January 09, 2001, 12:47 PM —
COLUMBUS, OHIO -- The "safe harbor" agreement that was approved last summer in an effort to make it easier for U.S. companies to comply with Europe's tough data-privacy laws goes into effect today. But many privacy experts predict that businesses will be slow to seek shelter under the new rules negotiated by the U.S. Department of Commerce and European government officials.
According to attendees interviewed yesterday at the Privacy2000 conference here, many U.S. companies may wait to see if European authorities are serious about enforcing the existing privacy laws in that region as well as the safe harbor provisions, which set out a series of guidelines for transferring personal data between the U.S. and the 15 countries that belong to the European Union.
Moreover, adhering to the safe harbor principles may put companies in a difficult position regarding domestic concerns about data privacy. Conference attendees noted that giving European residents access to data collected about them and letting them block any sharing of the information with third parties go beyond the privacy rights that many businesses currently offer to U.S. citizens.
"What happens to your American customers and American employees when they see that your company is providing a higher level of protection to [European residents] than they are to . . . folks here at home?" asked Donald Harris, president of HR Privacy Solutions, a New York-based consulting firm. "I think that is going to create sort of a groundswell of activism and interest and pressure on companies to raise the bar. If these practices are good for Europeans, they're good for Americans."
As early as next week, the Commerce Department plans to set up a Web site that will outline the process for companies to follow in applying to be recognized for adhering to the safe harbor provisions, said Peter Swire, the White House's chief counselor for privacy and a supporter of the U.S.-European agreement.
The deal covers e-commerce transactions and other business interactions with European consumers, as well as the transfer of data about European employees of U.S.-based companies. "If you're taking personal data out of Europe, you want to have a lawful basis for it," Swire said. "The safe harbor is one very achievable way to comply with the law and do your business."