[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[FYI] EU/US- Data protection dialogue - 14 June meeting


-------------------------------- CUT --------------------------------

                EU/US- Data protection dialogue - 14 June meeting of 
                EU Member States

                EU Member State representatives discussed the latest
                state of the dialogue on data protection between the
                European Commission and the US Department of Commerce
                at an all day meeting on 14 June of the Committee set
                up under Article 31 of the EU's Data Protection
                Directive (95/46/EC). The Commission, chairing the
                meeting, informed the Member States that the two sides
                had concluded that it was not possible to reach
                agreement on all aspects of the "safe harbor"
                arrangements under discussion in time for the EU/US
                Summit on 21 June, as previously intended.

                The Committee welcomed the progress made throughout
                the dialogue and in particular as a result of the most
                recent meetings with the US side, including the 28 May
                meeting in Brussels between John Mogg, European
                Commission Director General for the Internal Market
                and Financial Services, and David Aaron, US Under
                Secretary of Commerce. The Committee took the view
                that a number of points require further work to bring
                the dialogue to a successful conclusion. These are
                linked in particular to various aspects of
                enforcement. The Commission will convey the
                Committee's views to the US Department of Commerce.

                The Committee encouraged the Commission to continue
                its efforts and indicated its support for the broad
                shape of the arrangements under discussion. The
                Committee confirmed its willingness to examine the
                outstanding issues with a view to finalising the
                arrangements as soon as possible.

                The nature of the package is that nothing is agreed
                until everything is in place. This said, the main
                focus of discussion is a number of points that concern
                the structure of the arrangements, the way they will
                work and the time to implement effectively the
                principles. The arrangements have to meet both the
                goals of the dialogue - providing security for data
                flows, and safeguarding the right of individuals to
                high data protection standards.

                The "safe harbor" arrangement which is under
                discussion will provide a predictable framework for
                transfers of personal data from the EU to US companies
                or organisations which adhere to a set of principles
                to be issued by the Department of Commerce. On the EU
                side, the principles would be met by a decision
                recognising that they represented an "adequate
                protection" standard, as required by the EU Data
                Protection Directive for transfers of personal data to
                third countries. A formal decision under the Directive
                (Article 25.6) to approve the "safe harbor" principles
                as providing "adequate protection" would require the
                support of a qualified majority among the Member

                To complete the framework, it is necessary to have, in
                addition to the principles themselves, a clear
                understanding on how the "safe harbor" would work. The
                focus of discussions has now shifted to these
                additional questions, some of which have been resolved
                (for example, the Department of Commerce will maintain
                a list of organisations that have signed up to the
                "safe harbor" principles, so there will be certainty
                about who is entitled to "safe harbor" benefits) and
                some have not (for example, how long should US
                companies have to sign up to the "safe harbor" and
                implement the principles).

                The package as a whole is designed:

                     to provide guidance to companies and other
                     organisations in the US who want to meet the
                     "adequate protection" standard provide the
                     necessary legal certainty for those adhering to
                     the agreed standard that their data transfers
                     will not be interrupted and create thereby a more
                     predictable and less administratively burdensome
                     framework, ensuring high data protection
                     standards for data transfers to the US. 

                The key feature of the "safe harbor" approach is that
                it creates a bridge between the EU's legislative
                approach to data protection and that of the US, which
                - while having considerable legal underpinning -
                relies mainly on self-regulation.

                The issue was also discussed with the advisory group
                of Member States' data protection commissioners
                (Article 29 Committee) on 7 June. The Committee issued
                an opinion on the status of "frequently asked
                questions", part of the "safe harbor" package.


-------------------------------- CUT --------------------------------