 Now good afternoon everybody Sorry, thanks for the late start and we had just we had 50 people registered for today, but there is an interruption in the Lewis Today and etc. So it's a more intimate crowd and all the better for that I'm sure so you're all very welcome to the Institute of International European Affairs We're very honored to be joined by Julie Brill today and the day after the data summit and and Julie has spoken here before in fact At McCann Fitzgerald's offices in July of 2016 An event co-hosted with the Institute which happened to occur on the same day as privacy shield came in So it was very opportune. Nothing particularly has happened today to coincide with your visit What time is it? Okay, so let me just introduce our speaker and just to remind everybody as well that Please switch off your phones or put them on silent if you don't mind Feel free to tweet at IIEA The opening comments will be on the record and the Q&A afterwards under Chatham house rules So Julie Brill joined Microsoft to lead privacy data protection and other regulatory issues as head of its privacy and regulatory affairs group And as corporate vice president and deputy general counsel for privacy and regulatory affairs. It's very long. I know very long Exhausting. I have two cards and Miss Brill is recognized in the United States and around the world is one of the foremost leaders and privacy data protection and cyber security law and policy From 2010 to 2016. Miss Brill was the commissioner of the US Federal Trade Commissioner commission appointed by President Obama and unanimously agreed by the Senate, right, yes, hard to get through the Senate these days Yes, and later to co-lead the global privacy and cyber security practice group at Hogan levels a leading global Law firm Miss Brill previously served a senior deputy attorney general and chief of consumer protection and antitrust For the state of North Carolina and assistant attorney general for consumer protection and antitrust for the state of Vermont. So With that introduction, please welcome Julie Brill Thank you, it's really wonderful to be here and I was so honored when the Institute invited me to come back I think they saw me on the agenda for the summit Yesterday and I was so so no Of course Well, it was it's it's of course, of course, and it's lovely lovely to be back and so thank you Barry for that lovely introduction so one of the things that I would like to focus on in my brief talk here is the evolution of privacy and The imperative of modernizing privacy protection to keep pace with changing expectations and norms in a world that is being transformed by rapid advances in digital technology I'm going to take you back to 1890 and The right to privacy which was one of the most influential law review articles of all time And also one of the most eloquent if you have not yet read it Written by the great American legal thinker and Supreme Court Justice Lewis Brandeis and his friend and fellow lawyer Samuel Warren They described the ongoing transformation of our understanding of rights in the face of human progress and the laws remarkable ability to adapt in response Political social and economic changes entail the recognition of new rights they wrote and the common law in its Eternal youth grows to meet the demands of society They Brandeis and Warren were moved to pen this essay because the new technologies of their time instantaneous photographs and What they described as numerous mechanical devices Had invaded the sacred precincts this is in their words of private and domestic life and Threatened to make good the prediction that what is whispered in the closet shall be proclaimed from the house tops They believed it was time to define the right to privacy in a new way Recent inventions and business models They explained call attention to the next step which must be taken for the protection of the person and for securing to the Individual the right to be let alone Now we find ourselves in a similarly pivotal time a time of technologically driven change and disruption Over the past few years how people work Play and learn about the world has changed dramatically Industries have been reinvented Jobs redefined how we create community and connect with one another has been transformed Now as then in 1890 Recent inventions and business methods have shifted how people think about privacy In our time instead of photographs and mechanical devices It's mobile devices cloud computing and more recently artificial intelligence Now as then it is time for the law to grow to meet the demands of society Today the issue is less the fear about What is whispered in the closet will be proclaimed from the house tops? Although that is still a concern In our digital world people still want their doctors to have access to their health and health information But not their friends or colleagues Businesses still need to share sensitive information with their partners, but not with their competitors and Families still want to share news about their loved ones with each other But not with strangers But because so much of who we are is expressed digitally and So much of how we interact with each other and the world is captured and stored in digital form Our understanding of privacy has shifted Instead of preserving the right to be let alone I Believe modern privacy law must embrace two fundamental realities of life in this digital age the first is that people expect to be able to use digital tools and technologies to engage freely and safely with each other and the world the second is that they want to be Empowered to control how their personal information is used Now whether we protect these two things is one of the critical challenges of our time How we address this challenge will have profound consequences This challenge has grown only more complex and more urgent with recent advances in Artificial intelligence that have greatly accelerated this pace of change Already almost without us noticing AI solutions have become essential to our day-to-day lives The power the app that they power the apps that we use that show us the fastest way to get from place to place They enable that is AI technologies enable video and music streaming services to predict what we might want to watch or listen to and They they the AI technologies help span filters detect junk email and credit card companies prevent fraud This is clearly just the beginning of the impact that AI can have on our lives Artificial intelligence especially for those of you who were at the event yesterday and saw my talk You will know that I believe in Microsoft believes that artificial intelligence has the potential to improve productivity To drive economic opportunity to keep our families homes and community secure and to help us find new ways To address some of the most pressing challenges we face in health care sustainability ensuring that the disabled have an ability to Interact in society as full Citizens to deal with climate change poverty and so much more Of course AI is built on data Vast amounts of data much of that data comes from people if We are to realize the promise of artificial intelligence People need to trust that their personal information is safe and that the companies and governments that collect and analyze it Do so in a way that is responsible and respectful But as we learned the hard way In that as the technology industry in particular has learned the hard way trust is fragile Until very recently Silicon Valley that those two words were synonymous with a generation of brilliant innovators Who are unlocking digital technology to make our lives more convenient and more fun Then came revelations of foreign cyber interference in Democratic elections the Cambridge Analytica scandal and the spectacle of Tech executives being called before the US Senate to be grilled on their practices and their ethics Now people are uneasy about the accumulation of wealth by the world's biggest technology companies and suspicious of their ethics People fear that their privacy and safety in a world of intrusive surveillance and rampant cybercrime and They are concerned that technology is undermining democracy What we need today is a new generation of privacy policies that foster trust by reflecting a modern conception of the right to privacy a Conception that embraces engagement and control without sacrificing interoperability or stifling innovation Now at Microsoft our view is that the current US framework that governs access and use of data needs to be modernized It needs to be modernized to promote interoperability with global data protection Standards and it needs to recognize that our new conception of user empowerment is in its essential part of the fundamental right to privacy This is why we were the first company to extend data subject rights that are at the heart of the general data protection regulation And we and we did so with respect to our customers all around the world And these rights include the right to know what is data is being collected about you To be able to correct that data to delete it or to take it someplace else So we have extended those rights to all of our commercial customers around the globe What is striking to me is how clear it is that the desire to maintain control over personal data is universal So as part of our commitment to give these data subject rights to our Consumers around the globe we offer a privacy dashboard Where people can manage their privacy settings? They can see what data that we have about them and they can clear that data that is delete that data if they want to Since GDPR went into effect Millions of people have used our dashboard to exercise their data subject rights And these are people that are not just from Europe our data shows that On an absolute basis as well as a per capita basis People in the United States are the most actively engaged in controlling their data Information about our from our privacy dashboard also makes clear that people in Japan Brazil China and Mexico are highly engaged with controlling their data as well Meanwhile Governments around the world are recognizing that control is something that their citizens want and need Today, we're seeing a global movement to adopt frameworks that enhance consumer control mechanisms Modeled on those that are required by GDPR New privacy laws have passed or are being developed in Brazil in Japan in India and all of these laws are designed to empower data subjects through GDPR inspired provisions Even in the United States California lawmakers have recognized this new privacy paradigm and have enacted the California Consumer Privacy Act of 2018 which is scheduled to go into effect in about 18 months It also includes provisions that give consumers more control over their data in ways that are inspired by GDPR All of this should serve as a wake-up call for US companies and for the US federal government We in the United States can't sit back and ignore the moment that we are in and the paradigm shift that is occurring Now as I said a moment ago Our goal is our goal must be to move toward privacy legislation that fosters trust and global Interoperability without stifling innovation so that we can continue to explore how to harness the potential of technology including artificial intelligence to improve people's lives We all recognize the import importance of AI and we are all racing to understand how we can use AI To improve productivity and to drive economic growth this past spring the European Commission called for public and private investment of 20 billion euros by by the year 2020 to expand AI research and development capacity and speed implementation of AI technologies Meanwhile from France's 1.5 billion euro AI for humanity initiative to the UK's new industrial strategy to Germany's upcoming AI master plan Countries across Europe are exploring how they can capture the economic Opportunities that will come from creating a strong AI based technology industry Ireland which is already a hub for some of the EU's most talented AI researchers Clearly recognizes the importance of the economic opportunities that AI promises Earlier this year your government announced plans to invest 500 million euro in disruptive innovative technologies including artificial intelligence and robotics as part of its project Ireland 2040 initiative Some US policymakers and business leaders are concerned that the reach and complexity of the European approach to privacy as Reflected in GDPR may hinder innovation in general and AI in particular. I Believe that assessment is not entirely fair There are approaches in GDPR that align with the modern AI first world Including the focus on accountability through ongoing risk assessment documentation the granting of some benefits under the law for pseudonymized data and Data processing that can be conducted on a lawful basis other than consent By balancing the rights and freedoms of data subjects against the interests in processing the data These requirements provide in my view a good foundation for moving forward in an AI first world Yet it's important to be aware that the GDPR may present some competition concerns Appropriate implementation of the provisions that are within GDPR including the ones that I just mentioned is expensive and requires a lot of attention and work a Fact that may well give large funded well funded companies a distinct advantage over startups and small and medium companies in the race to create innovative AI based products and services in addition Some of the core concepts of GDPR Reflect the fact that the basic framework was created nearly seven years ago when drafting the law got underway And so they do not reflect the current state of technical understanding and Could unnecessarily limit responsible innovation For example while GDPR's principle of data minimization Need not to be antithetical to AI technologies it is uncertain how researchers Researchers and companies can live up to this principle in the eyes of European regulators Given the vast amount of data consumption needed to ensure that AI solutions are accurate and effective In addition our researchers at Microsoft have demonstrated that processing more data about Disadvantaged groups may be needed to ensure that AI systems are fair and unbiased Currently there is uncertainty over whether companies can satisfy the data minimization principle Even if they proactively articulate and document these purposes and Demonstrate that this vast amount of data is relevant and appropriate Now another way that GDPR may reflect an outdated understanding of technology as is in its provisions relating to de-identification Under GDPR for data to be considered De-identified and therefore more widely usable in a in AI generally The process of de-identification must be essentially irreversible Data scientists have created robust de-identification techniques techniques that come close to this ideal with Everything from differential privacy to encryption to federated learning All of these technologies and techniques showing real promise towards robust de-identification But many data scientists believe that irreversible de-identification is not yet achievable Over the next few years how these and other provisions of GDPR are interpreted and how GDPR's requirements are reflected in the laws of other countries that are seeking to mirror GDPR We'll play a critical role in how the artificial intelligence revolution unfolds and Who benefits? Now how the US and the EU respond to each other's efforts to address these critical challenges Will affect our ability to maintain interoperable systems that form the basis of the free flow of information and global economic prosperity We live in a world in which the free flow of ideals and ideas and people and data is the foundation for prosperity around the globe our Economies and cultures are tightly linked and mutually interdependent Ensuring that data can continue to flow across our international borders It's critical to maintaining economic stability as well as to maintaining our open and free societies The upcoming discussions about privacy shield as well as the perennial discussions about the adequacy of US data protection laws are all important conversations and all of those conversations should continue But I believe these conversations are fundamentally hampered by misconceptions on both sides of the Atlantic about each other's laws In the US there is a belief that Europe will become an AI desert Because GDPR will stifle innovation here Now as I just discussed while there are legitimate concerns about some provisions of GDPR and how they will be Interpreted and whether or not they will hinder technological development I think the overarching concern about GDPR is in the United States. I believe that concern is overstated in the EU in On the other side of the Atlantic there is a belief that the US does not have robust privacy laws Now as I just said I agreed that the US does need to enact baseline privacy legislation that will enable users to control their data and Implement much stronger accountability and transparency mechanisms for all data Not just sensitive data like health and financial or data about children But taking a step back clearly the US did get some things right if you look closely at GDPR You'll find a number of concepts and provisions that were clearly inspired by US law These include the requirement for parental consent to protect the privacy of children The requirement for breach notification and the concept that processing should be consistent with the context of the transaction What we all seem to forget too easily is how closely aligned we are when it comes to privacy Both as a matter of law and as a question of underlying values Here in Europe and across the Atlantic in the United States Privacy laws are based significantly on guidelines that were adopted by the OECD in 1980 and that was in response to the then increasing amount of Personal data that was being transferred across national borders those guidelines the 1980 OECD guidelines were in turn based on fair information Practices that were developed by the United States Department of Health Education and Welfare in its 1973 report which was entitled Records computers and the rights of citizens report of the Secretary's advisory committee on automated personal data systems and The 1980 OECD requirements in turn influenced both the European Union's 1995 data protection directive and Influenced guidance and frameworks that were deployed by the US Federal Trade Commission my old agency for decades Now at Microsoft we believe that the baton has been handed to the United States From the European Union in this ongoing transatlantic dialogue about privacy We believe the next step is for US law to take inspiration from EU law and Ensure that the fundamental right to privacy is honored by providing data subjects with control over their data and Requiring greater accountability and transparency in how companies use data and Together we should continue that is we in the United States and you here in Europe Should continue to examine whether GDPR and the laws that it inspires around the world can be improved To ensure that innovation will flourish Now I'm confident that we can achieve these goals because beneath whatever facts and perceptions There are that divide us lies the much more important truth that our values are closely aligned On both sides of the Atlantic we believe deeply in the importance of free speech in an open internet and in free data flows all with the goal of promoting freedom of expression and equal justice under the law and strengthening global connectedness and promoting global prosperity These values are at the heart of our democratic societies The urgency to preserve and protect them has been reinforced by our histories including the fight against fascism and totalitarianism here in Europe and the Exposure and experience in the United States with McCarthyism and the domestic surveillance of Martin Luther King and other civil rights leaders The truth is that on both sides of the Atlantic We place the highest priority on protecting privacy as a fundamental right that is the foundation for all the freedoms that we treasure and We both place a high priority on fostering innovation as a foundation for prosperity and economic opportunity We have inspired and influenced each other in how we promote and protect these priorities I believe it is essential that we continue this transatlantic Conversation that have made that has made all of this possible They they these conversations are vital if we are to maintain the free flow of data that drives economic stability enables technological progress and Ultimately serves as a foundation and ball work for peace and prosperity Thank you very much You