From: believer@telepath.com Subject: IP: Europe May Block Flow of Internet Data With US Date: Mon, 26 Oct 1998 09:45:04 -0600 To: believer@telepath.com Source: Christian Science Monitor http://www.csmonitor.com/todays_paper/reduced/today/intl/intl.3.html International - Monday October 26, 1998 Europe May Block Flow of Internet Data With US Peter Ford, Staff writer of The Christian Science Monitor PARIS -- Radically different American and European notions of privacy and how to protect it are threatening to curb the worldwide boom in electronic commerce. New European Union rules governing international transfers of personal data over the Internet go into effect today. They commit EU governments to strict new privacy standards in electronic databases storing citizens' personal details. And they oblige governments to block data transfers to countries that fail to uphold "adequate" privacy provisions. That, in the European Commission's view, includes the United States. Year-long efforts by senior US negotiators to convince the EU otherwise have shown how "in Europe, privacy is seen as a human right ... while the Americans are saying that the market should look after it," says Christiaan van der Valk, an expert in electronic privacy issues with the Paris-based International Chamber of Commerce. Unless European and US negotiators reach agreement, the EU directive "could have pretty severe long-term effects, hindering the extension of e-commerce and the globalization of industry generally," warns IBM spokeswoman Armgard von Reden. The new rules give European citizens the right to access personal data held on them by private corporations and to correct it if it is false. Individuals must give consent to the processing of sensitive data such as medical records or details of ethnicity. Web-site operators routinely capture personal information about users who visit their sites and sell it to direct marketing companies and other clients. "Privacy safeguards in the United States have not kept up to date," argued Marc Rotenberg, a teacher of privacy law at Georgetown University in Washington, in testimony to the US House of Representatives earlier this year. If data protection officials in European countries were to start forbidding the transfer of personal data to the US this week, or demanding individual notification of such transfers from data processors, "everything would grind to a halt," says Philip Jones, assistant registrar at Britain's Data Protection Registry, a government body. Every day companies such as airlines, banks, and insurance firms transfer millions of bits of information - like names, addresses, and phone numbers - on clients or potential customers. But "nobody is going to go down to some basement in European Union headquarters to throw a switch that will shut off all data flows on Monday morning," adds Professor Rotenberg. Only a handful of the 15 EU countries have passed the legislation to implement the Commission's directive. The Commission is still negotiating with the US on how the rules will be enforced. Washington, reluctant to legislate, is seeking EU approval for a voluntary system. US companies wishing to process Europeans' personal information would adhere to a set of principles laid down by the Department of Commerce. How they would be enforced, however, and how European citizens could seek redress for any grievances, is not yet clear. Alternatively, US negotiators are suggesting companies could join systems such as the Online Privacy Alliance, set up by IBM and Time-Warner, among others. Members commit themselves to respect the alliance's privacy standards and to submit to checks by Trust-e, an independent verification organization. Data-importing companies in the US could also sign contracts with the exporter, pledging to treat information with the same degree of confidentiality it would enjoy in Europe. "Most global companies are heading in this direction," says Ms. von Reden. EC officials were to meet European representatives today to discuss the American proposals and Washington's request for a 90-day extension of the application of the new rules. Nobody expects dramatic changes this week, but privacy activists are expected to test the directive as soon as it comes into force by laying a complaint against a high-profile company such as Visa International or Citigroup. At the moment, says one executive with an international financial services group, "I am not sure that anyone can say how this is all supposed to work in real life." ----------------------- NOTE: In accordance with Title 17 U.S.C. section 107, this material is distributed without profit or payment to those who have expressed a prior interest in receiving this information for non-profit research and educational purposes only. For more information go to: http://www.law.cornell.edu/uscode/17/107.shtml ----------------------- **************************************************** To subscribe or unsubscribe, email: majordomo@majordomo.pobox.com with the message: (un)subscribe ignition-point email@address or (un)subscribe ignition-point-digest email@address **************************************************** www.telepath.com/believer ****************************************************