Study: EU privacy directive would cost US consumers

American consumers would be robbed of time- and money-saving practices, including many made possible by new technologies, if the European Union's Directive on Data and Privacy were enacted in the U.S., according to a study sponsored by the Financial Services Coordinating Council (FSCC).

At least US$16 billion worth of current financial services would be lost and bank and insurance customers would be forced to spend an additional 305 million hours annually on their personal finances if a U.S. version of the EU's privacy rules on data sharing were on the books here, according to the study, which was conducted by Ernst & Young LLP for the Washington-based FSCC. The FSCC is a group of associations that represents U.S. insurance companies and banks, including the American Bankers Association and the American Council of Life Insurers.

The study results should serve as a warning to lawmakers that consumers would be greatly harmed by privacy rules that amend the privacy provisions that went into effect under the Gramm-Leach-Bliley Financial Services Modernization Act of 1999, according to the FSCC. There has been concern expressed in Congress that the EU directive could become a global standard. While the EU directive may work well to serve the needs of European governments and European consumers, it would have a very different impact if applied in the U.S. because of cultural differences and because the EU directive is stricter than any privacy policy existing in the U.S. now, said Cynthia Glassman, an economist with Ernst & Young and director of the study project.

The study examined the potential impact of the directive on customers at 90 large U.S. financial institutions. It assumed that the directive would be interpreted to allow those institutions to offer consumers only opt-in policies, and less than 10 percent of consumers would choose to allow their information to be used by the institutions, Glassman said.

U.S. consumers have come to rely on savings and conveniences that result from information sharing by financial firms, Jim Pitts, executive director of the FSCC's Privacy Project, said in a news release issued Tuesday by the FSCC. These conveniences are being threatened by proposals on the federal and state level to adopt laws patterned on the EU directive, which has been in effect in Europe since 1998, he added.

Among the consequences of implementing the EU system would be a loss of 67 million hours per year because consumers would no longer be able to call one number, such as a call center, to access multiple accounts and a loss of another 31 million hours because consumers would no longer be able to use centralized Web sites to access multiple accounts.

In addition, special offers based on data collected from consumers and targeted marketing would be lost, the study says.

The computer systems at some financial institutions also could be affected, especially legacy systems that are unable to comply with some of the privacy requirements, Glassman said. The study notes that technologies designed to enable new products and services based on customer information could be cut short by privacy policies.

Because the study is an effort to examine the impact of the EU directive if it were implemented in the U.S. it doesn't mention the "safe harbor" agreement negotiated by the U.S. Commerce Department and EU last year to provide some legal protection to U.S. companies and organizations that gather personally-identifiable data in Europe from employees and customers.

The safe harbor agreement is meant to bridge the U.S. and EU's different privacy approaches and provide a streamlined means for U.S. organizations to comply with the directive. So far 30 companies have notified the Department of Commerce that they adhere to the safe harbor framework.

Join the newsletter!

Error: Please check your email address.

More about Ernst & YoungErnst & YoungFinancial InstitutionsFinancial Services Coordinating Council

Show Comments

Market Place