General Session | 9.15 AM to 12.35 PM (CEST)
The General Session introduced today's challenges for the cloud community, particularly in guaranteeing GDPR compliance.
Against this backrgound, different stakeholders presented their views on GDPR compliance in the cloud environment while highlighing the role of co-regulation and particularly of the EU Cloud CoC.
Moderated by
Samuel Stolton
Journalist and Editor, specialised in European politics and technology news
Opening Statement | 9.15 AM (CEST)
The morning's General Session was opened by Agniezka Bruyere, Vice-President IBM Cloud, IBM EMEA.
Agnieszka Bruyere
Vice-President | IBM Cloud, IBM EMEA
Vice-President of IBM Cloud EMEA, Agnieszka Bruyère, held the opening statement of the EU Cloud Compliance Summit 2021, announcing the approval of the EU Cloud CoC by the Belgian Data Protection Authority and the accreditation of SCOPE Europe as its monitoring body.
Bruyère gave us an insightful overview of the uniqueness and importance of the EU Cloud CoC and its approval. As she rightfully stressed, up to now, there was a lack of reliable and easy tool to assess the compliance of cloud computing services, which created uncertainty to Cloud Users as well as Cloud Service Providers. Ending this period, according to Bruyére, the 20th of May marked a milestone, which will change and build trust in the cloud computing industry.
Also providing interesting insights on the journey that leads to the approval of the EU Cloud CoC and the accreditation of SCOPE Europe, Agnieszka Bruyére underlined how proud she is of IBM, contributing to this important project and being part of this broad community.
Watch the full statement above.
Keynotes | 9.25 AM (CEST)
The Keynote speeches were held by Former Vice President of the European Commission and Member of Salseforce's Non-Executive Board of Directors Neelie Kroes, Belgian Secretary of State for Digitisation Mathieu Michel, Chairman of the Belgian Data Protection Authority David Stevens, and Director for the Future Networks Directorate, DG CONNECT, European Commission Pearse O'Donohue.
Back in 2012, when serving as Vice President of the European Commission for digital agenda, Neelie Kroes and her team tabled the European Cloud Strategy, which was responsible for kickstarting the cooperation that led to the EU Cloud CoC. Against this background, Ms. Kroes emphasized the importance of reaching the approval of the first transnational code of conduct for the cloud industry.
According to Kroes, for many years the European market suffered from confusion and legal uncertainty and, in this context, the EU Cloud CoC puts forward a high-quality baseline which fosters the indispensable trust to significantly broaden the adoption of this key technology across Europe.
Watch the full statement above.
Belgium State Secretary for Digitization delivered a powerful message while addressing the approval of the EU Cloud CoC and accreditation of SCOPE Europe. Mr. Michel congratulated all stakeholders involved and affirmed that this initiative attests to the potential of collaborations among the industry, public and regulatory authorities.
Furthermore, the Secretary stressed that given the complexity of data protection law and regulations, providing appropriate guidance to both controllers and processers is extremely important, especially for SMEs. In that regard, the EU Cloud CoC emerges as an important tool to guarantee that rules and obligations are clear, which supports the necessary building of trust, indispensable element for citizens to engage in the digital transformation.
Watch the full statement above.
After congratulating all those involved in the approval of the EU Cloud CoC and accreditation of SCOPE Europe, Mr. O’Donohue has rightfully emphasized the importance of this milestone to ensure the appropriate translation of GDPR principles into practical and workable tools.
Furthermore, the Director Future Networks at DG Connect addressed the vital role of the industry in supporting the implementation of state-of-art data protection, especially within a highly innovative environment such as cloud computing. Moreover, he affirmed that the EU Cloud CoC is a baseline upon which future initiatives shall be built to continuously guarantee the meeting of European standards.
Watch the full statement above.
Chairman of the Belgian Data Protection Authority, David Stevens, has joined two segments of the EU Cloud Compliance Summit. During his first intervention as a keynote speaker, he walked the audience through the reasons why the EU Cloud CoC become the very transnational code of conduct to be approved under GDPR and SCOPE Europe the first accredited monitoring body.
According to Mr. Stevens, the key elements that make this instrument unique consist of its broad scope – covering all cloud offerings from infrastructure, through software and platform services –, its open nature which ensures suitability for the overall cloud community, including SMEs, and finally the transparency provided by the Code’s structure.
Watch the full statement above.
Membership Statements | 10.00 AM (CEST)
“The code sets forward clear actionable and verifiable controls to protect personal data in accordance with the EU standard of care. Adherence to the Code enables hundreds of millions of EU users to safely participate in digitalization, innovation and economic growth”.
“We have been thrilled to see and contribute to this effort over the last 4 years […] we, as part of this announcement, are thrilled to share that we, ourselves at TrustArc, have made the EU Cloud CoC standards available within our platform and very specifically we are excited to share that our brain new data driven privacy management solution, called privacy central, has incorporated in the EU Cloud CoC”.
“We are pleased that the EU Cloud CoC forges the high constant standard of data protection and the necessary room for continuous development and improvement in the cloud market. We look forward to working with all member partners for the joining efforts under the Eu Cloud CoC, it is our great honor to have this opportunity”.
“This joined effort between public authorities and private companies will create transparency eliminate legal uncertainties and will establish an entirely new balance between interests of all involved parties in the cloud sector”.
“We appreciate the strong leadership by SCOPE Europe, we are proud to be part of this community which has not only invested a lot of time and resources in the development of the Code, but it is also working hard to develop sound and lasting solutions for the cloud market in Europe”.
“The EU Cloud CoC is a huge leap forward towards transparency, accountability, efficiency and standardization in respect of privacy for all cloud service providers […] as comprehensible and reliable framework for GDPR compliance”.
“As cloud services has become increasingly integral to our daily lives […], we believe that codes of conduct serve a vital role in cloud service providers trust […] The EU Cloud Code of Conduct is key to demonstrate how cloud services providers can meet high data protection standards”.
“We have been a member of the EU Cloud CoC for several years and believe this is important for the fast-growing SME segment within the EU to show compliance […] we think the Code will help us to show trust, not only for organisations within the EU, but also for other organisations around the globe”.
“The ability to protect rights of millions of people by fostering an environment of innovation and growth has never been more urgent and the EU Cloud CoC is the combination of years of work and does exactly that”.
Panels | 10.30 AM to 12.35 PM (CEST)
Panel I | 10.30 AM (CEST)
Panel I convened key stakeholders responsible for the materialisation of the EU Cloud CoC alongside representatives of major cloud users’ groups, namely the automotive and financial industries.
This set up aimed at putting forward a discussion on the main drivers of co-regulatory initiatives while touching upon the particular role of different actors when it comes to the design, negotiation, and implementation of these instruments.
Michał Paprocki
Chief Technology Officer | Euroclear
Oliver Draf
Chief Privacy Officer | Volkswagen Group
Jonathan Sage
EU lead Government and Regulatory Affair | IBM
Chair of the EU Cloud CoC General Assembly
Helmut Fallmann
Co-CEO & Co-Founder | Fabasoft
Co-Chair of the EU Cloud CoC General Assembly
Jörn Wittmann
Managing Director | SCOPE Europe
Panel II | 11.35 AM (CEST)
Panel II explored how the experience of contributing to the development of an approved code of conduct has concretely impacted Cloud Service Providers and their day-to-day activities, including their internal policies, compliance exercises, as well as their market and government relations.
Moreover, this round of discussion included one of the main creators of the monitoring concept behind the EU Cloud CoC, Former German Federal Commissioner for Data Protection and Freedom of Information, Peter Schaar.
This set up promoted an interesting parallel between what has been primarily envisioned and the actual materialisation of this mechanism. In this context, Cloud Service Providers were able to present their experiences when it comes to the ongoing due diligence put forward by the monitoring processes, besides sharing the overall benefits of adhering to the code.
Matthias Cellarius
Head of SAP Data Protection & Privacy; Head of SAP Export Control | SAP
Barbara Cosgrove
Vice President, Chief Privacy Officer | Workday
Nathaly Rey
Head of Data Governance EMEA | Google Cloud
Karine Picard
Vice-President Business Development EMEA | Oracle
Peter Schaar
Former German Federal Commissioner for Data Protection and Freedom of Information
Jo Copping
Senior Director, Privacy EMEA | SalesForce
Special Interest Session | 1.00 PM to 3.50 PM (CEST)
The afternoon's Special Interest Sessions were designed to provide several deep-dives into core elements of the EU Cloud CoC as well as some of today's major concerns for the industry as a whole. In this spirit, three Workshops largely explored topics such as the requirements for developing co-regulatory tools under the GDPR, the benefits of having these standards in place, and the potential role of codes of conduct to tackle third country data transfers in the post-Schrems II landscape. Last but not least, detailed insights on the formal processes of approval and accreditation were also shared throughout those sessions.
Moderated by
Gabriela Mercuri
Deputy Managing Director | SCOPE Europe
Workshop I - Membership, Benefits, and Marketing | 1.00 PM (CEST)
Workshop 1 promoted an in-depth discussion on the path that led the EU Cloud CoC to reach its current state and value add, exploring the experiences of three CSPs that have been actively involved in the project alongside the angle of a legal expert who has contributed significantly to the very conception of the Code.
This session highlighted the concrete experiences of these key players, discussing the overall benefits of engaging in this initiative while analysing how the particular structure and management system put forward by the EU Cloud CoC has impacted their internal procedures as well as external relations.
Aliki Foinikopoulou
Director, EU Government Affairs and Public Policy | Salesforce
Hans Graux
Attorney-at-law and Partner | Time.lex
Corinna Schulze
Director, EU Government Affairs | SAP
Charlotte Thornby Nielsen
Head of EU Affairs, EMEA Senior Director Public Policy and Corporate Affairs | Oracle
Workshop II - Governance, Monitoring and Regulator's Perspective | 2.00 PM (CEST)
The main purpose of the EU Cloud CoC is to concretise the legal requirements of Art. 28 GDPR – and all relevant related Articles of the GDPR – for practical implementation within the cloud market and its structure consists of two main parts: the code text itself and an accompanying Controls Catalogue.
Given this particular architecture, which puts forward a high level of legal certainty while fostering innovation and growth, this workshop gathered key stakeholders involved in the design of the Code's structure – namely, the Belgian DPA, SCOPE Europe, and the industry. This group of experts discussed then how GDPR provisions have been materialised over time though this initiative, the main challenges encountered throughout the Code's development, and explored potential post-approval impacts not only for the cloud, but for the privacy community as a whole.
Antoine Bon
Legal Advisor in Privacy and Data Protection | Belgian Data Protection Authority
Alkesh Haria
Regulatory, Compliance & Business Privacy Leader | IBM
Frank Ingenrieth, LL.M.
Director Monitoring and Auditing, Legal Affairs | SCOPE Europe
Fabrizio Venturelli
Senior Director, Global DPO | Workday
Workshop III - Data Transfers and Other Additional Modules | 3.00 PM (CEST)
Knowing that the EU Cloud CoC General Assembly started to work on an effective and yet accessible safeguard for third country transfers in the format of an on-top module to the Code, this session specifically focused on the potential impact of this initiative.
The aim of this module is to create a robust framework that can concomitantly guarantee that third country transfers can respond to the fast-paced dynamic of international markets and that data subjects are properly and uniformly protected in accordance with European standards.
In this context, during this final session, panelists discussed how the Third Country Module initiative is another testimony of how codes of conduct have the unparalleled potential to guarantee the enforcement of data protection standards while creating an appropriate environment for businesses to thrive.
Paul Breitbarth
Director EU Operations & Strategy | TrustArc and Nimity
Marc Crandall
Global Head of Privacy | Google Cloud
Cornelia Kutterer
Senior Director, Rule of Law & Responsible Tech, European Government Affairs | Microsoft
Lorena Marciano
Director Global Privacy & Data strategy | Cisco