[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[FYI] Data Protection and the US - latest developments


-------------------------------- CUT --------------------------------

                Data Protection and the US - latest developments

                Substantial progress on arrangements for protection of
                personal data transferred from the EU to the United
                States was made at the 28 May meeting in Brussels
                between John Mogg, European Commission Director
                General for the Internal Market and Financial
                Services, and David Aaron, US Under Secretary of
                Commerce. The objective was to try to resolve
                outstanding differences in time for the EU/US Summit
                on 21 June However, important differences remain on
                various elements of the package under consideration,
                which will aim to facilitate the flow of data while
                ensuring it enjoys "adequate" protection in accordance
                with the requirements of the EU's Data Protection
                Directive (95/46/EC). At this stage the two sides do
                not know if it will be possible to conclude their
                dialogue in time for the Summit. They agreed to remain
                in close contact over the coming days, however, and
                will continue to work to meet the target date of 21

                The "safe harbor" arrangement which is under
                discussion will provide a predictable framework for
                transfers of personal data from the EU to US companies
                or organisations which adhere to a set of principles
                to be issued by the Department of Commerce. On the EU
                side, the principles would be met by a decision
                recognising that they represented an "adequate
                protection" standard, as required by the EU Data
                Protection Directive for transfers of personal data to
                third countries. A formal decision under the Directive
                (Article 25.6) to approve the "safe harbor" principles
                as providing "adequate protection" would require the
                support of a qualified majority among the Member

                To complete the framework, it is necessary to have, in
                addition to the principles themselves, a clear
                understanding on how the "safe harbor" would work. The
                focus of discussions has now shifted to these
                additional questions, some of which have been resolved
                (for example, the Department of Commerce will maintain
                a list of organisations that have signed up to the
                "safe harbor" principles, so there will be certainty
                about who is entitled to "safe harbor" benefits) and
                some have not (for example, how long should US
                companies have to sign up to the "safe harbor" and
                implement the principles).

                The package as a whole is designed:

                     to provide guidance to companies and other
                     organisations in the US who want to meet the
                     "adequate protection" standard provide the
                     necessary legal certainty for those adhering to
                     the agreed standard that their data transfers
                     will not be interrupted and create thereby a more
                     predictable and less administratively burdensome
                     framework, ensuring high data protection
                     standards for data transfers to the US. 

                The key feature of the "safe harbor" approach is that
                it creates a bridge between the EU's legislative
                approach to data protection and that of the US, which
                - while having considerable legal underpinning -
                relies mainly on self-regulation.

                The Commission will consult Member States on the
                current state of play in the dialogue with the US at
                meetings scheduled on 10 and 14 June in the framework
                of the Committee established under Article 31 of the
                Directive. The issue will also be discussed with the
                advisory group of Member States' data protection
                commissioners (Article 29 Committee) on 7 June.

                Date: 31 May 1999
                For further details: E1@dg15.cec.be

-------------------------------- CUT --------------------------------