 First of all, I'd like to thank the organisers as well for the invitation, it's a great honour and privilege to be here. Very interesting intervention so far and I think it's been a great day so far. I hope to add to it. Maybe I should just add a little bit to my background in regards to what Nora already mentioned. I initially started my career years ago, about 10 years ago as a civil servant at the Danish DPA where I also sat as an alternate for two years on the Article 29 Working Party. I was then subsequently a few years later I was the chair back in 2012 of the DAPEX Working Party which is negotiating the new draft data protection regulation as you may know which is sort of the context that I'll be speaking out from now and I have also actually written a co-authored an article that was published here by Cambridge in the yearbook on European legal studies which touches upon the proposed regulation and it has the title of the illusion of harmonisation just you know where I'm coming from in regards to the regulation. But as the privilege of being the last speaker in a long day of course I'll try to keep it short and to the point and let's get into it. Just quickly I thought it might make sense to just update a little bit on the general data protection regulation and what has been going on and why is this taking so long. I think one of the things that is often missed in the debate on the regulation moving forward is that there are many reasons why this is taking a lot of time. You could argue initially is it even delayed because there is no set time limit of course. That's often what's been said is that in some ways the council is delaying, it's postponing, it's not living up to some deadline but there is no deadline. What actually is important to remember is that it took a long time to pass the previous directive or the current directive that actually took five years to negotiate. That was in 1990, 1995 and we only had 12 member states. Now we have 28 member states and a European Parliament that also wants to play a big role. But even more important and just to illustrate that there are a lot of interest at stake. I think everyone in this room are aware of that but just to give an example back in October of 2013 the European Council was supposed to discuss the data protection regulation. You may not notice both those who are not completely engaged in how council works. At the bottom you have the DAPIX expert working party. On top of that you have the core pair which is the ambassadors to the EU of all the member states. Then you have the Council of Ministers for whatever sector you're in. So in this case it's the Justice and Home Affairs Ministers and on top of that you have of course the heads of state or the heads of government in what's called the European Council. They've only discussed the data protection regulation once and that was in October of 2013. What's interesting there is that on the very same day as Angela Merkel was going to go to Brussels to discuss this regulation, this exact proposal, the very same day the revelation from Snowden came out about her phone being tapped. Now you could believe that that was a coincidence that that didn't happen you know it could have happened two months later or two months earlier. Who knows? But it happened on the very same day. Now I don't believe in coincidences of that kind. So I take that as a very illustrative example of how many and how big interest are at stake in this one proposal and they are commercial and they are political and they are technological and societal and a lot of other things and I think the discussion today has demonstrated that. But I think it's important to keep that in mind when you're discussing whether or not this is moving too slowly and why it is taking so long and what is what are they actually discussing. Well what's happening right now I think it's fair to say that that there has been a process in council which is taking some time. I think they're also running out of time because I think there is a political incentive to get this done at least in council within the year. So I think that the latest development was that a few weeks ago they agreed a what's called a partial general approach on the one stop shop. I stayed here it was somewhat strained in the sense that it's not completely closed and there's probably a revision clause being put in so we can open this whole discussion up in maybe 10 years time and have fun again. And it was also agreed under the caveat that nothing is agreed until everything is agreed. So they're not completely agreed on this but still it's moving forward and I think that there are strong signs that they will close up the council part of this in June and which means that straight after that the so-called trial will begin which means that the process shifts fundamentally. So you go from having a large room with a lot of experts and a lot of leaks and a lot of different agendas into a very small room with only three stakeholders in the room being the council rotating presidency, the European Parliament rapporteur and the Commission's civil servants negotiating this proposal. So that's going to I think that's going to energize the process in many ways and I think it will solve some of the issues that have been that have been created especially in council I have to say. Council's process has in some ways broken down. I don't think what's what's happening right now is constructive on the one-stop shop and that is going to that's going to need some fixing at some point but Mr. Smith already touched upon that earlier. The final time frame I put a question mark there because no one knows, no one can actually predict when this will happen. Some are saying that if they start in June they could do the trial log by the end of the year. I find that fairly optimistic. That would be one of the fastest trial logs I have ever experienced and giving how big the proposal is and the stakes are high. I think that might be a bit positive but maybe early 2016 would not be completely out of the question I think. So that's probably the most likely scenario in my opinion but no one really knows. But moving forward to this sort of more specific point that I was asked to touch upon today. I thought that the best way to do it was basically to show what has been on the table so far regarding jurisdiction or applicable law and it's all in the same article and actually it's one of the few articles that all different actors to all the three actors including council have actually agreed some kind of common positional. So we got the territorial scope. Now what I've tried to do here is what is the italics text shows what is basically similar to the existing wording. So that's not new wording in regards to territorial application. The underlined is in this commission, this is the commission proposal from 2012 are now new suggested added wording. So an interesting point here is that they just put in, which is a more fundamental point, the fact that now the processor is now mentioned specifically as someone who's obligated directly by the regulation when processing data within the union. Now in the second instance of the original proposal from the commission, you can see that they add on some new wording. And what's actually interesting here is that they focus on either the offering of goods or services to data subjects in the union or the monitoring of their behavior. Now the interesting thing here is that this regards, as you can see in the first sentence, data subjects residing in the union. And the processing is being carried out by a controller not established in the union. Now during the negotiations in council, one of the first questions we had is we did the first round of comments on this proposal was, okay, so let's say that a European citizen who resides in the union goes to New York and is caught by a video surveillance camera by a controller who's not established in the union. That would trigger this entire regulation then. Secondly, obviously you can ask the question, what is monitoring in any case? I think the original idea from the commission, although they were not very willing to divulge precisely what they meant by monitoring, is regards to online tracking. Any kind of tracking technology, cookies, whatever, obviously that's an important issue. You want to address that. But of course, you need to make sure what this means. And this goes to the heart of why it's taking a long time in council because there are many issues like this throughout the regulation. And it's going to be difficult to sort of define this and it's going to be one of the many issues that are going to be left to the DBAs to figure out I think. Moving forward, the final part is also actually a pretty basic or really well-known text from the current directive. Doesn't really add that much. Moving toward the parliament then suggests they added an extra sentence to the first section of the article saying that whether or not processing takes place in the union. So this would mean apparently that for instance a processor who decides to or a controller decides to put data somewhere else will also for that in regards to that data be specifically called by the regulation. That makes sense in a certain way. Now they've also added the bold here is additional wording from parliament, what they thought is important to add to there. And they've added or processor. So again, a processor is now specifically targeted out as they made a objective to regulate by the by the law. Obviously that also adds new questions and layers of complexity to what will this actually mean for someone like Google. I'll come to that at the end but also an important issue is whether or not a commercial transaction takes place. But again they're keeping the idea of monitoring data topics in the text. And actually council is doing something very similar. Because here's their proposal and they have just but they have added in order to address the issue that I mentioned earlier about the video surveillance going on in New York to narrow the provision to only take into account behavior that tracking monitoring sorry that is covering behavior that takes place within the European Union. So this will still presumably catch a tracking cookie being placed or following someone within the European Union but not if you're exposed to some kind of surveillance while you're on holiday on the Maldives. So that makes sense in a sense. And again maintaining the traditional sort of public international law jurisdictional rule. So what will this all lead to? Well at the end of the day I think it's fairly certain that there will be a I only write here some degree probably a large degree of extraterritoriality. I think that's plain to see. All three co-legislators all the three institutions agree that the rules should apply in third countries. Now this raises a number of questions of course. First of all is what is monitoring as I already mentioned which is a separate issue. You can argue that for a long time I think and again the DPS will have a lot of work cut out for them trying to figure out whether or not this rule has been has been triggered or not and if it has how do they enforce those rules. Coming from the Ministry of Justice being a lawyer who cares about how you draft rules I have to say that making rules is one thing but you always want to make rules that you can actually enforce in reality. For many reasons just as I am not a big fan of the idea of the title of the right to be forgotten because I think it creates false expectations I think the same is the case if you are setting up rules that you claim apply to what is going on in a third country and not providing tools or realistic options for the authorities to actually enforce those rules. So I think that's going to be a central issue that is probably not going to be solved by the legislator but more by the facts on the ground. So I think it will create unrealistic expectations and you can also ask what will the third country think about the EU extending its competence in this way. Some will argue well the US is already doing this but well the world is bigger than just the US and I think the EU needs to consider carefully whether or not it is a suitable way to go to impose their rules on what's going on in third countries. But I'm afraid that no one's going to be listening to me in this regard and I think it's definitely going to happen no matter what I say here today. And what does this mean in regards to Google Spain president? Well given the fact that the court has said pretty clearly that they consider Google to be a data controller I don't think that there can be much doubt than that that these rules will obviously be triggered in regards to almost anything that someone like Google or any other search engine will be doing because they will either be a data controller or data processor most likely a data controller given the president. Obviously as long as you're using the same terms as has been laid out by the court in the verdict there's no reason to assume that the law would be different. So going forward I think this is still going to be an issue the place to solve it would be in the definition and the elaboration on the right to be forgotten in the actual regulation and that is yet to be closed. So that was that's all I wanted to say I just let me just finally just leave with maybe one observation I made listening to somebody the earlier interventions during the day is that I think I often think when I hear discussions about this verdict that that there's what you might call the degree of cognitive dissonance there's on the one hand the argument that it is absolutely crucial that data be removed from from search engines from Google. I think the wording was supposed to be said that that in the actual case the problem was Google it was not the cassette it was not the initial publication that was the issue it was Google that we had it was crucial that we that we went to and had the data removed because that's where they found the data but then on the other hand sometimes even the same people in the next sentence can pivot and say well when it comes to discussion of freedom of speech and possibly censorship and whatever you would call it well Google is not really that important I mean that's not where we find our information necessarily you know it's only part of our information it surely has to be has to be important in both regards so I think it's important to recognize that fact and also recognize that the the basic tension is that on the one hand you have a societal value which is freedom of speech and then you have a very more perhaps more personal value so in the instance in these specific instance there will always be a tendency to lean towards recognizing the individual's right to have something deleted and no one is really advocating the sort of societal side of that issue and I think that's that's a big tension right now in in the debate and that's a big issue on and where that's going to end up is going to be be very interesting to see going forward I don't have the answer