European Union and U.S. officials said yesterday they reached a breakthrough in the data-protection negotiations on privacy-protection provisions that U.S. companies must agree to before transferring electronic data on EU citizens across international borders.
EU negotiator John Mogg said he will recommend that the EU institutions and member states approve a safe-harbor agreement that would allow U.S. firms to conduct business with Europe under strict data privacy conditions.
“We reached an important stage today,” Mogg said. “I feel ready to recommend to authorities that the safe harbor meets our criteria.”
According to officials, the agreement could be signed as early as Friday, making it possible for a trans-Atlantic deal on the issue to be concluded over the summer.
The original agreement was issued on Nov. 4, 1998, by the Department of Commerce and intended to help U.S. companies meet the European Union's Directive on Data Protection, which called for all 15 member nations to adopt common data privacy protection laws as of Oct. 24, 1998.
The United States does not have similar data-protection guidelines and relies mainly on a self-regulating system.
The data privacy law also gives EU nations the right to prevent certain information from being sent to countries that do not have adequate data protection.
Under the proposed accord, U.S. companies that agree to the safe-harbor guidelines would be regarded as being in compliance with EU privacy concerns, Mogg said.
“Safe harbors now look set to become a reality,” Mogg said. “Companies are free to join as soon as this goes into effect, around July or August.”
Despite the general agreement on data flows, the two sides did not include financial services in the safe-harbor accord because new U.S. legislation on data privacy in the sector is not in place.
“We're reserving judgment on financial services until the legislation is sorted out,” Mogg said.
David Aaron, U.S. undersecretary of commerce for international trade, added that the two sides will continue talks on financial services once new data privacy rules, which are part of the Financial Modernization Act, are in place in mid-May.