[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[FYI] US/EU: Data privacy talks near completion


------------------------------ CUT ---------------------------------

US/EU: Data privacy talks near completion 

By Deborah Hargreaves in Brussels  

US and EU political leaders agreed at a joint summit last week to try 
to conclude their tortuous negotiations over data privacy by March. 
The talks are vital for businesses that want to see rules in place to 
protect the flow of personal data across the Atlantic.  

The dispute arose when the EU passed legislation in October 1998 
giving consumers the right to have access to personal information 
held electronically by companies. The EU directive also contained 
rules on how companies could use that data.  

The US has no similar provisions, which theoretically means that EU 
data protection authorities could stop some information being sent to 
the US if they felt there was not adequate protection.  

Talks with the US on reaching some kind of common solution to the 
different levels of protection offered to consumers in the EU and US 
have been going on for 20 months. "A lot of people in business are 
getting very impatient and want to see this resolved as quickly as 
possible," said Christiaan van der Valk, of the International 
Chambers of Commerce in Paris.  

Companies are worried that if the dispute is not resolved, it could 
turn into a full-blown trade dispute and end up going through the 
World Trade Organisation procedures which would take even longer. 
"It's going to have to be resolved in the next few months, because 
patience may be running out and interest in getting this done may be 
running out," said Barbara Wellbery, counsellor to the US under-
secretary for electronic commerce.  

The EU and US negotiators are discussing a self regulatory scheme 
that US companies would sign up to, thereby committing themselves to 
a set of data protection principles. "It would give us a framework 
where now there is uncertainty, it would be good for business because 
it would simplify things and it would push upwards data protection in 
the US, but it isn't easy," said a European Commission official 
involved in the talks.  

One of the main stalling points is the way the US so-called "safe 
harbour" scheme would be policed. "There is a lot of nervousness 
amongst member states that the first line of enforcement would be 
private sector bodies in the US with business organisations acting as 
referees and no compulsory set of rules for such bodies," the 
Commission official said.  


------------------------------ CUT ---------------------------------


------------------------------ CUT ---------------------------------

Opinion 7/99 on the Level of Data Protection provided by the "Safe 
Harbor" Principles as published together with the Frequently Asked 
questions (FAQs) and other related documents on 15 and 16 November 
1999 by the US Department of Commerce  

Opinion 7/99 on the Level of Data Protection provided by the "Safe 
Harbor" Principles as published together with the Frequently Asked 
Questions (FAQs) and other related documents on 15 and 16 November 
1999 by the US Department of Commerce  

Adopted on 3 December 1999  

The Working Party on the Protection of Individuals with regard to the 
Processing of Personal Data  

Set up by Directive 95/46/EC of the European Parliament and of the 
Council of 24 October 19951,  

Having regard to Articles 29 and 30 (b) of the Directive,  

Having regard to its Rules of Procedure and in particular to Articles 
12 and 14 thereof  

Has adopted the present Opinion 7/99:  


The Working Party reaffirms its general policy on the methodology for 
assessing the adequacy of data protection in any third country, 
summarised in its Working Document of 24 July 1998 (WP 12: "Transfers 
of personal data to third countries: applying Articles 25 and 26 of 
the EU Data Protection Directive" 2).  

The Working Party has followed closely the Commission's discussions 
with the US Department of Commerce, attaches importance to them and 
considers the "Safe Harbor" approach useful. It wishes to contribute 
to the successful outcome of these discussions and considers that a 
good result depends on a number of basic concerns being met.  

In this context, the Working Party recalls that previous versions of 
the "Safe Harbor" principles and Frequently Asked Questions (FAQs) 
have been the subject of the following position papers:  

                   1.Opinion 1/99 of 26 January 1999 (WP 15); 
                   2.Opinion 2/99 of 19 April 1999 (WP 19); 
                   3.Opinion 4/99 of 7 June 1999 (WP 21) and Working
                     Document of 7 September 1999 concerning
                     some of the FAQs (not public); 
                   4.Working Document of 7 July 1999 (WP 23). 

This Opinion refers to the latest version of the "Safe Harbor" 
principles, FAQs and related documents as published on 15 and 16 
November 19993 . The Working Party regrets that, on such an important 
issue, the time left for taking a position was so short. It also 
notes that none of the documents is considered "final" and therefore 
reserves its position as regards any further development on the 

The Working Party notes that some progress has been made but deplores 
that most of the comments made in its previous position papers do not 
seem to be addressed in the latest version of the US documents. The 
Working Party therefore confirms its general concerns.  

With a view to a possible finding of adequacy, and considering the 
particular impact that such positive finding would have as a 
reference point for other third countries, the Working Party 
considers that the "Safe Harbor" should offer legal security not only 
to the US organisations but also to the EU interested parties (data 
controllers wishing to transfer data to the US, data subjects whose 
data would be transferred, data protection authorities). Since its 
Opinion 1/99, the Working Party has constantly held the view that, in 
terms of substantive content, "any acceptable set of "Safe Harbor" 
principles must, as a minimum requirement, include all the principles 
set out in the OECD Privacy Guidelines" (adopted amongst others by 
the United States and recently re-endorsed at the OECD Ottawa 
Conference in October 1998).  


------------------------------ CUT ---------------------------------