EU Member Countries Approve “Safe Harbor” Pact

June 5, 2000

The agreement on data privacy between the U.S. and the EU reached last March took another step towards implementation when EU member countries approved the pact, despite objections from European consumer groups.

The agreement, which took two years to negotiate, provides a framework for the transmission of data via the Internet between EU countries and the U.S. under “safe harbor” rules, which call for U.S. companies to provide certain privacy safeguards in line with EU requirements that “adequate protection standards” be observed for transfers of personal information to non-EU member countries.

So far the accord doesn’t apply to “financial services,” including insurance, which are the subject of separate negotiations. The recently passed Gramm-Leach-Bliley Act gives a mandate to the Federal Trade Commission to implement privacy provisions in this sector. Proposals are currently under study, and could result in mandatory controls on data transfers, which are closer to the European model.

The approval means that the agreement can now be considered by the European Parliament in Strasbourg, and if approved there, will go to the European Commission for final approval and implementation. The “Safe Harbor” provisions could be in place by fall.

Although voluntary, the guidelines would constitute the first attempt by the U.S. to assure the privacy of personal information. The increasing transfer of data between companies has become a cause for concern on both sides of the Atlantic, with consumer organizations demanding that safeguards be adopted to assure that personal information remains personal. Business, however, asserts its right to collect and share information.

“What we need is a reasonable balance between consumer rights to the privacy and security of data and the legitimate interests of businesses to use that data in order to meet our customers’ goals,” John Schall of the National Business Coalition on E-Commerce and Privacy told the Associated Press.

That balance is elusive. Several European groups attacked the approvals, as not being sufficiently strong enough to meet European standards, while a number of U.S. companies criticized the accord as creating a potentially expensive trade barrier.

Insurers, who routinely collect sensitive financial and medical data, are particularly concerned with the privacy rules.

Was this article valuable?

Here are more articles you may enjoy.