privacy trade war
Attila T. Hun
attila at hun.org
Thu Feb 19 09:30:15 PST 1998
FUD: Forwarded at 980219:171500 +0000 by Attila T. Hun <attila at hun.org>
-----BEGIN PGP SIGNED MESSAGE-----
Europe, U.S. try to head off privacy trade war
BRUSSELS, Belgium (Reuters) - U.S. companies doing business
in Europe are nervously counting the days to what they fear
could be a new trans-Atlantic showdown.
Oct. 24 is the deadline for the 15 European Union nations
to implement a tough law designed to protect citizens from
computer-age invasions of privacy. The law gives
individuals broad rights to know, and in some cases control,
how information about their buying habits, credit ratings,
health, political affiliations and other characteristics is
The problem, which has been consuming increasing amounts of
attention in Brussels and Washington, is that it also allows
governments to block exports of personal information to
third countries that do not provide "adequate" protection.
The United States is scrambling to show that it does not
fall into that category even though it prefers industry
self-regulation to strict government controls.
"It's clear that the EU has a law with a sort of
centralized government-led approach that they have to
follow," a U.S. official said. "We don't have such an
approach and we're not going to be taking such an
Washington argues that industry codes of conduct are an
effective way to guard against misuse of data -- a stance
that critics say does not appreciate the historical reasons
Europe wants the right to privacy enshrined in law.
"The difference between the United States (and Europe) is
that the smell of fascism is still thick in the air in
Europe," said Simon Jones, founder of the British-based
global coalition Privacy International, which supports the
The conflict has raised fears that the two sides are heading
for confusion at best and a bruising trade battle at worst
once the EU law takes effect.
"Every time we meet this comes up because the potential
risk is quite large," the U.S. official said.
The EU data protection directive, adopted after much
controversy in 1995, aims to protect information traveling
over electronic networks including the Internet from abuse
by potential "Big Brothers."
It also aims to ensure that public agencies, banks, mail
order firms, multinationals and others can send data across
Europe without fearing it will be blocked by differences in
national privacy laws.
It gives individuals the right to know what data has been
collected, to prevent details from being handed over to
third parties such as direct marketers, to file complaints
about the misuse of data with a national authority and to
win compensation for damages.
The sticking point for Washington is Article 25, which
requires governments to bar organizations from transferring
personal data to third countries that do not "ensure an
adequate level of protection." Since U.S. law does not
mandate the controls required by the EU directive, companies
fear the country will be blacklisted.
"This disruption of trade would have an enormous impact on
data flows required for electronic commerce," the EU
Committee of the American Chamber of Commerce, which lobbies
for U.S. business on EU issues, said in a policy paper.
Washington has responded to the threat by pushing its
business sectors to draw up codes of conduct with teeth. It
has set a July 1 deadline for assessing whether that
approach will work, the American official said.
Industry sources say government officials have urged them to
draw up codes bolstered by consumer notices, effective
enforcement and outside audits -- or face continued pressure
from the EU and home-grown privacy activists.
"The hope is there will be a self-regulatory solution
strong enough to give the U.S. the opportunity to say,
'Look what we've done' and the Europeans to say, 'They've
complied, we can back off,"' Mark Kightlinger, a lawyer at
Covington & Burling in Brussels who is following the issue,
Many U.S. companies already have privacy policies and some
sectors have been forced to strengthen their protection
under pressure from the Federal Trade Commission.
For example, a group of leading American computer database
companies that was under fire for releasing Social Security
The American Electronics Association says it is among
industry groups that are debating how to formulate a code of
The European Commission, the EU executive said, has assured
the United States that it does not envisage a blanket ban on
data transfers to the United States, even under the status
Commission President Jacques Santer said in a letter to the
EU Committee that the law allowed for "ad hoc solutions"
and a "case by case" approach. But he said codes of
conduct alone were not enough. "There is a need for
sanctions and individuals must have guaranteed access to
their personal data and a means of redress if their rights
are violated," he said.
A working party of EU national regulators echoed that
message when it issued a paper in January outlining criteria
for effective self-regulation in third countries.
"Self-regulation as such is not a very explicit term," a
commission official said. "Does it mean self-regulation,
we don't do anything? Or do we inform consumers about our
privacy policies and provide a right of access and
Some say the EU-U.S. conflict highlights the need for a
global approach to data privacy. Some international
organizations have already taken up the question such as the
29-member Organization for Economic Cooperation and
Development and the International Chamber of Commerce.
Santer argued in his letter that the Geneva-based World
Trade Organization was the appropriate forum.
_________________________ NOTICE ______________________
In accordance with Title 17 U.S.C. Section 107, this
material is distributed without profit to those who have
expressed a prior interest in receiving the included
information for research and educational purposes.
-----BEGIN PGP SIGNATURE-----
Comment: No safety this side of the grave. Never was; never will be
-----END PGP SIGNATURE-----
More information about the cypherpunks-legacy