Privacy Legislation raises questions: Will Americans envy strong EU protections

By Patrick Thibodeau, Computer World |  Business

COLUMBUS, OHIO -- The "safe harbor" agreement that was approved last summer in an effort to make it easier for U.S. companies to comply with Europe's stringent data privacy laws went into effect Nov. 1. But many privacy experts predict that businesses will be slow to seek shelter under the new rules negotiated by the U.S. Department of Commerce and European government officials.

According to attendees interviewed last week at the Privacy2000 conference here, many U.S. companies may wait to see if European Union authorities are serious about enforcing their existing privacy laws as well as the safe harbor provisions, which set out a series of guidelines for transferring personal data between the U.S. and the 15 countries that belong to the EU.

Moreover, adhering to the safe harbor principles may put companies in a difficult position regarding domestic concerns about data privacy. Conference attendees said giving European residents access to data collected about them and letting them block any sharing of the information with third parties goes beyond the privacy rights that many businesses currently afford U.S. citizens.

"What happens to your American customers and American employees when they see that your company is providing a higher level of protection to [European residents] than they are to . . . folks here at home?" asked Donald Harris, president of HR Privacy Solutions, a New York-based consulting firm. "I think that is going to create sort of a groundswell of activism and interest and pressure on companies to raise the bar. If these practices are good for Europeans, they're good for Americans."

As early as this week, the Commerce Department plans to set up a Web site that will outline the process for companies to follow when applying to be recognized as adhering to the safe harbor provisions, said Peter Swire, the White House's chief counselor for privacy and a supporter of the U.S.-European agreement.

Data Smuggling?

The deal covers e-commerce transactions and other business interactions with European consumers, as well as the transfer of data about European employees of U.S.-based companies. "If you're taking personal data out of Europe, you want to have a lawful basis for it," Swire said. "The safe harbor is one very achievable way to comply with the law and do your business."

But other attendees at the annual conference, organized by the Ohio Supercomputer Center's Technology Policy Group, said companies may be reluctant to quickly agree to something that will put more demands on their business operations and information technology systems as well as increase their legal risks if they don't follow through and adhere to the safe harbor rules.

Join us:






Spotlight on ...
Online Training

    Upgrade your skills and earn higher pay

    Readers to share their best tips for maximizing training dollars and getting the most out self-directed learning. Here’s what they said.


    Learn more

BusinessWhite Papers & Webcasts

See more White Papers | Webcasts

Answers - Powered by ITworld

Ask a Question