Eu data protection directive: a matter of sovereignty

U.S. politicians want to reverse agreement with EU on safe harbor concept

Yesterday, the Congressional Committee on Commerce, Trade and Consumer Protection held a hearing on the impact the EU Data Protection Directive could have on the U.S. privacy debate. It is well known that the Data Protection Directive requires that data of EU citizens can only be exported to countries that have a similar regulation. In the case of the U.S., after long negotiations, an agreement was reached on the concept of the "Safe Harbor" under which companies voluntarily commit to appropriate data protection rules. Apparently, some politicians now want to mess with this agreement again because it hinders the e-commerce of American companies.

The committee’s chairman, Republican Billy Tauzin, apparently sees the ie from the perspective of power. For him, the directive "an attempt to impose the will of the EU on the United States." But not only that, the EU Data Protection Directive could also become the global data protection standard, and that will have dire consequences: "The EU Data Protection Directive could lead to the erection of one of the grossest blockades of free trade ever seen."

He indirectly expresses the fear that it could also undermine the economic superiority of the United States: "I am very concerned that U.S. companies, which have been the creators and the leading forces of e-commerce, are going to be forced to deal with such a restrictive law." Allegedly costing billions of dollars that would be passed on to consumers. He described the concept of the safe harbor as "nonsensical".

Cliff Stearns, the head of the subcommittee and also a Republican, called on President Bush to quickly clear the matter with the EU before all EU countries have implemented the directive. For Tauzin, the problem lies in cultural differences. While the Europeans are of the opinion that "Privacy a fundamental right" is, "we in the U.S. have a different understanding of data protection, which assigns primarily to the private sector the task of protecting consumer data".

David Aaron, who had worked with the EU on the Safe Harbor concept under President Clinton, however, said during the hearing that this agreement had prevented even worse things from happening: "The key to the agreement was that we accepted stricter standards and they accepted self-regulation. Any federal regulation should be based as much as possible on self-regulation. In addition, the agreement also has its good sides, because the data protection directive applies to all EU member states and one does not have to observe 15 different laws.

Jonathan Winer, a privacy expert and lawyer, also sharply opposed the directive, which for him also threatens the competitiveness of the American economy, as well as fundamental American values, such as those secured by the First Amendment. One could think that the downfall of the US is at hand, when companies only have to ask their customers first if and what data they are allowed to collect, and they can be held legally accountable if they do not comply with data protection rules. Fur Winder is the directive "probably the most important law by which the EU prescribes the rules of cyberspace. … Although the EU usually denies it, the directive also has extraterritorial application and affects data flows around the world .. Congress and the Bush Administration urgently need to consider all reasonable options to respond to the situation created by the EU’s aggressive external application and to the Directive’s lack of internal implementation. Es geht dabei nicht nur um den Datenschutz, sondern gleichzeitig um den Schutz der Souveranitat und der Verfangsfreiheiten, besonders der Meinungsfreiheit, und der Verhinderung des Risikos ernsthafter Schaden fur die USA und die Weltwirtschaft."

Wine recommends the government not to let itself be blackmailed and, if necessary, to react with trade sanctions if the EU should actually take action against American companies. Moreover, the data protection directive is only the first of several to come, which may also have global reach.

It is clear that Stefano Rodota, the chairman of the European Commission’s Data Protection Committee, who was invited to the hearing, had a hard time defending the agreement reached under the Clinton administration and pointing out the crudeness of the agreement "Flexibility" as well as to point out the many exceptions that the directive and agreement with the U.S. allow. Rodota also pointed out that the EU was only implementing what was actually due to the USA: "The widespread use of the word "Privacy" in Italy and other non-English speaking countries reveals an astonishing paradox. Privacy has been in the U.S "invented" and has long been considered typical of American society. Nevertheless, Europe is now the region in the world where personal data is most protected."

Barbara Lawler, who is responsible for data protection at HP, did not toot the politicians’ horn. In January, HP became the first major high-tech company to register with the Department of Commerce for the Safe Harbor concept. Lawler called the concept a right step that could benefit e-commerce: "We believe that consumer confidence is enhanced by securing data privacy online and offline in a global business environment. E-commerce will grow faster if consumer trust is strengthened by companies’ efforts to provide consumers with an effective privacy complaint mechanism through agreements such as the Safe Harbor."

And Joel Reidenberg, a law professor, said the easiest way to prevent trade problems would be to introduce its own privacy law: "The U.S. is fast becoming the world’s leading rogue nation when it comes to data protection." Reidenberg recommended that data protection be legally protected in order to balance commercial interests in information with data protection.