FUD: Forwarded at 980219:171500 +0000 by Attila T. Hun <attila@hun.org> -----BEGIN PGP SIGNED MESSAGE----- Europe, U.S. try to head off privacy trade war _________________________________________________________________ BRUSSELS, Belgium (Reuters) - U.S. companies doing business in Europe are nervously counting the days to what they fear could be a new trans-Atlantic showdown. Oct. 24 is the deadline for the 15 European Union nations to implement a tough law designed to protect citizens from computer-age invasions of privacy. The law gives individuals broad rights to know, and in some cases control, how information about their buying habits, credit ratings, health, political affiliations and other characteristics is used. The problem, which has been consuming increasing amounts of attention in Brussels and Washington, is that it also allows governments to block exports of personal information to third countries that do not provide "adequate" protection. The United States is scrambling to show that it does not fall into that category even though it prefers industry self-regulation to strict government controls. "It's clear that the EU has a law with a sort of centralized government-led approach that they have to follow," a U.S. official said. "We don't have such an approach and we're not going to be taking such an approach." Washington argues that industry codes of conduct are an effective way to guard against misuse of data -- a stance that critics say does not appreciate the historical reasons Europe wants the right to privacy enshrined in law. "The difference between the United States (and Europe) is that the smell of fascism is still thick in the air in Europe," said Simon Jones, founder of the British-based global coalition Privacy International, which supports the EU approach. The conflict has raised fears that the two sides are heading for confusion at best and a bruising trade battle at worst once the EU law takes effect. "Every time we meet this comes up because the potential risk is quite large," the U.S. official said. The EU data protection directive, adopted after much controversy in 1995, aims to protect information traveling over electronic networks including the Internet from abuse by potential "Big Brothers." It also aims to ensure that public agencies, banks, mail order firms, multinationals and others can send data across Europe without fearing it will be blocked by differences in national privacy laws. It gives individuals the right to know what data has been collected, to prevent details from being handed over to third parties such as direct marketers, to file complaints about the misuse of data with a national authority and to win compensation for damages. The sticking point for Washington is Article 25, which requires governments to bar organizations from transferring personal data to third countries that do not "ensure an adequate level of protection." Since U.S. law does not mandate the controls required by the EU directive, companies fear the country will be blacklisted. "This disruption of trade would have an enormous impact on data flows required for electronic commerce," the EU Committee of the American Chamber of Commerce, which lobbies for U.S. business on EU issues, said in a policy paper. Washington has responded to the threat by pushing its business sectors to draw up codes of conduct with teeth. It has set a July 1 deadline for assessing whether that approach will work, the American official said. Industry sources say government officials have urged them to draw up codes bolstered by consumer notices, effective enforcement and outside audits -- or face continued pressure from the EU and home-grown privacy activists. "The hope is there will be a self-regulatory solution strong enough to give the U.S. the opportunity to say, 'Look what we've done' and the Europeans to say, 'They've complied, we can back off,"' Mark Kightlinger, a lawyer at Covington & Burling in Brussels who is following the issue, said. Many U.S. companies already have privacy policies and some sectors have been forced to strengthen their protection under pressure from the Federal Trade Commission. For example, a group of leading American computer database companies that was under fire for releasing Social Security and other information drew up a privacy policy in December. The American Electronics Association says it is among industry groups that are debating how to formulate a code of conduct. The European Commission, the EU executive said, has assured the United States that it does not envisage a blanket ban on data transfers to the United States, even under the status quo. Commission President Jacques Santer said in a letter to the EU Committee that the law allowed for "ad hoc solutions" and a "case by case" approach. But he said codes of conduct alone were not enough. "There is a need for sanctions and individuals must have guaranteed access to their personal data and a means of redress if their rights are violated," he said. A working party of EU national regulators echoed that message when it issued a paper in January outlining criteria for effective self-regulation in third countries. "Self-regulation as such is not a very explicit term," a commission official said. "Does it mean self-regulation, we don't do anything? Or do we inform consumers about our privacy policies and provide a right of access and rectification?" Some say the EU-U.S. conflict highlights the need for a global approach to data privacy. Some international organizations have already taken up the question such as the 29-member Organization for Economic Cooperation and Development and the International Chamber of Commerce. Santer argued in his letter that the Geneva-based World Trade Organization was the appropriate forum. _________________________ NOTICE ______________________ In accordance with Title 17 U.S.C. Section 107, this material is distributed without profit to those who have expressed a prior interest in receiving the included information for research and educational purposes. _______________________________________________________ -----BEGIN PGP SIGNATURE----- Version: 2.6.3i Charset: latin1 Comment: No safety this side of the grave. Never was; never will be iQBVAwUBNOxqILR8UA6T6u61AQFcdgIApku3mtLjUenuYQV9tPwev/dbZrcDEeKa Lp/tOlfU5psEeHmcTtA2ltSLwFgZX9dD//41Cll9txi7BfbDOC0YQg== =8FJW -----END PGP SIGNATURE-----