E.U.-U.S. Privacy Pact Finalized

greenspun.com : LUSENET : Grassroots Information Coordination Center (GICC) : One Thread

E.U.-U.S. Privacy Pact Finalized By Robert MacMillan, Newsbytes March 15, 2000

The European Union (EU) today confirmed that it and the US government have reached an official agreement allowing US companies to deal with businesses and individuals in EU member States, without strictly conforming to the EU's strict Privacy Directive.

This means that e-commerce between the EU and the US will not be cut off because of the US government's desire not to force American companies to submit to EU-generated data protection laws.

An administration official said that negotiations formally are over, though discussions on implementation of the rules must continue.

The official also said there is continuing uncertainty about how to treat banks under the agreement - something he said was like "trying to paint a moving train" - likely will not require a separate accord, contrary to earlier wire reports.

Today's official word from Brussels follows up on an agreement in principle that was reached several weeks ago, which would allow commerce to continue under the heretofore conflicting European ideology of regulating privacy standards. The US position is that industry self-regulation works best.

EU companies soon will be able to send data transfers to the US under the agreement, and if personal data is misappropriated or misused by a US company, the Federal Trade Commission can get involved. The US official noted that EU member state data protection authorities still also retain power in this arrangement.

An EU spokesperson told Newsbytes that more talks are under way to clarify some remaining issues remaining between the EU and US, but that agreements generally have been reached on all the outstanding subjects that have made the privacy accord debate into a two-and-a-half-year struggle.

"They say that both sides feel that they are in a position to meet their objectives... (and) completing the set of documents which will be submitted for consultation on both sides prior to the formal adoption procedures," said EU Spokesperson Ella Krucoff in Washington.

The two sides hope to release official documentation as early as Friday, and to begin implementation of the agreement after government review. The principles that would allow official e-commerce data transfers would be reviewed in mid-2001.

There were several outstanding issues that dogged the talks between EU negotiator John Mogg and Commerce Undersecretary David Aaron - chiefly the US insistence that banks be allowed to join the proposed Safe Harbor agreement, which US companies would adopt in order to participate in e-commerce with EU companies and consumers.

The US said that the banks should be able to participate without passing the Safe Harbor test because of their compliance with forthcoming privacy rules set up by recently adopted financial services modernization legislation, but the EU was unwilling to accept this.

"The main challenge is how to find ways to fit the new Financial Services Modernization Act into the Safe Harbor and how to make it work," the US official said. "We continually ran up against the fact that we were trying to paint a moving train."

The official noted that the financial services language still must be finalized, which will take until May, and referred to President Clinton's own recent announcement that he would make good on his promise to release a legislative proposal that puts more meat on the bones of what some privacy advocates have labeled shoddy financial privacy provisions in the bill.

"We kind of put that on a second track," he said. "(But) our view is to try to bring it into the Safe Harbor in an appropriate way."

In the meantime, financial institutions will be covered by the general standstill arrangement that has let EU and US companies do business during the last two-plus years of talks.

Krucoff said that both sides "want to bring the advantages of Safe Harbor to the financial services sector, and that more time is needed for the further examination of recent developments in US laws."


-- Jen Bunker (jen@bunkergroup.com), March 15, 2000

Moderation questions? read the FAQ