The Commerce Department said yesterday it had reached a preliminary agreement with the European Union on implementing new privacy protection provisions that American companies will have to agree to before transferring electronic data on EU citizens across international borders.
The final agreement, which still requires approval, is designed to allow for the uninterrupted flow of information between the two continents.
Without a negotiated agreement, some American businesses have feared legal reprisals or possible trade sanctions directed at sectors of their industries for violation of EU member nation laws on the electronic transfer of their citizen’s personal data.
John Mogg, the European Union’s primary negotiating representative, has characterized the tentative agreement as fundamentally solid stating in a published report that “the basic structures of the arrangements are there.”
The terms of the accord will be fine-tuned between now and March 31 when a self-imposed deadline by both parties goes into affect. But the spirit of the agreement is expected to require that U.S. businesses collecting personal data on European citizens abide by the same information protection standards set up for companies within the 15-nation EU.
According to David Aaron, U.S. Undersecretary of Commerce for International Trade, any company that violated the regulations once in force, would be participating in what the Federal Trade Commission defines as deceptive business practices and presumably be at risk of prosecution by federal regulating agencies and some states’ Attorney General.
Privacy advocates in the U.S., however, say the agreement does not go far enough – that it does not fully establish the U.S. marketplace as a “safe harbor” for EU consumer information and electronic data.
Business groups are expected to applaud the deal, which appears to indulge a long held view in the American business community that self-regulatory measures present the best model -even if they must be partially retrofitted to accommodate the EU.