Push intensifies for personal data rules change

Companies are plagued by legal uncertainties sparked by the very different approach to data privacy in the U.S. and Europe

Calls for a change to international rules on data transfers intensified Monday when two leading trade associations called on U.S. and European Union decision-makers to take action.

The American Chamber of Commerce to the European Union (AmCham EU) and the International Chamber of Commerce (ICC) "urgently call upon decision-makers on both sides of the Atlantic to deliver real progress on international transfers of personal data, a matter of growing concern for businesses worldwide," the trade groups said in a statement.

The call for action comes as more and more companies face legal uncertainty sparked by the very different approach to data privacy in the U.S. and Europe.

In recent weeks SWIFT, a Belgian financial data transfer company, has been found guilty of handing over personal data to U.S. authorities in breach of European data protection laws. SWIFT was forced to hand over the data by U.S. officials investigating terrorist financing.

Meanwhile, European airlines are being forced by the U.S. to break European data protection laws by handing over personal details about passengers flying to the U.S. Failure to hand over the information, including passengers' names, addresses and credit card details, would result in them losing landing rights at U.S. airports, or being fined up to $6,000 per passenger.

AmCham EU and the ICC said companies are increasingly faced with the challenge of how to manage efficiently the growing number of complexities of their employee and customer data.

"This is every bit as true for European businesses operating in the U.S., for U.S. companies doing business in Europe, and for companies operating in other parts of the world," the groups said in a statement issued at the beginning of a two-day conference in Brussels about international transfers of personal data. The conference was organized by the European Commission and the U.S. Department of Commerce.

The legal framework in the E.U. has not effectively eliminated national data protection, forcing companies to comply with rules from 25 different sets of laws when processing data, the groups found. "Companies operating outside the E.U., notably in the U.S., are especially hard-hit by this massive set of requirements," they said.

Exemptions from some of the more onerous requirements of Europe's tougher data protection rules include the Safe Harbor Agreement, signed in 2000, which lays out seven principles of data privacy. Companies that sign the agreement get immunity from some of the European laws, allowing them to transfer data to the U.S.

AmCham EU and the ICC were involved in drafting alternative standard contractual clauses for data transfers by companies. They are also promoting the use of Binding Corporate Rules, another legal tool to get around the problem of differing rules on data protection.

"Closer cooperation between the E.U., the U.S. government, global business and other international institutions will lead to data protection mechanisms that will protect the rights of individuals and take business realities into account," AmCham EU and the ICC said.

Copyright © 2006 IDG Communications, Inc.

How to choose a low-code development platform