December 28, 2000, 11:55 AM — U.S. companies are so far steering clear of the "safe harbor" European privacy agreement, which is intended to provide some legal protections for firms operating in Europe, where personal privacy laws are more strict than in the U.S.
Only three entities have signed up for safe harbor protections since the U.S. Department of Commerce began making them available Nov. 1. But it's unclear at this point whether the slow start is an indicator that the agreement is doomed.
A Commerce Department official, speaking on background, said the department gets approximately 20 calls per day from businesses seeking information about the safe harbor. Companies are still in the learning stage, the official said.
James Sheire, manager of government affairs at the European-American Business Council, a Washington-based organization that represents 85 multinational firms, said many companies are taking a wait-and-see approach, especially since the Europeans aren't expected to review the success or failure of safe harbor until the middle of next year. "There's no rush to participate," said Sheire, at the Privacy & American Business conference in Washington last week.
The safe harbor provides guidelines for U.S. companies transferring data out of Europe. U.S. firms are considered in compliance with Europe's data protection laws if they voluntarily agree to follow a certain set of privacy practices. The European Commission approved the deal in July.
"There is a lot of confusion out there," said Dave Steer, a spokesman for Truste, a firm in San Jose that certifies companies' Web site privacy practices, referring to the safe harbor agreement. Truste will certify Web sites that comply with the agreement, but it's going to take education to convince companies of the need for safe harbor certification, he said.