Search /
Docfinder:
Advanced search  |  Help  |  Site map
RESEARCH CENTERS
SITE RESOURCES
Click for Layer 8! No, really, click NOW!
Networking for Small Business
TODAY'S NEWS
Online users becoming less anxious over security, privacy
Windows exploit code coming
Patch Tuesday: What the experts say
Cisco says it may drop Tandberg
Cisco crafting telepresence Rosetta Stone
Facebook groups disrupted but not hijacked, Facebook says
NASA brings chemical sensor to iPhone
Cisco warns UC users of limited support for Windows 7
Novell adds debugger to Mono to help Windows apps get to Linux
Firefox, five years out of Phoenix's ashes, aims at mobile, video, offline
Twitter, LinkedIn link up on tweets
Microsoft, Novell say alliance still bearing fruit
VMware bolsters desktop virtualization product
Microsoft Exchange set; SharePoint, OCS to follow
Veterans agency looks beyond EMC for multi-million storage deal
Applications /

EU-U.S. privacy deal rotten, observers say

Today's breaking news
Send to a friendFeedback

By Rebecca Sykes and Elizabeth de Bony
IDG News Service, 03/15/00

European and U.S. negotiators this week finalized an agreement on data privacy that puts to rest a simmering trans-Atlantic dispute over data protection, but U.S. observers say the accord underscores that Europeans have far more privacy protection than Americans.

After more than two years of talks, negotiators announced at a press conference in Brussels that the U.S.'s largely self-regulatory system based on so-called safe harbor principles represents "adequate protection" as defined and required by the rules of the European Union on the transfer of personal data outside the EU.

"The U.S. safe harbor principle meets the test of adequacy as required by the [privacy] Directive," said John Mogg, director general of the European Commission's Internal Market Directorate.

Under safe harbor principles a U.S. company can, for example, only transfer or sell personal data to another company with the explicit agreement of the subject of the data. The safe harbor principles also allow EU citizens reasonable access to their personal data to review and possibly correct it and require adequate enforcement to ensure proper compliance. Companies wishing to adhere to the principles will sign up with the Department of Commerce and be placed on a database available to the public over the Internet.

But several observers said that the EU's agreement that the safe harbor principles afford adequate protection is largely meaningless because the first time there is a challenge to the safe harbor principles, the case goes to the national court of the citizen making the charge, and individual EU nations typically have strict privacy laws.

For example, a citizen of the U.K. who objects to how his or her data was treated in the U.S. takes the case to a U.K. court and follows U.K. law on this issue, according to Simon Davies, director of Privacy International, a London watchdog group. "And that is so in each country, which is why this whole negotiation has been a farce," Davies said.

A U.S. observer agreed.

"It's an exercise in futility, because Europeans still have their rights under their national laws," said Evan Hendricks, editor and publisher of Privacy Times, a Washington, D.C., newsletter.

Those national laws are much stricter than the safe harbor principles, which are "thoroughly inadequate in every respect," Davies said.

But however deficient Europeans find the safe harbor principles, they are more protection than Americans have currently, U.S. observers said. The final version of the safe harbor principles has not yet been announced, but they do not apply to Americans, which highlights a real paradox, they said.

Unless they have been changed, the safe harbor principles apply to the export of data on Europeans to the U.S. and not to Americans' data held by American companies, said Barry Steinhardt, associate director of the American Civil Liberties Union in New York.

"It seems plain that Europeans who deal with American companies are going to have greater protection than Americans," Steinhardt said.

The safe harbor principles also mandate that the U.S. Federal Trade Commission expedite complaints by EU citizens about how their data was handled in the U.S., processing them faster than complaints from U.S. citizens, several observers said. The ensuing system, whereby a U.S. government agency gives preference to complaints from noncitizens, is peculiar, they said.

"One of the linchpins of this whole agreement is now the FTC and it is going to become an aggressive pit bull for the privacy rights of Europeans," Hendricks said.

The agreement reached today, which must be approved by the 15 member states of the EU and the Strasbourg European Parliament, does not include financial services - an apparently major gap in the agreement.

"Financial services are not excluded; they are simply not yet included," explained David Aaron, U.S. under secretary of commerce for international trade. This means that financial service companies can still voluntarily agree to sign up to safe harbor principles. However, in view of the ongoing modernization of the U.S. banking sector, the EU might require or accept separate provisions for the sector in the future, once the reform is finalized.

"We agreed that including the financial services now would be like painting a moving train," Mogg said. Aaron pointed out that implementing regulations for the U.S.'s Financial Modernization Act are not expected before May, when President Bill Clinton has also announced plans to propose specific legislation guaranteeing privacy in the financial services sector.

At issue is an EU directive that took effect in October 1998 to ensure the free flow of data across the 15 member states by establishing a high standard of data privacy. This directive also required that data could be sent outside the EU only to those countries that had an adequate level of protection. Failure to fulfill this requirement could theoretically lead to the EU blocking data flows.

Negotiations with the U.S. have been plagued by EU concerns that the largely voluntary systems of data privacy in the U.S. could not meet the legislative requirements of the EU Directive. Today's accord means that the EU has agreed with the U.S. claim that safe harbor principles will achieve high levels of protection.

But most observers charged the U.S. and the EU with playing politics, including Davies.

"This is to do with stabilizing trust in trade and investment and has nothing to do with privacy protection," Davies said.

Hendricks charged U.S. and EU officials with ignoring the will of the people, who have a legitimate interest in protecting their privacy.

"You've heard of business to business? This is government to government, ... even though the subject is people's personal data," Hendricks said.

Nonetheless, several observers, including Hendricks, expressed confidence that strong U.S. privacy protections would eventually be established. As consumers discover more and more error-ridden credit reports and an increase in personal information showing up in unwanted places, they will push for reform, just as they did with the Fair Credit Reporting Act, which restricts the sharing of consumer data with third parties, according to Hendricks.

"Ultimately, it's a human rights issue in the information age," Hendricks said.

RELATED LINKS

The perils of privacy
Network World, The Power Issue.

Privacy pointers
Network World E-commerce Newsletter, 02/28/00.

U.S. cyberattack protection plan draws criticism
InfoWorld, 02/02/00.

Privacy, schmivacy
Network World, 03/13/2000.

EU and U.S. extend data privacy negotiations
IDG News Service, 12/21/99.

Citing privacy concerns, European advisory group to consider Pentium III ban
IDG News Service, 11/29/99.


NWFusion offers more than 40 FREE technology-specific email newsletters in key network technology areas such as NSM, VPNs, Convergence, Security and more.
Click here to sign up!
New Event - WANs: Optimizing Your Network Now.
Hear from the experts about the innovations that are already starting to shake up the WAN world. Free Network World Technology Tour and Expo in Dallas, San Francisco, Washington DC, and New York.
Attend FREE
Your FREE Network World subscription will also include breaking news and information on wireless, storage, infrastructure, carriers and SPs, enterprise applications, videoconferencing, plus product reviews, technology insiders, management surveys and technology updates - GET IT NOW.
* HOME    * RESEARCH CENTERS     * NEWS     * EVENTS

Contact us | Terms of Service/Privacy | How to Advertise
Reprints and links | Partnerships | Subscribe to NW
About Network World, Inc.

Copyright, 1994-2006 Network World, Inc. All rights reserved.