01 December 1998
(U.S. negotiators hope for significant progress in January ) (590) By Merle D. Kellerhals, Jr. USIA Staff Writer Washington -- United States and European Union (EU) officials met December 1 to continue discussions on complex data privacy laws with the United States pressing for a closer resolution of the issue by late January, a senior Commerce Department official says. The official, speaking on background, said December 1 that U.S. Commerce Under Secretary David Aaron and John Mogg, the European Commission's director general for the Single Market, reaffirmed their objective of seeking a final agreement on data privacy. "We have really made, I think, enormous progress on some of the fundamental concepts that are necessary to reconcile the two different systems," the official said. But, he added, that the hope is for "significant progress by the end of January" when the two officials meet again. At issue between the United States and European Union is how best to manage the transfer of private data on individuals, especially electronically. The EU's comprehensive privacy legislation, the Directive on Data Protection, which became effective on October 25, 1998, prohibits the transfer of personally identifiable data to third countries that do not provide an "adequate" level of privacy protection. The United States relies largely on a sectoral and self-regulatory approach, rather than legislative, to assure privacy, the Commerce Department said. The United States has proposed a system known as "Safe Harbor." Essentially, U.S. organizations could come within the safe harbor by self certifying that they voluntarily adhere to seven privacy principles, the Commerce Department said. These principles were released for public comment two weeks ago by the Commerce Department. However, European Union countries have not accepted the proposed safe harbor plan proposed by the United States. The Commerce official said that at present "data will not be interrupted so long as we are negotiating seriously about this issue. The decision of the European Union was to do what they could to refrain from any data interruption so long as we were negotiating in good faith, and we are negotiating in good faith. So, there's been no deadline that's been set on that." The official said that there are a number of technical questions that still need to be addressed in the negotiations. "But essentially, they revolve around the question of access -- of a person's ability to access information about them that may be held by a company. The question of monitoring the adherence to the safe harbor principles," he said. And, he said the "question of whether existing laws and regulations that some of our industry sectors are subject to provide adequate privacy protection." Both sides have agreed to, in principle, the setting up of an independent body to arbitrate disputes between the two bodies, he said. "There are two different aspects to that," he said. "One is that we have agreed that there should be an independent dispute settlement mechanism." However, the difference is over whether, in addition to that, U.S. companies should have to have an independent auditing or monitoring body to assure the Europeans that they are adhering to safe harbor principles, the official said. "Our view, frankly, is that the Europeans have no such body to assure that European companies are adhering to the European data directive, and so our companies should not have to carry this additional burden."