Out-Law News 1 min. read
28 Mar 2001, 12:00 am
Last Friday, the US departments of Treasury and Commerce wrote a letter to John Mogg, director general of the European Commission saying that the EU’s forthcoming rules would “impose unduly burdensome requirements that are incompatible with real-world operations.”
The European Parliament is soon due to consider the Commission’s proposals for “standard clauses” in contracts between US and European businesses regarding exchanges of customer data. The clauses would require US firms to meet European standards of data protection. In the US, there are no equivalent standards for businesses.
The Data Protection Directive forbids the transfer of personal data to countries without equivalent privacy protection, including the US. A so-called Safe Harbor scheme was introduced last year to provide a loophole for US firms. It sets out a number of principles with which US businesses must comply if they want to receive personal data on European citizens from businesses operating in the EU. Voluntary compliance, monitored by the US Federal Trade Commission, allows, for example, the exchange of customer details from their European offices or subsidiaries.
Only 34 US companies have signed up to date. Further, financial services firms are excluded from the Safe Harbor provisions because they compromise the strength of EU data protection rules. Instead, financial services firms will be expected to comply with the stricter terms in the proposed “standard clause” rules.
The letter to John Mogg, without elaborating on the nature of the concerns, does express concern that the rules proposed for financial services firms could, if adopted, become “a de facto standard” for all other firms in e-commerce.
OUT-LAW.COM's Rosemary Jay, a Senior Consultant with law firm Masons and an expert in data protection laws, said:
"The draft clauses to be considered by the Parliament would, if adopted, require US financial services firms to comply with exactly the same data protection rules and procedures required of all European businesses. European businesses are already subject to stricter regulation than, not just most US businesses, but also those signing up to the Safe Harbor scheme. The US has long taken a hands-off approach to data protection regulation, but it will be for Europe to decide whether it takes heed of these new concerns expressed by the Bush administration."