Any safe harbor?

By Elana Varon, CIO |  Business

Companies with European subsidiaries can shield themselves from privacy-related lawsuits under a "safe harbor" agreement negotiated between the United States and the European Union (EU) last summer. The pact lets U.S. businesses send personnel and customer data stateside, an exception to EU rules that prohibit transfer of personal information to any country that doesn't follow Europe's stringent privacy laws.

Businesses that join the pact (which is voluntary) agree to follow the EU's Directive on Data Privacy, which says they can share only info they collect with other companies if the subject of the data consents. In return, Europeans unhappy with how U.S. companies use their data have to sue in U.S. courts under privacy laws that are less stringent than Europe's. Businesses that decide not to join risk having European governments prohibit them from sending data back home. Jeff Rohlmeier, an international trade specialist with the U.S. Department of Commerce (DOC), says the agreement was needed to prevent disrupting $350 billion in trade with Europe, which is now mostly conducted electronically.

So far only 13 companies have signed the pact. The reason isn't clear. Companies appear to be procrastinating because the agreement isn't currently being enforced. That's likely to change later this year, when the EU will decide whether to seek even stricter rules.

Whether or not a company signs on, it still has to build systems that comply with the EU's privacy standards in each European country where they handle personal data, says lawyer Catriona Hatton, whose practice in the Brussels office of Hogan & Hartson focuses on EU antitrust law and regulatory affairs.

At press time, the Bush administration hadn't taken a position on the pact. Meanwhile, CIOs can keep tabs on future negotiations through the DOC (www.doc.gov).

-- Joe Kendall

Holding Pattern

The drumbeat from consumers about protecting privacy online is amplifying the political rhetoric in Congress. How long before talk turns into action?

Sen. Ron Wyden (D-Ore.), an e-commerce advocate, predicts Congress will pass a privacy bill this year. According to his Chief Staff Josh Karden, Wyden thinks the feds need to act before state legislatures under pressure from their constituents enact rules about what customer info companies can share. The result: 50 different data privacy laws that might require companies to treat customer data differently depending on where those customers live.

Join us:
Facebook

Twitter

Pinterest

Tumblr

LinkedIn

Google+

Answers - Powered by ITworld

ITworld Answers helps you solve problems and share expertise. Ask a question or take a crack at answering the new questions below.

Ask a Question