• Recommend:
• 0 Comments

Europe, U.S. Agree on Privacy Policy

Following lengthy negotiations, European Commission agrees to recognize voluntary U.S. standards.

By Elizabeth de Bony, IDG News   

In 1995 the European Union adopted legislation stipulating that personal data from databases maintained in the EU could only be transmitted to countries that respected similar standards of data privacy.

Now the EU has recognized the United States' so-called safe-harbor principles as representing adequate protection under the EU's data privacy directive.

The safe harbor principles require that a company seek explicit agreement from people before transferring their personal data to another company. The principles, like the EU directive, also give people reasonable access to personal data to review and possibly correct it. They also require organizations using personal information to "take reasonable precautions to protect it from loss, misuse, and unauthorized access, disclosure, alteration, and destruction," according to EU documents.

However, adherence to the safe harbor principles in the U.S. is essentially voluntary and self-monitoring, since the principles have not been codified into U.S. law, as has been done in the EU. (See "Europeans Want U.S. to Honor Net Users' Privacy.")

Key for U.S.-Europe Data Transfer

The decision on safe harbor will make transfers of data for both EU and U.S. businesses simpler and provide a framework within which personal data transferred to the U.S. from Europe will be better protected, says Frits Bolkestein, internal market commissioner. He called the decision "a very positive development."

Although earlier this year, the Commission reached an agreement with the United States that a system based on safe harbor principles did represent adequate levels of privacy, the European Parliament voted otherwise earlier this month, prompting short-lived concern that the agreement might have to be renegotiated. The European Parliament opinion is, however, nonbinding, so while agreeing to transmit the Parliament's concerns over data privacy standards to the Clinton administration, the European Commission has decided to approve the safe harbor principles, sources said.

The safe harbor provision will be "fully up and running by November," the Commission said in the statement. Similar decisions were also announced for data privacy regimes in Switzerland and Hungary.

The Commission also announced that it has held discussions with several other non-EU countries, notably Australia, Canada, and Japan, and will shortly start the process of determining whether Canada's new privacy law provides "adequate protection."

James Niccolai in London contributed to this report.