U.S., EU Seek Privacy Agreement by October

Share this article:
BRUSSELS/WASHINGTON - After failing to reach agreement on data protection in time for the June 21 EU-U.S. summit in Bonn, the European Union and the United States expect to wrap up a pact after the summer break, perhaps by October.


The EU and the U.S. issued a statement June 23 noting that enough progress had been made on the so-called "safe harbor" provisions to finalize the pact in autumn. So long as discussions continue, the flow of data from Europe to the U.S. will not be interrupted.


A joint report submitted to the summit said "we have made substantial progress in developing an arrangement that would provide a predictable framework for the transfer of personal data from the EU to the U.S. with adequate protection for privacy."


The report said "only a limited number of points are still at issue" about safe harbor provisions and about "frequently asked questions," meaning how the principles would be applied in practice.


EU member states "support in principle" the idea of creating "a presumption of adequate privacy protection for U.S.-based organizations that self-certify their adherence to the principles and frequently asked questions and are subject to the jurisdiction of the FTC or other body with similar statutory power."


Observers noted that "support in principle" left the door wide open for EU member opposition to the final draft. Enforcement, implementation and phase-in also remain unresolved, all issues sticky enough to take the balance of the year to resolve.


But the fact that the EU and the U.S. have agreed on what needs to be agreed on shows how far the two sides have come together, according to Charles Prescott, the DMA's international vice president.


The phase-in period may be troublesome, he conceded. The U.S. favors a two-year transition while the EU wants the agreement in force in six months.


U.S. negotiators, he added, need only point out to the Europeans that fewer than half of member states have integrated the EU's data protection directive into national law. "That should embarrass them enough to be realistic," he said.


Differences on enforcement pit U.S. demands for self-regulation against European insistence on more formal rules.


Europeans argue that the Federal Trade Commission doesn't have the necessary resources for enforcement and therefore will not provide help to EU nationals who feel a U.S. company has violated their privacy rights.


That's true, Prescott said, but it also holds for an Austrian trying to get help in a similar case from a Swedish data protection commissioner. "Indeed the FTC is more likely to take action than the Swede," he said.


Still, implementing a system for giving EU citizens relief for privacy invasions when dealing with US companies will take time.
Share this article:

Sign up to our newsletters

Follow us on Twitter @dmnews

Latest Jobs:

More in Agency

News Byte: Javelin Marketing Appoints Damron CMO

News Byte: Javelin Marketing Appoints Damron CMO

Longtime agency pro brings extensive healthcare industry experience to the agency.

John Wanamaker Is Dead, Long Live the CMO

John Wanamaker Is Dead, Long Live the CMO

A century-old motto isn't—and shouldn't be—relevant today. CMOs need to get with the times and put their customer knowledge to good use.

Unleashing the True Power of the Customer

Unleashing the True Power of the Customer

Retailers who harness customer loyalty program data can create a customer-centric competitive advantage.