Government Access to Data after Schrems II, Brexit, and the CLOUD Act


  • Théodore Christakis


  • Joe Jones
  • Florence Raynal
  • Ralf Sauer
  • Peter Swire

Organisation: Cross-border Data Forum

Room: Online 2

Timing: 14:15 - 15:30 on 29 January 2021

Anxiety concerning the future of international data flows has reached un unprecedent peak during these last months. The Schrems II Judgment of the CJEU cast doubt about the possibility to use Standard Contractual Clauses (SCCs) for data transfers from Europe to countries that do not benefit from an adequacy decision. The post-Schrems II guidance issued by the EDPB in November 2020 accentuated this anxiety. At the same time, the CJEU, in its data retention/collection judgments of October 2020, insisted once again on the importance of adequate safeguards when data are processed for the purposes of public security. On the law enforcement side, the CLOUD Act, which has been criticized in Europe for being potentially in conflict with the GDPR, provides for the possibility to conclude agreements on LEA access to data with “qualified governments” meeting a series of safeguards. The main aim of this Panel will be to examine whether democracies could be able, through international cooperation, to respond to the challenge of setting satisfactory global standards for intelligence and law enforcement agencies access to data and to find solid and long lasting solutions for international data transfers.

• Where do we stand with the negotiations on UK adequacy?
• Where do we stand in EU/US negotiations concerning adequacy following the invalidation of the Privacy Shield? Could non-statutory interventions respond adequately to the deficiencies in US law highlighted by the CJEU?
• Where do we stand with the EU/US negotiations for an agreement on e-evidence and CLOUD Act government access to data? What could be the effect of Schrems II on these negotiations?
• More generally, what is the future of cross-border data flows in a time of debate about “digital sovereignty”?


Théodore Christakis

Université Grenoble Alpes (FR)

Professor, University Grenoble Alpes; Senior Fellow, Cross-Border Data Forum. Chair on the Legal and Regulatory Implications of Artificial Intelligence (, MIAI@Grenoble Alpes).
Director, Centre for International Security & European Studies; Co-Director, Grenoble Alpes Data Institute. Member: French National Digital Council; French National Committee for Digital Ethics; Institut Universitaire de France. As an international expert he has advised Governments, International Organisations and the private sector on issues concerning international law, cybersecurity & data protection. Data Protection Officer for tech companies.


Joe Jones

International Data Transfers (UK)

Joe heads up the UK Government team responsible for future UK data 'adequacy' arrangements. Joe's team works out of the UK Government Department for Digital, Culture, Media & Sport, the lead department on data protection policy. Prior to building this new team's capability, Joe worked in the Department for International Trade where he was Deputy Head of Digital Trade policy. Prior to working for the UK Government, Joe was a lawyer, working as an associate in the London office of Covington & Burling, advising organisations and large multinationals on data privacy in a variety of contexts: public policy, litigation, regulatory enforcement, and compliance.

Florence Raynal


Florence Raynal began her career in 2000 within the Law Firm Donahue& Partners LLP in New York, where she participated in the setting up of their privacy offer of services. Back to France, she worked as a Senior Manager within Ernst & Young Law Firm and Privacy Officer for Ernst & Young in Europe. In 2008, she was appointed Head of the International and European Affairs Department of the CNIL. She advised the former Presidents Alex Türk, Isabelle Falque-Pierrotin in their Chairmanship of the Article 29 Working Party and of the International Conference and currently the President Marie-Laure Denis on any subject of International and European dimension for the CNIL.

Ralf Sauer


Deputy Head of DG Justice's Unit for International Data Flows and Protection at the European Commission. He has been one of the key negotiators of the EU-US Privacy Shield and in the adequacy talks with Japan and Korea. Ralf Sauer has also represented the Commission in the negotiations on a modernisation of Council of Europe Convention 108. He regularly speaks at international conferences and panels on data protection issues. Prior to joining DG Justice, Ralf Sauer worked for almost 10 years in the Commission's Legal Service, among others representing the Commission in front of the European courts in more than 200 cases. He holds an LL.M. and doctoral degree from Yale Law School.

Peter Swire

Georgia Tech and Research Director, Cross-Border Data Forum (US)

Peter Swire is the Elizabeth and Tommy Holder Chair and Professor of Law and Ethics in the Scheller College of Business at the Georgia Institute of Technology, senior counsel with the law firm of Alston & Bird, and Research Director of the Cross-Border Data Forum. Under President Clinton, Swire was Chief Counselor for Privacy in the U.S. Office of Management and Budget. Swire served as one of five members of President Obama’s Review Group on Intelligence and Communications Technology. In 2015, the International Association of Privacy Professionals awarded Swire its annual Privacy Leadership Award. In 2018, Swire was named an Andrew Carnegie Fellow for his project on “Protecting Human Rights and National Security in the New Age of Data Nationalism.”