Push for Changes to Personal Data Rules Gains Steam

Calls for a change to international rules on data transfers intensified Monday when two leading trade associations called on U.S. and European Union decision-makers to take action.

The American Chamber of Commerce to the European Union (AmCham EU) and the International Chamber of Commerce (ICC) “urgently call upon decision-makers on both sides of the Atlantic to deliver real progress on international transfers of personal data, a matter of growing concern for businesses worldwide,” the trade groups said in a statement.

The call for action comes as more and more companies face legal uncertainty sparked by the very different approach to data privacy in the United States and Europe.

In recent weeks, SWIFT, a Belgian financial data transfer company, has been found guilty of handing over personal data to U.S. authorities in breach of European data-protection laws. SWIFT was forced to hand over the data by U.S. officials investigating terrorist financing.

Meanwhile, European airlines are being forced by the United States to break European data-protection laws by handing over personal details about passengers flying to the United States. Failure to hand over the information, including passengers’ names, addresses and credit card details, would result in them losing landing rights at U.S. airports, or being fined up to US$6,000 per passenger.

AmCham EU and the ICC said companies are increasingly faced with the challenge of how to manage efficiently the growing number of complexities of their employee and customer data.

“This is every bit as true for European businesses operating in the U.S., for U.S. companies doing business in Europe and for companies operating in other parts of the world,” the groups said in a statement issued at the beginning of a two-day conference in Brussels about international transfers of personal data. The conference was organized by the European Commission and the U.S. Department of Commerce.

The legal framework in the European Union has not effectively eliminated national data protection, forcing companies to comply with rules from 25 different sets of laws when processing data, the groups found. “Companies operating outside the E.U., notably in the U.S., are especially hard-hit by this massive set of requirements,” they said.

Exemptions from some of the more onerous requirements of Europe’s tougher data-protection rules include the Safe Harbor Agreement, signed in 2000, which lays out seven principles of data privacy. Companies that sign the agreement get immunity from some of the European laws, allowing them to transfer data to the United States.

AmCham EU and the ICC were involved in drafting alternative standard contractual clauses for data transfers by companies. They are also promoting the use of Binding Corporate Rules, another legal tool to get around the problem of differing rules on data protection.

“Closer cooperation between the E.U., the U.S. government, global business and other international institutions will lead to data protection mechanisms that will protect the rights of individuals and take business realities into account,” AmCham EU and the ICC said.

-Paul Meller, IDG News Service (Brussels Bureau)

Related Link:

• E.U., U.S. Agree to Share Air Passenger Data

Check out our CIO News Alerts and Tech Informer pages for more updated news coverage.