U.S.-EU Privacy Pact Needs More Work
U.S. Commerce undersecretary David L. Aaron and John Mogg, director general of international market and financial services for the European Commission, "had a day and a half of very good meetings, both in terms of atmosphere and accomplishments," Aaron said.
"It's fair to say that we have made progress in virtually all of the areas of subject matter," he said. However, both parties need to do more homework on several issues, "specifically on those regarding an access and enforcement mechanism that we have been discussing."
The safe harbor proposal allows the continued free flow of personal information about Europeans to U.S. companies since new privacy rules have been developed in Europe prohibiting this activity. Under the Directive on Data Protection, 15 EU member countries prohibit the transmission of names, addresses and other personal data about European citizens to any country with regulations that fail to provide adequate data protection on personal information, including the United States.
The safe harbor principles urge U.S. companies to:
* Tell European consumers what information is being collected and how it will be used.
* Give individuals the right to decide if the information is to be given and how it should be used.
* Provide individuals with reasonable access to the information and let them correct inaccuracies.
* Provide access to independent entities to resolve disputes with companies facing unspecified consequences for violating the guidelines.
"We've narrowed the gap in terms of the well-known difficulties we have been discussing, but we've got to see how all of the various elements that we have been discussing come together," Mogg said.
When asked if he was satisfied with the safe harbor principles, Mogg said, "We have taken an important step, recognizing that self-regulation -- which typifies, but not exclusively, the U.S. situation -- is a way toward achieving adequate levels of protections. As somebody once said, the devil is in the details, and we will have to see how the safe harbor principles actually turn out."
Aaron and Mogg will meet again the week of April 5 and hope to come up with a document by the end of April, in time for a twice-yearly summit meeting between the United States and the EU.
America Online Inc., Walt Disney Co. and other U.S. companies have questioned how the guidelines will be enforced and what it will cost to implement them. Other business leaders are concerned that their consent to self-imposed restrictions abroad might be interpreted as an endorsement of similar legislative restraints in the United States.
"We are supportive of the idea of trying to create a safe harbor," said Andrew Weinstein, a spokesman for AOL, Dulles, VA. "But, as the process goes on, we want to make sure that the details of it work for us and that they promote the growth of the industry."
In a speech at the Information Technology Association of America's annual IT Policy Summit last week, Aaron said the negotiations are intended to ensure the continued flow of data, not to set precedents for data handling in the United States.
"Safe harbor principles have been developed and are aimed at a specific situation -- reassuring the Europeans that their privacy, according to their standards, would be protected in their transactions with American subscribers to the principles," Aaron told the audience, which consisted of government relations professionals and corporate CEOs. "In no way does the U.S. government intend for these safe harbor principles to be seen as precedents for any future changes in the U.S. privacy regime."
Meanwhile, Mogg's role won't be affected in the wake of last week's announcement that all 20 EU commissioners resigned in a fraud scandal.
"The European Union and commission continues with its day-to-day work and activities," said EU spokeswoman Ella Krucoff. "The old commission will continue to oversee its duties until a new commission is appointed."