Challenges and Importance of Government Access to Personal Data in Cross-Border Intelligence Oversight

Reflecting on the significance of the OECD Declaration on Government Access to Personal Data held by Private Sector Entities, this content delves into the drivers necessitating an OECD-type process, such as law enforcement needs, globalization of criminal evidence, and convergence of civilian communications and intelligence collection. It also explores the evolving landscape of law enforcement access to personal data, the impact of dual-use technologies on surveillance practices, and the intersection of national security with technological advancements, emphasizing the critical need for global cooperation and understanding of access rules.

• Government access
• Personal data
• Cross-border
• Intelligence oversight
• National security

jzahn Follow

Uploaded on Nov 22, 2024 | 0 Views

Download Presentation

Please find below an Image/Link to download the presentation.

The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author. Download presentation by click this link. If you encounter any issues during the download, it is possible that the publisher has removed the file from their server.

Presentation Transcript

1. Peter Swire Georgia Tech & Cross-Border Data Forum The Importance of the OECD Declaration on Government Access to Personal Data held by Private Sector Entities International Intelligence Oversight Forum November 28, 2023 1

2. Three drivers for needing an OECD-type process Law enforcement the globalization of criminal evidence National security the convergence of civilian communications and intelligence collection Legal change European Union law has pushed for greater transparency of safeguards in third countries Analysis of government access practices required to perform a Transfer Impact Assessment Caveat there may be other drivers for needing the process 2

3. A Resource Posted on CBDF today Christopher Docksey & Kenneth Propp, Government Access to Personal Data and Transnational Interoperability: An Accountability Perspective 3 3

4. Law Enforcement Access to Personal Data Enormous factual changes In old days, evidence of a crime in Paris was in Paris Today, evidence of a crime in Paris often will be in hands of: An EU Member State; or U.S. service provider: U.S. law prohibits disclosure of content to law enforcement, except with MLAT EU estimates that 55% of criminal cases involve electronic evidence in a different country Factual change drives legal change, to enable access U.S. CLOUD Act EU E-Evidence regulation Current U.S./EU negotiations Conclusion: The Globalization of Criminal Evidence (2018) Compelling reasons to understand law enforcement access rules in other countries OECD process addresses law enforcement access rules 4 4

5. Dual-Use Technologies: The Convergence of Civilian Communications and Intelligence Collection Factual changes From nation-states to well-hidden terrorists. Post 9/11, surveillance far beyond spies of a few nation states From domestic to foreign Before, surveil within the Warsaw pact Today, also surveillance of communications within the U.S. and allies From wartime to continuous responses to cyber and other threats. National security depends on private infrastructure So, national security seeks visibility there From military combat zones to civilian communications. Today, the same devices, software, and networks used at home and in Ukraine/Russian conflict If learn to hack for combat, then can hack in other realms 5 5

6. National Security Surveillance (2) Summary on factual changes Continuous, global (foreign & domestic) surveillance of civilian ICT National security, economic, and civil liberties domains all use the same Internet All users of the Internet are thus stakeholders in rules for intelligence collection OECD process addresses intelligence collection 6 6

7. Legal Changes Snowden revelations drove legislative reform concerning government access USA-FREEDOM Act (2015) governed intelligence collection EU GDPR (2014) passed soon after Snowden EU Schrems cases Compliance with safeguards increasingly is a requirement for lawful transfers of data For a lawful transfer, a controller must conduct a Transfer Impact Assessment of government access rules/practices in the third country Therefore, widespread legal requirement to understand government access OECD process helps entities meet the requirements to perform a Transfer Impact Assessment, to create a lawful basis for the enormous volume of cross-border transfers of personal data 7 7

8. Conclusion: What is at Stake? Optimistic view rule of law democracies can demonstrate compliance with OECD declaration Achieve data free flow with trust The importance of oversight need IC oversight to help establish trust by Internet users Pessimistic view if no agreement, and fear of foreign surveillance, then big incentive to localize data Economic and societal harms from localization Harms to national security democratic allies will have greatly reduced visibility where the surveillance is necessary and proportionate Harms to privacy/civil liberties for localization in an authoritarian regime, the result is more power for the state Conclusion build on the OECD Declaration and achieve the optimistic view 8 8