Letter Re-Ignites U.S.- Europe Privacy Debate

A joint letter from the Treasury and Commerce Departments to John Mogg, European Commission Director General for the Internal Market, has re-ignited the controversy between the U.S. and the EU over privacy regulations. The Bush administration has in essence asked the EU to revise data dissemination rules that it finds are too burdensome on U.S. business, particularly on the financial service sector, which includes insurance.

EU regulations, passed in October 1998, gave EU residents the right to review and correct personal data, and if they choose, to prohibit its unauthorized use or dissemination. The regulations also prohibited EU companies from transferring personal data to any country that didn’t accord its consumers with “adequate protections”, corresponding to those in force in the EU. The enforcement of this provision was suspended pending negotiations to resolve the differences.

A year ago it appeared that the controversy had been settled by an agreement reached between Mogg and David Aaron, the U.S. Undersecretary of Commerce for International Trade. U.S. companies would be deemed in compliance with the EU rules if they complied with the provisions of the Gramm-Leach-Bliley Act, which established certain minimal privacy standards for the U.S., and agreed to adopt certain “Safe Harbor Principles.” The State-Commerce letter calls this agreement into question.

How to address the problem of financial services in general and the insurance industry in particular, has always been difficult. Insurers collect a great deal of personal information, and almost every large U.S. insurance company has units operating in Europe, and vice-versa; therefore how to regulate the transfer of this data across the Atlantic raises serious policy issues.

So far the EU has taken the position that its established rules on data transfers must be observed by all companies conducting business which involves this type of technology. The U.S. position opposes the stricter EU rules as being unduly burdensome, as being out of touch with the realities of the real-world, and as establishing a separate standard for Europeans which conflicts with the looser rules the U.S. has adopted.

More negotiations are in prospect, as neither side really wants to see a breakdown in U.S.-EU trade caused by an inability to solve the data transfer/consumer privacy problem.