecting privacy and facilitating data flows can and have to go hand in hand. As data has to move across border, data protection cannot stop at the border. And protection should travel with the data. And that is why in the EU, we believe that developing strong privacy safeguards and promoting the free flow of data are not opposite objectives, but complementary ones. This is reflected in our ambitious agenda on facilitating trusted data transfers. For example, as you have already recalled, two years ago, we have created Japan, the world's largest area of free and safe data flows. We have recently concluded similar deals with the UK as a part, I would say, of the post of Brexit relationship, but also with South Korea at the end of last year. We currently talks with a number of other other international partners, in particular in Asia and Latin America on so called adequacy arrangements. We are also working on the number of other tools. The GDPR has a quite broad toolbox in terms of transfers that goes from contractual tools to calls of conducts and certification mechanism. All of this based on this idea, again, that to facilitate data flows. You need to ensure that a certain level of protection travels with the data. But again, this, this we believe that this convergence that we're seeing at it, and I wouldn't have wouldn't have said that even only a few years ago that we're seeing around the world offers new new opportunities to facilitate trusted data flows. In the same still great period, we are also increasingly working with international regional organizations and regional organization to develop bridges between different privacy systems. That's also an interesting development that I want to mention, which is recent in which, and it's interesting in terms of critical mass in of network effect that this work on international data flows is no longer only work that takes place at bilateral level to the EU and a third country, but that also can take place with a particular regional organizations in which, again, that's another illustration of that conversion was referring to a tense to have a similar transfer mechanism that we have and therefore working on bridging those different days and hours transfer mechanism is a main offers a number of interesting and developer perspective that's for instance what we're doing right now. As the, the Association of Southeast Asian countries, countries such as Singapore, Indonesia, Malaysia, and many others they have a system of what you call the model closes we have a system of model closes for transfer to schools that commercial operators can can introduce in the in the in their contracts and and and we are working on on really on on on the commonalities between their system of model close and our system of the close to see whether we can once again, bridge a system which would, of course, easily meaning which significantly facilitate the life of companies that are active in both jurisdiction. And also it shows how, when a regional organization such as and develop a tool to facilitate transfers within its region, it can also contribute to facilitate transfer between that region and the rest of the world including the EU I think you're going to see a lot more of this type of work in the coming month and the coming years, including with other areas, and other regions and other regional organization you work and feeling for instance, of, of, of, of Latin America. This commitment to data flows is also reflected in the approach we are taking in our trade negotiations at both the bilateral and neutral at a level. For example, in trade agreement in the famous trade and cooperation agreement we concluded with the UK we included straightforward provision of data location requirements. And we want to make clear and I'm not saying that this is always very easy that genuine data protection on the one hand and digital protection is on the other one are two very different things. And, and this approach is one that we are systematically applying in all trade negotiations, the lateral level of negotiating trade agreements with countries as different as Chile, Australia, New Zealand, Tunisia, Indonesia, but also at the level of regulatory level in the e-commerce negotiations in Geneva. And then, and I will finish on that, and I've left probably the most exciting piece for the end, it's of course impossible to talk about data flows without mentioning EU-US data flows or transatlantic data flows. What I've tried to explain is that of course the world is bigger than the EU-US relation and there are a lot of, there are many opportunities around the world that we're trying to say and to be done, but of course one cannot ignore the significance of EU-US data transfers. Just to give you an illustration of that, there are 55% more data flows via transatlantic cables than over trans-pacific routes. The large part of these flows are of course of person that you have of course already record the shrimps to judgment, developing a successful arrangement to the invalidated privacy sheet is a priority both in the process and Washington. I can tell you that we are working and we are working very hard on this almost as we speak and yes, those are certainly complex and sensitive issues on the delicate balance and that's delicate balancing act for the US for us or for any modern system between privacy on the one hand and national security. But we do believe there are possible solutions and we have in the past month in these negotiations made a lot of progress in developing indeed a sustainable what we hope should and needs to be a sustainable arrangement and sustainable arrangement is an arrangement that is compliant with the requirements and quite detailed requirements set by the Court of Justice, the highest court in the shrimps to a judgment, we believe that developing a sustainable and a durable arrangement in compliance with the chargement is in mutual interest of the US is that's the only way to deliver stability and the uncertainty to stakeholders on both sides of the Atlantic and and and and another protection to a citizen. So as I say, I don't underestimate the complexity of these issues. However, I believe that as like minor partners, we should be able to find appropriate solution and principle that are cherished on both sides of the Atlantic, what are we talking about here about we're talking about access to court and forcibly individual rights and limitations against excessive interference. So with with with perhaps it should be possible for the US and the EU to develop solution on these issues. And, and, and as I said, we are, we have made significant progress in the last months and we can, we're not trying to, to build on the progress to come to a successful conclusions of this, of this negotiation. But I do think that there should be more common ground to work on these issues today, even just a few years ago, including with the US, as we see that the privacy is high on the US domestic agenda and that brings me, and that will be my last, my last words in this, not so short, but a very realised introduction. That brings me to what I said at the beginning, convergence pays off in privacy. It, it, it, it, it, it brings more protection to the two citizens when when data for all sorts of reason, move around the world, and it also facilitate the cross, which means facilitating trade, which means facilitating cooperation between public authorities in areas such as important as law enforcement and security. But as I said, it also means simply, but importantly, facilitating social interactions. And as you can see that the commission has a multifaceted agenda on these issues where we are trying to work on a number of different instruments. The pure GDPR data protection instrument, but also our trade instrument and another, and another instrument we may have also trying to create more synergies between these different tools. Thank you very much. And I'm looking forward to the discussion questions that we're trying to answer. Thank you very much, Bruno. I think you've shown clearly that, although our focus has often been, you know, on the US and the negotiations that it is a global, a global phenomenon, but I was quite taken by what you said protection should travel with data. And that's probably an underlying factor, but it is as you've really clearly shown a global issue data, you know, just doesn't stop at certain boundaries and commend you on the all the work you're doing in that area and I must say, really pleased that you see seems so optimistic. And how the, you know, the negotiations are going. So thank you very much for that. I've just seen. Then the optimism I leave that for others, but certainly. You need to be you need to be optimistic. Exactly. That's, that's your have to be if you're doing negotiations and talking about optimism. And we now see that Gwendolyn De Bois Caulfield has joined us. Welcome Gwendolyn. We look forward to it to see you after Eunice presentation. So, thank you very much for being with us. Una Fitzpatrick is director of technology Ireland, the largest and most influential business organization representing Ireland's tech sector. She is vice chair of the digital Europe Brexit task force in these roles. She is dealing with the issues that Bruno has raised from, you know, within a European context, and of course from a business perspective. In the last 15 years working in the knowledge of economy, a strong supporter of new pathways into the sector. She sits on the boards of directors of fast tracking to technology, the board of biotechnology program and DCU and the MSC management program in the Norfolk Business School. She works as an advocate, both at national and international levels and works closely on the business issues with our national ministers and government as well as Irish MEPs. Over to you Una, we look forward to your presentation. Thank you very much. Thanks Joyce and thank you to the IEA for inviting me to join this webinar. As Joyce said, my name is Una Fitzpatrick, I'm the director of technology Ireland. Our membership is made up of Leedy and Irish Island and FDI players in the Irish technology sector. I'm also a board member of digital Europe, the European organization that represents the digital technology industry. His members include 61 major technology companies and 37 national trade associations. So forgive me, I may echo some of Bruno's points, but I'm delighted that we're mostly seeing from the same him sheet. And so I'd like to begin my address by highlighting the value of data flows and I suppose the five key calls from technology Ireland to policymakers. So trust of digital and data innovation connectivity and international cooperation have proven critical to our economic and societal well being throughout the pandemic and will be essential to the EU's future success and resilience. OECD research indicates that connectivity data and digital tools enabled adoption and resilience during the pandemic, but highlight the ongoing need to ensure that these opportunities remain inclusive. The EU and its like minded international partners share generational challenges, including economic resilience, the green transition, health and security. Greater connectivity and trusted digital and data innovation offer an opportunity to address these shared generational challenges. For example, on economic resilience data flows underpin modern economic activity. The OECD recognized Europe and US as important global hubs for the import and export of digitally deliverable services. Europe and the US are seen as a fulcrum of global digital connectivity being the two largest net exporters of digitally enabled services to the world. Data flows and innovation offers further opportunities for our industry SMEs and our developing ecosystem of startup and scale ups. Data indicates 90% of EU based companies from all economic sectors transfer data outside Europe, often to multiple countries, and that these transfers are predominantly used for business to business purposes. Recent research indicates that the EU would be better off by 2 trillion euro by 2030 by safeguarding data flows. However, in a potentially negative scenario where EU data governance and major trading partners somehow restrict data flows, Europe would potentially lose out on 1.3 trillion euro growth by 2030, potentially impacting all EU countries and reducing exports by 4% on average. These impacts would be cross-sectoral affecting both large and small firms and potentially downstream services such as healthcare. On the green transition, it is clear that the green and digital transitions go hand in hand and then moving to health. In its 2030 targets, the European Commission has set an EU-wide goal of 100% of patients having access to interoperable electronic health records. Digital and data innovation can be used to empower patients, improve health systems and support health care professionals. And finally on security. We must safeguard further digital opportunities for our governments, businesses, services and citizens. We should continue to develop our cybersecurity ecosystems but not lose sight of the need to remain open to international cooperation with like-minded partners in identifying and strengthening capacities to address the evolving cyber threat landscape. Leveraging further secure data innovation and data-enabled trade while protecting rights is also critical if the EU and its like-minded partners are to achieve these ambitions. I mentioned that there were five key calls from Technology Ireland. The first being that Technology Ireland calls for an EU that leads an inclusive and innovative digital decade. The European single market is one of our greatest collective achievements. At 30 years old it holds untapped potential that would come from further liberalization, a re-energized services agenda and the huge economic, societal, environmental and well-being gains of digital. Digital leadership is critical not just in supporting Europe's green transition but for Europe's inclusive economic recovery and future competitiveness too. Embracing further technological change presents both opportunities and challenges. While progress is being made the EU must not be complacent. We can unlock the innovations of tomorrow with the environment and the rules we shape today. The EU must focus on policies which foster innovation, competitiveness and resilience. The second call is the reimagining of the EU single market for the future. Single market and digital single market harmonization should be prioritized in the wake of COVID-19. Existing market barriers must be addressed along with greater liberalization for trade and services. The third Technology Ireland call is for the EU to lead a digital decade that is open for business. Resist inward looking approaches to policymaking in the open technological sovereignty agenda. Take a risk and evidence-based approach to enable AI innovation, adoption, development and investment. Prioritize a voluntary approach to data sharing with incentives, promote and facilitate cross-border data sharing and take an enabling approach to unlock further opportunities while avoiding forced data localization. Specifically regarding EU-US data flows, Technology Ireland continues to encourage the Commission and its US colleagues to reach swift agreement on a revised and resilient framework for EU-US data exchange, addressing privacy issues as well as the need of modern digitalized business. Safeguarding international data flows is important to both leveraging the potential of the trade and technology council and unlocking further opportunities for all in a digital decade. Recent episodes have shown us that the common values shared by the US and the European Union are real and with practical consequences. When the focus is on cooperation, the EU thrives by benefiting from global partnerships with like-minded countries like the US. We understand that the EU and US negotiations are making progress and there is a potential for an agreement soon, which is hoped we think about time after more than 18 months without a clear and stable path for transatlantic data. While there is an updated Commission guidance on SEC's post-SREMs to refer to as supplementary measures, members and data protection authorities across the EU member states, regulators will still have to interpret the CJA EU judgment on a case-by-case basis. So there will still be uncertainty, cost and lost opportunity until we get the new, resilient bilateral framework. The core issue is that until a resilient overarching transatlantic framework is agreed, a significant regulatory burden and cost has moved on to the private sector. While standard contractual clauses undoubtedly play an important role, there is still room for uncertainty. During Brexit, SECs were described as alternative safeguards until an adequacy decision was agreed. We encourage the EU and US authorities in their ongoing positive work to find a resilient overarching framework rather than continuing to rely solely on alternatives. Ireland should work with partners to support the European Commission in ongoing work with US colleagues to work with OECD partners to deliver policy guidance and government access to personal data held by the private sector, safeguarding national data transfers and enable further economic opportunity in Europe. Finally, by leveraging the Trade and Technology Council to coordinate approaches to key global trade, economic and technology issues to reduce the chance of property barriers hearing during the potential benefits that trade can bring. By developing shared solutions that enhance our digital capacities and shape the governance of the digital decade. The fourth technology Ireland call is for trust safeguards to be part of further digital transformation. Facilitate digital innovation products and services when completing the digital rules of the future such as the digital services package in which we call for legal certainty, proportionate obligations, clear and predictable criteria for the designation of gatekeepers and fair and efficient and testable markets. The fifth you'd be glad to hear technology Ireland call is the creation of the right conditions to unlock future digital opportunities. Prioritize investments from the Recovery and Resilience Fund and ensure good governance to unlock Europe's 2030 ambitions. Work would like minded partners to shape global digital standards and enhance capacities, particularly in relation to the semiconductor shortages. One of the stars I'm a board member of digital Europe and the technology Ireland is the Irish National Trade Association that was part of its strong tech trade association network. A recent digital Europe study carried out frontier economics show how our policy decisions on international data transfers now have significant effects on job growth and jobs across the whole European economy by the end of the digital decade. This study looks ahead 10 years and envisages as two scenarios, one where we take the right regulatory path and another where we continue the current worry and trends towards data protectionism. The difference between the two is staggering in the region of two trillion euro and potential growth, and it highlights how important data is to international trade, but also our broader digital decade goals. The study also shows that the decisions we make today will have a huge impact for many years to come. Restrictions on cross border data flows affect companies of all sizes and sector. The EU manufacturing sector stands to lose the most in absolute value, indeed more than half of our total losses from data restrictions. Data transfers are not only a key aspect of international trade, the value of which we have attempted to capture in the research with digital Europe, we were crucial for economic activity more at large. For example, moving HR information from a subsidiary to a parent company, transferring health data to a groundbreaking research or simply being able to use the perfect application for the tasks you need to do. Handling the data flows behind these business decisions has a negative impact on all companies economic prospects. Europe stands at a crossroads. It can either set the right framework for data transfers and win the digital decade, or it can follow its current trend and move towards data protectionism and lose. The analysis shows that the consequences of these decisions will have a huge impact on exports, jobs and growth, and will ultimately define whether Europe can reach its ambitious industrial and digital goals. To conclude, the situation since CJU ruling on the SHREMS 2 case has created uncertainty for thousands of firms, large and small across several sectors, who rely on legitimate safeguards to enable secure international data transfers at a time when we need to reboot our economy. Recent data indicates 90% of EU based companies from all economic sectors transfer data outside Europe, often to multiple countries, and that these transfers are predominantly used for business to business purposes. Specifically on EU and US data flows, Ireland should use its unique position as a bridge between the EU and US to try and expedite attempts to negotiate a new and long lasting data transfer agreement. Technology Ireland encourages EU and US authorities to swiftly conclude ongoing work to ensure a revised and resilient framework for EU-US data exchange, addressing privacy issues, as well as the needs of a moderate digitalized business.