Update: U.S., EU Near Privacy Agreement

Share this content:
Offering few details, federal negotiators said they reached a preliminary agreement this week with the European Union on new privacy-protection provisions that U.S. companies must agree to before transferring electronic data on EU citizens across international borders.

The agreement, which has been in the works for more than two years and still requires approval on both sides of the Atlantic, is designed to allow for the uninterrupted flow of information between the two continents. Without a negotiated standard, some U.S. companies have feared legal reprisals or possible trade sanctions for violating EU member nations' laws on privacy.

John Mogg, the European Union's primary negotiating representative, characterized the tentative agreement as fundamentally solid, saying, "The basic structures of the arrangements are there, [but] we have a number of procedural and decisional routes to go through."

U.S. chief negotiator David Aaron, Undersecretary of Commerce for International Trade, agreed, noting that businesses collecting personal data on European citizens would generally have to abide by the protection standards set up for companies within the 15-nation EU. But Aaron, who will leave his post for the private sector at the end of March, noted the urgency of both sides to settle the details as soon as possible.

"Given this is an election year and a new administration is coming on, it could be another two years before we might even get back to the table," Aaron said, adding that details of the most recent terms will be fine-tuned between now and March 31, which is when a self-imposed deadline by both parties goes into effect. The agreement probably will require that U.S. companies support the extension of more privacy rights to European citizens than their American counterparts will like.

"The company has to give you access, has to give you notice about what they're collecting, has to give you notice and choice if they give the information to a third party and has to give you notice and choice if they use the data for a different purpose," he said.

Any business that violates the regulations once enacted would be subject to prosecution by the Federal Trade Commission and the states.

Business groups are expected to applaud the deal, which appears to indulge a long-held view that self-regulatory measures present the best model - even if they must be partially retrofitted to accommodate the EU across electronic borders.

Privacy groups, however, are already seeing loopholes, saying that what Aaron characterizes as details are actually key issues: the same ones that have always existed for U.S. companies regarding the international use of marketing information, how it will be stored and how it will be disclosed to inquiring European consumers. They also said the agreement doesn't go far enough - that it does not fully establish the U.S. marketplace as a "safe harbor" for EU consumer information and electronic data.

Marc Rotenberg, executive director of the Electronic Privacy Information Center, Washington, characterized the proposal as simply "unenforceable under U.S. law." And in Europe, Giovanni Buttarelli, head of the Italian government's data protection authority, said the accord would be far too costly to EU citizens.

"Any deal that denied Europeans control over personal data exported to the U.S. could land the case in the European Court of Justice in Luxembourg," Buttarelli was quoted as saying.

The EU's Data Protection Directive protects private information in seven key areas:

• Notice that data are being collected.

• Choice to opt out.

• Access to the information.

• Notice of transfer to third parties.

• Notice if data are to be used for purposes other than originally stated with a choice to opt out.

• Provisions for enforcement.

• Dispute resolution.

Next Article in Marketing Strategy

Sign up to our newsletters

Company of the Week

Since 1985, Melissa has helped thousands of companies clean, correct and complete contact data to better target and communicate with their customers. We offer a full spectrum of data quality solutions, including global address, phone, email, and name validation, identify verification - available for batch or real-time processes, in the Cloud or on-premise. Our service bureau provides dedupe, email/phone append and geographic/demographic append services for better targeting and insight. For direct mailers, Melissa offers easy-to-use address management/postal software, list hygiene services and 100s of specialty mailing lists - all with competitive pricing and excellent customer service.

Find out more here »

Career Center

Check out hundreds of exciting professional opportunities available on DMN's Career Center.  
Explore careers in digital marketing, sales, eCommerce, marketing communications, IT, data strategies, and much more. And don't forget to update your resume so employers can contact you privately about job opportunities.

>>Click Here

Relive the 2017 Marketing Hall of Femme

Click the image above