The European privacy deadline has passed, and the European Union's 15 member states have temporarily agreed not to cut off data exports, Secretary of Commerce William Daley said this week.
“The good news is this: We don't expect a shutdown in the flow of data across the Atlantic,” Daley said in Chicago at the U.S.-European Partenariat Business Conference, which promotes trade between Europe and the United States. “Members of the European Union met in Brussels and agreed not to interrupt data flows while discussions [with the United States] continue.”
Under the EU privacy directive, which called for member nations to adopt common privacy protection laws by Oct. 24, personal information about individuals in Europe can't be sent to countries that don't provide “adequate” privacy protection. While the definition of adequate isn't clear, U.S. data-exchange practices by most accounts don't meet it.
If European officials get tough on the issue, they could block trans-Atlantic data transfers by multinational companies and Internet firms. Just three countries — Sweden, Italy and Greece — have enacted laws in accordance with the directive.
“I was very surprised when I learned that so many countries were not going to meet [the directive],” said Colin Fricker who handles legislative affairs at the British DMA. “I think it's because they've all had elections. It's not a major item on which people win or lose elections, and new governments have other things to deal with before they get down to this rather boring subject of data protection.”
The United Kingdom has passed a law, but much work needs to be done before it can be implemented, Fricker said. In the meantime, data transfer out of the UK should continue unimpeded.
“It takes a lot of time to work those regulations out, and that's one reason why [implementation] is going to be delayed until the second quarter of next year. Until our new law comes in, the old law applies — and under the old law, transfer of data was not a problem,” he said, adding that he suspects the situation will be similar in the other countries.
Meanwhile, U.S. officials have been meeting with European officials to keep data flowing. “We've been working with the Europeans for months on the details. Even though we aren't finished yet, our consultations are ongoing and taking a positive turn,” Daley said.
Last week, the Direct Marketing Association released a statement applauding the Commerce Department and reiterating its stand that self regulation is key to protecting privacy.
“It is the overwhelming position of U.S. business that the voluntary compliance programs that we have developed are 'adequate' to comply with the EU directive,” said H. Robert Wientzen, president/CEO of the DMA in a letter to David Aaron, Under Secretary of Commerce.
Meanwhile, representatives of international heavy hitters like EDS have been meeting to form the Global Business Dialogue, a trade group (which will probably have 18 to 24 companies) to be devoted to swaying policies of governments around the world toward industry self regulation. The group plans to hold a conference by June in Ottawa, Canada.