[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[FYI] Data Protection and the US - latest developments
- To: debate@fitug.de
- Subject: [FYI] Data Protection and the US - latest developments
- From: Horns@t-online.de (Axel H. Horns)
- Date: Tue, 1 Jun 1999 19:51:30 +0100
- Comment: This message comes from the debate mailing list.
- Organization: Private Site
- Reply-to: horns@t-online.de
- Sender: owner-debate@fitug.de
http://europa.eu.int/comm/dg15/en/media/dataprot/news/239.htm
-------------------------------- CUT --------------------------------
Data Protection and the US - latest developments
Substantial progress on arrangements for protection of
personal data transferred from the EU to the United
States was made at the 28 May meeting in Brussels
between John Mogg, European Commission Director
General for the Internal Market and Financial
Services, and David Aaron, US Under Secretary of
Commerce. The objective was to try to resolve
outstanding differences in time for the EU/US Summit
on 21 June However, important differences remain on
various elements of the package under consideration,
which will aim to facilitate the flow of data while
ensuring it enjoys "adequate" protection in accordance
with the requirements of the EU's Data Protection
Directive (95/46/EC). At this stage the two sides do
not know if it will be possible to conclude their
dialogue in time for the Summit. They agreed to remain
in close contact over the coming days, however, and
will continue to work to meet the target date of 21
June.
The "safe harbor" arrangement which is under
discussion will provide a predictable framework for
transfers of personal data from the EU to US companies
or organisations which adhere to a set of principles
to be issued by the Department of Commerce. On the EU
side, the principles would be met by a decision
recognising that they represented an "adequate
protection" standard, as required by the EU Data
Protection Directive for transfers of personal data to
third countries. A formal decision under the Directive
(Article 25.6) to approve the "safe harbor" principles
as providing "adequate protection" would require the
support of a qualified majority among the Member
States.
To complete the framework, it is necessary to have, in
addition to the principles themselves, a clear
understanding on how the "safe harbor" would work. The
focus of discussions has now shifted to these
additional questions, some of which have been resolved
(for example, the Department of Commerce will maintain
a list of organisations that have signed up to the
"safe harbor" principles, so there will be certainty
about who is entitled to "safe harbor" benefits) and
some have not (for example, how long should US
companies have to sign up to the "safe harbor" and
implement the principles).
The package as a whole is designed:
to provide guidance to companies and other
organisations in the US who want to meet the
"adequate protection" standard provide the
necessary legal certainty for those adhering to
the agreed standard that their data transfers
will not be interrupted and create thereby a more
predictable and less administratively burdensome
framework, ensuring high data protection
standards for data transfers to the US.
The key feature of the "safe harbor" approach is that
it creates a bridge between the EU's legislative
approach to data protection and that of the US, which
- while having considerable legal underpinning -
relies mainly on self-regulation.
The Commission will consult Member States on the
current state of play in the dialogue with the US at
meetings scheduled on 10 and 14 June in the framework
of the Committee established under Article 31 of the
Directive. The issue will also be discussed with the
advisory group of Member States' data protection
commissioners (Article 29 Committee) on 7 June.
Date: 31 May 1999
For further details: E1@dg15.cec.be
-------------------------------- CUT --------------------------------