Commerce Department to Launch Outreach Program on Safe Harbor
Last month, EU member states approved the seven principles embodied in safe harbor guaranteeing adequate protection of data sent from EU countries to those without a privacy law.
The agreement next goes to the European Parliament, which is expected to approve it in a second reading in July. The department then issues the appropriate documents in the United States and gears up for the outreach program.
Since EU member states are given a 90-day implementation period, U.S. companies could not sign on to safe harbor much before the beginning of November, a Commerce Department official said.
Approval came after more than two years of tough negotiations between the European Commission and the Commerce Department over the privacy issue.
Enforcement was the biggest stumbling block, with Europeans fearing that the United States did not have the mechanisms in place to make sure that data would be adequately protected. Final agreement was reached in March.
The draft was then agreed to by the full commission and sent to the European parliament, the data protection commissioners in individual states and to EU member governments for approval.
The United States praised the EU decision, with Commerce Secretary William Daley calling it "a landmark accord for e-commerce" and adding that once implemented it "will enhance consumer confidence" and assure "expansion of our information economies and the thousands of jobs they generate."
Outreach was necessary, Commerce Department sources said, "because this is an issue that hasn't percolated much beyond the Beltway and big business. Most companies are simply not aware of it.
"Companies that trade with Europe, however, will take much greater interest once they are made aware of what is involved," one source said, adding, "The issue's profile is getting increasingly higher."
Thus one top Commerce Department official intimately involved in the negotiations has been asked to discuss it before a trade group in Atlanta, a key sign that the message is getting out into the country.
Commercial service offices around the United States will be involved. Officials will step up public speaking and discuss the implications for e-commerce initiatives.
Trade associations have also approached the department asking that qualified speakers hold seminars for their membership. The Direct Marketing Association has long been active on privacy and is likely to step up its activities.
Already, one Commerce Department official said, several companies have approached the department asking if they could sign on to safe harbor now and had to be turned away and asked to come back in November.
But officials warned that safe harbor was not right for every company doing business in the European Union and said they supported private sector initiatives to draft model contracts companies can conclude among themselves to assure protection of transferred data.
Indeed, U.S. negotiators made sure that the Europeans agreed to having safe harbor provisions be part of such model contracts and that the union would recognize them.
"We welcome safe harbors," said Alastair Tempest, director general of the Federation of European Direct Marketing and the industry's chief lobbyist in Brussels, "but recognize that it is not the only solution.
"It is certainly a great instrument for regular users of transatlantic data flows and gives them security from finding themselves in difficulties with European data protection authorities -- if, of course, they follow the rules which are both detailed and rigorous.
"However, for the occasional user, nothing beats a good, well-prepared contract. The International Chamber of Commerce and the U.K.'s Employers' Federation and the DMA-UK have both put forward model contracts for European authorities to approve."
"We feel ours is the better contract," said Colin Lloyd, the CEO of the British DMA. "And we plan to go ahead and use it now that the principles between the U.S. and the EU have been established."
Some Europeans worry that the recently quiescent data protection commissioners in the various EU states will now be on the lookout for "flagrant violations" so they can bring what one called "juicy cases."
"It's hard to find out about cheating since the data is digital and is transferred electronically," Lloyd said. "So I assume it will be complaint driven unless a more sophisticated monitoring system is put in place."
He said it was up to individual DMAs to keep an eye "on what is going on. We are constantly monitoring malpractice in the market place brought to our attention by DMA members."