BRUSSELS – European officials are less optimistic than the Americans that agreement on data protection can be reached before the end of March despite a reported “breakthrough” on the contentious enforcement issue.
“I’ve been told that agreement has been reached,” one EU official said, “but I’ve been told that before and it hasn’t happened.”
“I think the meeting between Ambassador Aaron and Mr. Mogg in late February was a major step forward,” said another, “but we shouldn’t close the book quite yet.” Both agreed that European opposition remained strong.
The issue is the data protection directive the EU issued in 1995 and that should have been approved by all the member states on Oct. 24, 1998, but has only been implemented into national legislation by a few. The UK’s new law went into effect March 1. (see p.1)
David Aaron, the undersecretary of commerce who has been the chief US negotiator, resigns March 31 to return to private life and is understandably anxious to get the agreement signed before he leaves office.
He held talks in Brussels Feb. 21 and 22 with John Mogg, the EU’s chief negotiator. Afterwards the EU issued a press release that said “both sides reported a breakthrough on the issue of enforcement” that should make “political agreement possible.”
Two days later Aaron told a reporter that he could say a “tentative agreement” had been reached on enforcing the “safe harbor” provisions – seven principles that adherents will live by in protecting data shipped from the EU to the US.
Europeans worry that the US administration will not be tough enough in prosecuting companies who agree to the safe harbor principles and then violate them. Odds now favor that a EU majority will go along with the US position.
That would mean conclusion of a formal agreement by the March 31 deadline, a non-binding barrier. Such deadlines have been set before, however, and missed with some regularity.
But even formal agreement would not take effect immediately, although it would ban for the time being the threat that the EU or the data commissioners of member states cut off the flow of European data to US firms.
Bureaucratic hurdles remain formidable as Mogg explained in a press briefing here: “Even if we were to have complete understanding which we don’t have yet, then we would have a number of procedural and decisional routes to go through.”
These include approval by Fritz Bolkestein, the Internal market commissioner, and by the other EC commissioners, the so-called Article 31 committee representing member governments, and the European parliament.
“Not all of this can and needs to be done by the end of March,” Mogg noted, because “we have a number of procedural requirements to go through.”
Hearings on the issue before the powerful legislative affairs committee of parliament appear to have gone well, officials said, but they noted expression of strong opposition from the Italians.
Italy has adopted the toughest data protection law in the EU that goes far beyond the requirements of the EU directive. As a result the Americans tend to dismiss Italian opposition as meaningless rhetoric.
Some Europeans disagree. The head of the Italian data protection commission, Professor Rodoto, delivered a blistering attack on the US and on the safe harbor provisions at the committee hearings.
He argued that the US had no sanctions in place and if a signatory company broke its pledge nobody in the US would do anything about it.
That kind of rhetoric, officials warn, could have impact on national data protection commissioners in the member states who are at liberty to proceed against US companies they feel have broken safe harbor, whether an agreement is in place or not.
Thus the data protection commissioner for the German state of Lower Saxony told the newspaper “Die Welt,” three days after Aaron and Mogg talked breakthrough, that “wild west” conditions prevailed in the US.
“We keep hearing of cases where American companies misuse customer data to develop profiles about buying habits of special interests, and even of selling such data. That should not be allowed to happen.”
The state official, Burckhard Nedden, is in a position to move against US firms he feels have violated the directive, another reason for European doubts that the privacy agreement can go into effect quickly.