 I suppose I should start by saying what a pleasure it is to be here, but I have to say it's with some unease that I'm here, particularly those who study the work that we do as a regulator. I think I should sort of know what I'm doing, but I think many of you probably know more about my job than I know about it myself. Actually, there is just a note of caution there in what we're talking about, because some of you do analyse what we do as a regulator. You say, this follows this, and there's this pattern there, which sometimes is true, but very often we just make it up as we go along, but we just do what's right at the time. David has a cannial ability to make me particularly uneasy, because he always says, well, you said that in that piece of guidance two years ago, and now you're saying that today. And how does that tie up with this judgement on satirmedia or whatever? And I think, well, I ought to be able to answer it, but really I haven't got the foggiest idea, and not everything necessarily does tie up. And I wonder if, there certainly is for us as a regulator, I wonder if even with a little bit of the courts and even to CJEU, where you can analyse it too far and sometimes they just decide what's right on the day in the circumstances. I have to say, David, you made me even more uneasy by inviting me very kindly to the post conference dinner at Trinity Hall, a college which I'm sure much to its regret declined to have me as one of its students. I think some 43 years ago when I applied for them, but you didn't know that unless it's on Google, of course, and you could have said that. It probably will be no you. Now what I want to do, and I haven't got long, is just say a little bit about how we see the judgement as the regulator, put it in a wider context, and then talk about, you know, not just about the Google judgement, but about the forthcoming regulation and the impact that that will have on the shape of EU regulation of the internet. So, I mean the judgement, we've talked about this. The crucial thing really for us was that the court decided that Google was a data controller, the way in which it processes personal data. And the clear message that we read from that is look, you know, you sort of don't escape EU law by some argument that, you know, we're neither a controller nor a processor, or we've come along since the legislation was developed and so we're sort of not caught by it. Eventually the law will catch up with you. So if you're doing anything as an organisation or business on the internet that involves you manipulating information about individuals that has some sort of impact on them, you get caught, and it's not personal data or not a controller, you'll get caught. And of course you get caught territorially on applicability, but I'll leave that, that's more for discussion in the next session. And then of course Chris Pounder I think was right, once you get to the, you know, you're a controller, EU law applies, then it's just binary. Once you're a controller, the whole obligations of the directive then fall on you to comply with. Yes, that leaves us with a bit of a mess, there's a quandary, things like sensitive personal data. Excuse me Dave, you don't ask me to answer that, there's a problem there. But it will be solved somehow at some point and it's the right direction that we're heading in. And of course implementation of the judgement, yes there are critics of it, but there are 200,000 people now who have complained to Google. Nearly half of those have had the URLs removed and very few have ended up as complainants to data protection authorities. So there are, I hesitate to say it, but a lot of satisfied people or a lot of people who have had real concerns and whose privacy is better protected now. So it is having exactly the right effect. But let's just look at it in context. Again others, particularly all of this morning have talked about that, you know, this is just part of the way CJU case law is going. So I won't develop that further. I think what's very important for us is the emphasis that's being placed by the CJU on the charter and particularly on article 8, the right to data protection and seeing that coming through. And we, I think, you know, all of us in this sort of data protection community, are a huge voter thanks to a former chair of the article 29 working party, Professor Rodd Attar. I have to say not for the way he chaired the meetings, but for the work he did in actually working politically to get this data protection right inserted in the charter of fundamental rights which is being developed. And I don't think any of us other than him realised how important it would be. And it really is making a big difference now. And I think we're seeing, you know, not necessarily the charter itself, but the direction of travel flowing through into the UK courts. There was a case, just a high court case a few weeks ago in Northern Ireland concerning Facebook where an individual who brought a case to court against Facebook and against someone who was running a Facebook page on keeping our kids safe from predators. And this was about, well, outing paedophiles, paedophiles who served their sentences and who were being rehabilitated into the community. And the court there, not under data protection, although data protection issues were raised, find not just the person running this page, but Facebook themselves, £15,000, I think it was, on the basis that they had a responsibility for the content that other people were putting onto Facebook. And we've just got this direction of travel where it's not, you know, Facebook isn't a neutral place where you post information and it's only between the individuals who are posting it and people who see it. And I'm sure Hugh will tell us more about today's Court of Appeal judgment, which is all part of the same trend. We talked about the courts being emboldened. I think we as regulators are emboldened as well, because it's all going, we've got a fair wind behind us. It's all going in the right direction of travel. And I remember the ICO took a case, this must be getting on for ten years ago, about police retention of data in the UK and essentially the police retain criminal conviction information forever and we thought that was excessive in data protection terms. And although we won our case at the first stage tribunal, the Court of Appeal came down heavily against us. I think the Court of Appeal, well, they might come to the same conclusion now, but their reasoning and approach will be much more favourable to our position now than it would have been. We've got a, as I say, a fair wind behind us. I think also, and this isn't the goo case, the Snowden revelations do have a real impact on internet regulation in the future, the lack of trust, the impact on encryption and can we encrypt our messages and trust encryption. The impact that this has on the draft European regulation, where we see some of you will know article 43a introduced by the Parliament, which attempts, I think, to do the impossible, to reconcile what's a conflict of laws where, I mean everybody points to the US, but it's not just the US, but where our businesses in Europe are required by US law to release information on some significant penalty from the US. Releasing that information would actually be a breach of the European legal framework. I have to say, we as regulators can't really resolve that. Only governments and international treaties can, but it's all playing into the future of regulation. And with the proposed regulation, the future regulation, I think what we are seeing is that sort of case law under the existing directive is moving as actually closer to what's proposed in the regulation. So maybe when we get the regulation, eventually maybe a year's time from now, it won't be quite the leap that we were expecting because under case law would be a long way in that direction already. Just a couple of points about the regulation. I won't go into detail about all of these, but the material scope that processing and personal data is huge, everything is caught. At that time, we were talking our IP addresses caught by this. Clearly they are now as technology moves on and we move to IPv6, if they will be even more clearly our personal information. So again, your technology is taking us more towards IP addresses being personal data, the way the law is taking us more to it, it's all converging. Territorial scope will cover. People place a lot of emphasis on consent and as a regulator, I get very concerned about those who see consent as the answer to every problem. And if we just give individuals consent to everything, they will be protected and that will be fine. And in practice, of course that doesn't work. People, they don't make informed choices, they just plough ahead. We need to think more intelligently than just seeing our consent as the answer. We have the right to be forgotten in the regulation as it was called, although whether that will be the title at the end, because it was just as an accurate title in the regulation as it is about the costager decision. But what we do have there and what I think is very important is this right to object, where put very simply under the way the law is currently structured, I can object to your processing of my data, whether it's on the internet or not, but I have to make the compelling case to you as to why that should happen. The onus, if it goes through, will be the other way around. And I make my case, I just say I object, and you have to make the compelling case as to why you should continue to process. And I think although there's been very little attention, if that comes through and that right exists, it really will shift the balance of power and put some very important rights in the hands of individuals. Just to talk about the exemptions and derogations, David would think I was a myth if I didn't talk about the exemptions for freedom of expression. What I would just say, these are hugely important, and the whole basis of the regulation is about harmonisation across Europe, the same rules. Yet when we come to the exemptions for freedom of expression, these are left up to member states. I happen to think that's right because I think harmonisation is a step too far, more consistency, yes, maybe not harmonisation. So we still will see, I think, potentially significant differences in how this is applied. I know I've only got a minute or so left, so just a word about our role as supervisory authorities. I don't make any pleas, but life is getting more and more difficult for us. The Google decision, these decisions on what should be taken down, what links should be moved, are very difficult decisions. I mean there are extremes that anybody can make those, but the ones around criminal convictions and should it just be spent convictions come down, and what if their convictions to do with commercial businesses fraudulent trading and you're still trading, even though it's a spent conviction should that go and some very difficult decisions. I have to say that I think the rhinos decision makes life even more difficult for us, because it does take us into processing by individuals, and yes you have your CCTV camera on your house, it's overlooking a public area, and I think it must be by extension if it's overlooking your neighbour's garden, then that's probably not within the domestic exemption. So how do we deal with warring neighbours over someone's camera snooping on another? It's not just sort of difficult to deal with the individuals who are complaining. Our tools, the enforcement tools we have don't enable us to deal with that. I mean we have monetary penalties administrative fines, but they're not there for individuals. So we will make it work. We have this arrangement of the one-stop shop, the consistency mechanism coming up through the regulation, which as it goes through discussions in, particularly in the council in Brussels, is just getting more and more complex. If there are pages and pages just about how we ensure consistency across Europe. So I just come back to the point to conclude with that all are made, because I think all was talking about the courts and suggesting they might be indifferent to the disconnect between law and reality. I worry a little bit the same about those who are now drafting the regulation, and particularly as we get on to the trilog process, is there going to be a disconnect between those who are trying to come up with a legal instrument that solves everybody's problems and brings the whole of Europe, all 28 countries together in one solution. They may do that, but will it address the reality? I think one of the realities at the end of the day has to be this access to justice. It's all about individuals and protecting individuals. 30 pages of legal niceties on how the one-stop shop operates don't actually help individuals. They need simple, clear law rights which are easy to exercise, even if they're not perfect. We aim a bit too much for perfection and not enough for effective rights in reality. So I'll stop there. Thank you very much.