[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[FYI] EU/US- Data protection dialogue - 14 June meeting
- To: debate@fitug.de
- Subject: [FYI] EU/US- Data protection dialogue - 14 June meeting
- From: Horns@t-online.de (Axel H. Horns)
- Date: Thu, 24 Jun 1999 09:40:39 +0100
- Comment: This message comes from the debate mailing list.
- Organization: Private Site
- Reply-to: horns@t-online.de
- Sender: owner-debate@fitug.de
http://europa.eu.int/comm/dg15/en/media/dataprot/news/239.htm
-------------------------------- CUT --------------------------------
EU/US- Data protection dialogue - 14 June meeting of
EU Member States
EU Member State representatives discussed the latest
state of the dialogue on data protection between the
European Commission and the US Department of Commerce
at an all day meeting on 14 June of the Committee set
up under Article 31 of the EU's Data Protection
Directive (95/46/EC). The Commission, chairing the
meeting, informed the Member States that the two sides
had concluded that it was not possible to reach
agreement on all aspects of the "safe harbor"
arrangements under discussion in time for the EU/US
Summit on 21 June, as previously intended.
The Committee welcomed the progress made throughout
the dialogue and in particular as a result of the most
recent meetings with the US side, including the 28 May
meeting in Brussels between John Mogg, European
Commission Director General for the Internal Market
and Financial Services, and David Aaron, US Under
Secretary of Commerce. The Committee took the view
that a number of points require further work to bring
the dialogue to a successful conclusion. These are
linked in particular to various aspects of
enforcement. The Commission will convey the
Committee's views to the US Department of Commerce.
The Committee encouraged the Commission to continue
its efforts and indicated its support for the broad
shape of the arrangements under discussion. The
Committee confirmed its willingness to examine the
outstanding issues with a view to finalising the
arrangements as soon as possible.
The nature of the package is that nothing is agreed
until everything is in place. This said, the main
focus of discussion is a number of points that concern
the structure of the arrangements, the way they will
work and the time to implement effectively the
principles. The arrangements have to meet both the
goals of the dialogue - providing security for data
flows, and safeguarding the right of individuals to
high data protection standards.
The "safe harbor" arrangement which is under
discussion will provide a predictable framework for
transfers of personal data from the EU to US companies
or organisations which adhere to a set of principles
to be issued by the Department of Commerce. On the EU
side, the principles would be met by a decision
recognising that they represented an "adequate
protection" standard, as required by the EU Data
Protection Directive for transfers of personal data to
third countries. A formal decision under the Directive
(Article 25.6) to approve the "safe harbor" principles
as providing "adequate protection" would require the
support of a qualified majority among the Member
States.
To complete the framework, it is necessary to have, in
addition to the principles themselves, a clear
understanding on how the "safe harbor" would work. The
focus of discussions has now shifted to these
additional questions, some of which have been resolved
(for example, the Department of Commerce will maintain
a list of organisations that have signed up to the
"safe harbor" principles, so there will be certainty
about who is entitled to "safe harbor" benefits) and
some have not (for example, how long should US
companies have to sign up to the "safe harbor" and
implement the principles).
The package as a whole is designed:
to provide guidance to companies and other
organisations in the US who want to meet the
"adequate protection" standard provide the
necessary legal certainty for those adhering to
the agreed standard that their data transfers
will not be interrupted and create thereby a more
predictable and less administratively burdensome
framework, ensuring high data protection
standards for data transfers to the US.
The key feature of the "safe harbor" approach is that
it creates a bridge between the EU's legislative
approach to data protection and that of the US, which
- while having considerable legal underpinning -
relies mainly on self-regulation.
The issue was also discussed with the advisory group
of Member States' data protection commissioners
(Article 29 Committee) on 7 June. The Committee issued
an opinion on the status of "frequently asked
questions", part of the "safe harbor" package.
[...]
-------------------------------- CUT --------------------------------