CongressLine – EU Directive 95/46 – Privacy 101

U.S. Response

Moving with dizzying ineffectiveness, the United States is still hammering out (at press time) the details to enable our country to be in compliance with the Directive. (See the remarks of Secretary of Commerce William Daley before the OECD Ministerial on Electronic Commerce. The Europeans have been unsympathetic with our plight, as one EU official summed it up, “we only gave them three years notice….” Its not, obviously, that the Administration and Congress were unaware of the impending deadline. Just this past year Congress held several hearings on how the Directive will impact e-commerce. (See the witness list and jump sites for the hearing held by the House committee on Ways and Means subcommittee on Trade, July 28, 1998, on “Transatlantic Economic Partnership” and the witness list and jump sites for the House committee on International Relations hearing held on May 7, 1998 on “Issues in U.S.- European Union Trade: European Privacy Legislation and Biotechnology/Food Safety Policy.”)

The failure of the U.S. to adopt uniform standards or guidelines to govern the protection of privacy is not really a “failing.” The Administration has espoused (all along) a self-regulatory approach, encouraging industry to adopt and implement their own strict privacy guidelines. However, on October 25, EU member nations will be under a legal obligation to block the transfer of data to any country where protections are deemed inadequate. Although the EU is no longer insisting on its earlier requirement of government regulation, the current system of self-regulation must pass muster. Therefore, the U.S. and the EU are currently negotiating a settlement to that end. (On our side is the fact that some EU member nations have not passed their own conforming legislation, either.)

Remarks of Commerce Sec. William Daley

House Committe on Ways and Means witness list/jump sites

House Committee on International Relations witness list/jump sites

Online Privacy Alliance (OPA)

OPA Press Release

OPA Privacy Framework

Privacy Policies

ABAecom Privacy Policy

Consumer Bankers Association Privacy Principles

CBA on Privacy

Testimony of Marc Rotenberg

Industry

The stakes here are incredibly high and American industry has risen to the challenge. Coalitions, such as the Online Privacy Alliance (OPA), have geared up to promulgate and promote date privacy initiatives. In July, OPA released a framework for enforcing the protection of consumer privacy in cyberspace (click here for a press release; click here for the text of the framework). In October they called on businesses to post their privacy policies conspicuously on their Web sites. For examples of privacy policies, please see the information on the following Web sites; The ABAecom Privacy Policy, the Consumer Bankers Association Privacy Principles. Several more examples can be accessed at the CBA On Privacy Web page. Most recently, eight of the top Internet companies have formed a “Privacy Partnership” in which they will donate space on their sites to promote consumer privacy online. The Internet Community has not been idle during this process. Countless meetings, conventions and forums have been held between all of the ad hoc groups which comprise the Internet “stakeholders.”

Countdown

The efforts of coalitions like the OPA have encouraged the EU and are certainly assisting with the progress of the negotiations. Privacy advocates, such as the Electronic Privacy Information Centre (Epic), however, are not satisfied with these efforts and believe that self-regulation is simply a band aid which will not fool the American consumer into trusting online commerce. (See the testimony of Marc Rotenberg, the executive director of Epic before the House committee on International Relations.) The FTC, following in the footsteps of the EU, has also begun calling for federal regulation. Perhaps that will happen in the future, but right now, as the days tick by, a settlement must be reached. As one of the EU negotiators remarked, a trade war is in nobody’s interest and ultimately, the market must gain the confidence of the consumer in order for electronic commerce to be a success.

Posted in: CongressLine, Privacy