Francoise Gilbert Navigates The Tempest Over US-EU Safe Harbor
Francoise Gilbert is one of the preeminent authorities on global privacy protection. She is the author of a leading treatise on privacy and security law, “Global Privacy and Security Law” Aspen / Wolters Kluwer Law and Business (2009-present) and co-chair of the Practising Law Institute’s Annual Privacy and Security Law conference.
She has focused on information privacy and security for more than 25 years. Interested in the challenges raised by hackers such as Robert Morris and Kevin Mitnick in the late 1980’s and early 1990’s, she began conducting extensive research of the existing laws. In 1991, she published her first law review article on Breaches of Security and started working with clients on the legal issues stemming from attacks on their systems. In 1992, she became involved in emerging health security and privacy issues in the use of technology for telemedicine services. In this connection, throughout the 1990s, she contributed to the drafting of several federal and state bills that were the predecessors of HIPAA.
Since then, her practice has evolved as privacy and cyber security laws and jurisprudence were developed in the United States and globally. Francoise deals regularly with compliance challenges raised by cloud computing, connected objects, smart cities, big data, mobile applications, wearable devices, social media, and other cutting-edge developments. As a practicing attorney, she advises public companies, emerging technology businesses and non-profit organizations, on the entire spectrum of domestic and international privacy and cyber security issues legal issues.
Françoise is internationally recognized as a thought leader and expert in data privacy and cyber security. She has been continuously praised for her experience and in-depth knowledge of this area. She was named “2014 San Francisco Lawyer of the Year” by Best Lawyers for her work in information privacy and security, and listed in Chambers USA and Chambers Global (since 2008), Best Lawyers in America (since 2007), and Who’s Who in Ecommerce and Internet Law (since 1998). Françoise has also been recognized as one of the US “top privacy advisers” by Computer World and as an “attorney who matters” by Ethisphere.
A native of France, Francoise has a law degree from Loyola University of Chicago and the University of Paris/Faculté de Droit de Paris and is accredited as Certified Information Privacy Professional (CIPP/US and CIPP/EU) and Certified Information Privacy Manager (CIPM) by the International Association of Privacy Professionals.
Francoise has spoken and written extensively on the US-EU Safe Harbor, most recently raising the question of whether the invalidation of the Safe Harbor will lead to “a world of data silos.”
US–EU SAFE HARBOR TIMELINE
- 1995 – European Commission adopts Data Protection Directive providing that the transfer of personal data to a third country may, in principle, take place only if that third country ensures an adequate level of protection of the data.
- 2000 – US and EU reach agreement permitting transfer to US companies who comply with Safe Harbor Privacy Principles of (i) Notice; (ii) Choice; (iii) Applicability to Onward Data Transfers; (iv) Consumer Access; (v) Security; (vi) Data Integrity and (vii) Enforcement.
- June 2013 – Austrian Maximillan Schrems seeks order from Irish Data Protection Commission prohibiting Facebook from transferring personal data to U.S. in light of Snowden revelations, contending US law did not ensure adequate protection of the personal data held in its territory against the surveillance activities.
- September 2013 – European Commission outlines 13 steps to be taken to make “Safe Harbor Safer”. US begins negotiations on Safe Harbor Reforms.
- June 2014 – Federal Trade Commission announces crackdown on false Safe Harbor certifications.
- September 2015 – US-EU Reach Umbrella Agreement for privacy protection of data shared by law enforcement authorities. Will grant EU citizens judicial redress in US for privacy violations.
- October 6, 2015 – European Court of Justice invalidates Safe Harbor Agreement.
- October 15, 2015 – European authorities set January 2016 deadline to negotiate new Safe Harbor Agreement.
- October 19, 2015 – Israeli authorities announce it will no longer recognize EU Safe Harbor certification as sufficient for Israeli data protection requirements.