'Safe Harbor' to Prompt Europeans to E-shop

FRAMINGHAM (03/17/2000) - After more than two years of negotiations, the U.S. and European Union agreed on a set of guidelines intended to protect U.S. businesses that transfer data out of Europe. The goal is to protect American companies from legal actions from European Union member states.

Under this "safe-harbor" agreement, U.S. companies will be considered in compliance with Europe's rules if they agree to post privacy policies based on the safe-harbor guidelines. These guidelines give Europeans the ability to opt out of third-party distribution of data and access to data, among other things.

Companies that violate their privacy policies could be subject to enforcement action by the U.S. Federal Trade Commission.

The U.S. International Trade Administration was expected to post a final set of guidelines and frequently asked questions on its Web site today.

Ambassador David Aaron, undersecretary of commerce for international trade and the lead U.S. negotiator in this week's data-privacy agreement with the European Union , said he believes the agreement may boost consumer and business confidence in U.S. companies. In an interview with Computerworld reporter Patrick Thibodeau, Aaron outlined some of the key arguments for the agreement.

CW: What are the incentives and conversely the risks for U.S. companies to participate in the safe-harbor agreement?

Aaron: The incentives are that they will be protected from any arbitrary action by European data-protection authorities to cut off data to their companies, which could be very dire. I think it also will make it much easier for those that have subsidiaries in Europe to transfer personnel information back and forth across the Atlantic - they won't have to have contracts and go back and forth to these data-protection authorities every time they have something new to do. And finally, for those that are actually doing business directly to consumers or, for that matter, business-to-business-type Internet work, the company or the individual on the other side will know that they can do business with them without any difficulty.

CW: Should U.S. based e-commerce businesses that have no physical presence in Europe but are nonetheless trying to drum up business via the Web apply for safe harbor?

Aaron: I think they will find that very helpful because it will be kind of a Good Housekeeping seal of approval for Europeans who are very sensitive about this issue . . . and may be reluctant to do business with Web sites in the U.S.

But if they know that they are part of this regime, they know their data will be protected. So it will be a competitive advantage for companies to sign on.

CW: Under this agreement, U.S. companies will be offering European customers and businesses more stringent privacy protections than they do here. Some privacy advocates say that is fundamentally unfair to U.S. citizens. What kind of ramifications and implications do you see from this imbalance in privacy protections?

Aaron: This of course is only aimed at protecting European data that is transferred over here. I don't think that's a reason to either oppose it, that there may be a different set of standards in the United States, nor is that a reason to neglect providing as good privacy as we can in the U.S. I don't see them as the same issue. Finally, I think this will strengthen the self-regulatory bodies, such as Better Business Bureau Online (and) TrustE. I think that will also help companies here in the U.S., encourage them to join, and in the long run could lead to greater protections for Americans as well.

CW: Is this issue really settled? Are their open questions and problems left to fix?

Aaron: This issue is not going to be settled ever in any final way. Technology is changing too fast, business practices are changing too fast, threats to privacy are changing too fast. This is something that we are going to have to maintain a dialogue with the Europeans about, as well as a dialogue we're going to have inside the U.S. More specifically, because of the rapidly changing landscape in terms of privacy in the financial sector in the U.S., we were not able to come to a conclusion about how to best fit the financial sector into the safe harbor. So those negotiations will continue, and hopefully we can wrap those up by the end of the year.

Join the newsletter!


Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

More about Federal Trade CommissionTRUSTe

Show Comments