Data protection negotiations between the U.S. and the European Union took a promising turn Tuesday when EU negotiator John Mogg announced that he will recommend the approval of a “safe harbor” agreement by EU institutions and member states.
The agreement would enable U.S. industries to conduct business with European firms under strict data privacy considerations. According to Mogg, a trans-Atlantic deal could be concluded by this summer.
“We reached an important stage today,” Mogg said. “I feel ready to recommend to authorities that the safe harbor meets our criteria.”
Tuesday’s tentative agreement would assure the European Union that information sent to the U.S. would be protected under U.S. law. This agreement applies primarily to companies that are engaged in electronic commerce.
More to Come
U.S. Undersecretary of Commerce for International Trade David Aaron and Mogg will conduct further negotiations aimed at reaching an agreement for financial institutions. That agreement may be longer in coming, particularly since this is a presidential election year in the United States — a time when opposing parties may slow progress by trying to take the lead role in influencing the deal.
The agreement regarding financial services is also somewhat contingent upon new data privacy rules that are part of the Financial Modernization Act. Those rules are expected to be enacted by mid-May. Provisions will also be put in place to monitor companies to ensure compliance with the new rules.
Terms of the Agreement
As part of the deal, the U.S. Federal Trade Commission (FTC) and U.S. judicial system will have the authority to impose sanctions on companies that violate data privacy rules.
The U.S. Commerce Department will keep track of self-regulating companies, which will have to apply annually for membership in the Department’s register.
Companies will comply with the new data privacy protection laws in the following ways:
- By agreeing to be monitored by U.S. Federal agencies.
- By joining a self-regulating body, which will be monitored by the FTC.
- By reporting to a data protection authority in Europe.
Additionally, according to Aaron, the general public will have the right to demand access to sensitive information, such as health data, political affinities and ethnic background held in the United States.
U.S. Struggles with Domestic Privacy
While trans-Atlantic e-commerce may take a giant leap forward with the sealing of the new deal, U.S. companies and consumers continue to grapple with domestic privacy and data protection issues.
Consumers have become increasingly impatient with online companies that do not take aggressive steps to protect their customers’ privacy. Just last week, privacy advocates expressed serious concern about the ability of Sprint PCS cell phones to automatically transmit a user’s phone number to every Web site visited while using Sprint’s new wireless data service.
While the issue could be considered minor at this time — since wireless is still in its infancy — the use of wireless Internet devices to tap into the Web may be commonplace by the end of this year.
In response to the public’s concerns over privacy, some U.S. lawmakers have already introduced bills that would legislate online privacy. Commerce Secretary William Daley said recently that if such bills pass, the private sector will be at fault for not properly regulating itself and ensuring consumer privacy.