On 7 October 2022, President Biden signed the highly anticipated Executive Order on Enhancing Safeguards for US Signals Intelligence Activities. It is the cornerstone on which the new EU-US Data Protection Framework will be built. It is intended to create an effective mechanism for transatlantic data flows and to bring renewed legal certainty.


Vast political will and energy has gone into negotiating the Framework and answering the concerns of the CJEU in the Schrems II ruling that took down its predecessor. The negotiators have grappled with fundamental rights and equivalent protections against the backdrop of two different legal systems and traditions. We applaud the tireless efforts of policy makers and regulators.

At this key moment, it’s worth taking a step back and looking at this from a different perspective. Zooming in on approaches to privacy, trust and the roles of government and industry: what are consumers thinking?

The pros and cons of data localisation

The primary impact of the Schrems II decision, despite the continued validity of other mechanisms paired with additional safeguards, was to cast doubt over EU-US transfers and exacerbate the trend towards data localisation in the EU. It’s the reason why the efforts to create a new framework have been so determined.

Shortly after the Executive Order came out, Cisco published our annual Consumer Privacy Survey, asking for the first time what citizens thought about data residency. It turns out that the idea of having personal data processed in its area of origin is met with broad consumer support, with almost 80% of respondents being in favour.

But delve a little deeper and the picture is more nuanced.  That support is cut in half when consumers become aware that localisation may bring additional costs. Depending on the service or operation, those costs are not only in terms of price but also function, innovation and security features. The Cisco Data Privacy Benchmark Study showed that 88% of organisations confirm data localisation requirements add significant costs to their operations.

There is a place for localised solutions according to specific needs and sensitivities of different customers. After all, our portfolio helps customers and partners build national and private clouds, and we are offering data localisation for European customers with Webex, the videoconferencing platform of choice for governments across the world. But we also need to recognise the trade-off – and that it’s not good public policy to encourage data residency on a blanket basis.

Data transparency is key

So what do consumers want? The results from the survey are unequivocal for companies: being transparent is the most important thing an organisation can do to help earn consumer trust. Eighty-one percent of respondents said the way businesses handle their data reflects how those companies view and respect them as customers. And 76% said they won’t buy from a company they don’t trust.

With the adoption of the General Data Protection Regulation (GDPR), the European Union took a step towards giving more power to consumers. And rightfully so. Cisco’s survey shows citizens are willing to act on their privacy rights, with more than 30% of consumers having already switched companies or providers over their data practices or policies.

Getting privacy ‘right’ takes a multi-disciplinary village of lawyers, engineers, programme managers, process owners, privacy specialists, operations leaders, and more.

Rather than treat privacy as a burden, organisations that respect privacy as a fundamental human right and prioritise it as a business imperative see how privacy now serves as a competitive differentiator. The Cisco 2022 Data Privacy Benchmark Study found 90% of businesses believe privacy to be mission critical and generates positive return on investment.

Our own efforts to provide greater transparency include our Trust Center where customers, stakeholders and the public at large can access Privacy Data Sheets and Data Maps that shed light on our processing activities and privacy-related controls.

And we continue to innovate ways to improve customers’ ability to understand and act on data in practice. The Webex Control Hub allows users to see where their data is located, move their data, and control it, for example to delete users’ Webex Meetings host and usage information.

Making it work

Cisco’s 2022 Consumer Privacy Survey reveals that compliance isn’t enough. Customer trust depends on transparency.

While companies have an important role to play, consumers also value oversight from their government. Privacy laws continue to be seen extremely favorably around the world, with 61% of respondents saying their country’s privacy laws have had a positive impact. With privacy laws enacted in more than 130 countries, consumers are more willing to act to protect their data and their privacy.

And while we welcome the concerted efforts to adopt the EU-US Data Privacy Framework, the fact that we’re in this position in the first place is a timely reminder that when putting forward data privacy regulatory frameworks, governments should strive for legal certainty; enabling businesses to thrive and consumers to reap the full benefits of digital transformation in a trusted way.

To find out more about the Cisco Consumer Privacy Survey, visit https://newsroom.cisco.com/c/r/newsroom/en/us/a/y2022/m10/consumers-want-more-transparency-on-how-businesses-handle-their-data-cisco-survey.html


Chris Gow

Senior Director, EU Public Policy

Government Affairs