Rethinking Privacy After Safe Harbor, with Edward Snowden

At the World Hosting Days on 16th March 2016 at Europa Park in Germany, Jean-Christophe Le Toquin, President of CyAN, was invited to represent the German industry association on a panel on “Privacy after Safe Harbor”.

This panel, opened by a recorded video message from Günther H. Oettinger, European Commissioner for Digital Economy and Society featured Edward Snowden, whistleblower and former CIA employee (by videoconference, on screen), Max Schrems (left) author, founder of, Jean-Christophe Le Toquin (second from the left) and John Zanni (third from the left), CMO, SVP Channel & Cloud Strategy Acronis.



Max Schrems was the plaintiff in a case against the Irish Data Protection Commissioner which led to the decision of the Court of Justice of the European Union “Maximillian Schrems v Data Protection Commissioner” of 6 October 2015 which invalidated the European Commission Decision 520/2000/EC. This decision had created the “Safe Harbor”, a framework that aimed at protecting EU citizen’s privacy while enabling commercial transfer of their data between the EU and the USA, in line with the requirement of the Directive 95/46/EC on the protection of personal data.

The panel was aiming at understanding what would happen next in terms of protection of privacy of European citizens, and whether the upcoming “Privacy Shield”, a new framework currently in discussion between European Commission and US authorities to replace the “Safe Harbor”, would this time provide an adequate level of protection to EU citizens. It may be useful to specify that the Privacy Shield is focusing solely on commercial transfer of data, different from the EU-US Umbrella Agreement, which is a data protection framework for law enforcement cooperation.

Jean-Christophe Le Toquin commented on the value of the Privacy Shield, the importance of a cross-disciplinary approach and what can be expected next:

–       Value of the Privacy Shield: the draft Privacy Shield may have its loopholes but the simple fact that the US Department of Justice and the Office of the Director of National Intelligence are engaged publicly in a privacy discussion with the European Commission is in itself an unprecedented development which cannot be underestimated.

–       Importance of a cross-disciplinary approach: Today, topics of privacy, business, surveillance and law enforcement requests are brought and discussed together, and the panel is in itself a demonstration of that. This is the right thing to do as it fosters a cross-disciplinary approach but as this is quite new, this creates some confusion. But this dialogue, as challenging as it is, would not have been thought feasible only 5 years ago.

–       What’s next: whether the Privacy Shield becomes reality or not, the General Data Protection Regulation – and the new Data Protection Directive also adopted in December 2015 – which will be enforced in 2018 with up to 20M€ or 4% annual global turnover penalty. With this new regulation, we will see companies providing a much greater level of transparency towards their customers on the data they hold on them. In parallel, we will also see the intelligence community going through a learning curve on what and how they communicate about their activities. Last but not least, the law enforcement authorities will continue to develop processes of cooperation with industry, hence improving the overall transparency on how personal data are handled, and hence increasing trust from citizens.