HL Chronicle of Data Protection : Privacy Lawyers & Attorneys : Hogan Lovells Law Firm : Data Security, E-Commerce & Technology

At a time when leaders in the EU are poised to propose privacy rules that could well restrict the activities of US businesses, Google , Microsoft , Citigroup, IBM , GE and other major American companies have urged the United States to push for trade rules that protect the free flow of information over the Internet.  In particular, the group's Report available here urges that countries avoid "digital protectionism," and the report specifically addresses security and privacy:

Security and Privacy. The business community supports the right of governments to ensure the safety, security and privacy of its citizens and recognizes that approaches may differ between countries and across sectors. At the same time, as in any measure affecting international trade, governments must be able to communicate clearly the rules, rationale and compliance procedures governing these interests to businesses and individuals and make certain that those procedures are not overly disguised restriction to international trade. For example, some countries have discriminated in favor of local businesses by selectively applying filtering regimes which degrade service; by mandating the use of domestic products or intellectual property; by requiring product certifications to be carried out locally; by rerouting traffic from global Internet brands to local competitors; or by applying their laws in a manner that discriminates against foreign suppliers or services. In addition, governments often work outside of established legal frameworks or processes when seeking commercial, financial or personal data, which raises a host of concerns about privacy, safety and security.

US Deputy Chief Technology Officer Danny Weitzner, in a similar vein, warned today in a speech to the US Chamber of Commerce that EU rules may be too stringent and that the Obama Administration will work to convince European regulators that voluntary but enforceable industry codes of conduct are the way to go.  Also, the FTC today applauded the approval by the forum on Asia-Pacific Economic Cooperation (APEC) of a new initiative to harmonize cross-border data privacy protection among members of APEC designed to enhance the protection of consumer data that moves between the United States and other APEC members.

• Email This
• Print

In a speech to at Atlantic Council in Washington, DC on 9 July, Viviane Reding, Vice-President of the European Commission responsible for Justice, Fundamental Rights and Citizenship announced that she has begun exploratory talks with the United States for a comprehensive EU-US agreement for personal data protection standards to apply whenever personal data needs to be transferred across the Atlantic for the purposes of police and judicial cooperation in criminal matters.  Vice-President Reding said:  "The aim is clear: to provide legal certainty to data transfers by ensuring that all these transfers are subject to high standards of data protection on both sides of the Atlantic."

Also appearing at the Atlantic Council with Vice-President Reding was Department of Homeland Security Secretary Janet  Napolitano who, according to the Atlantic Council web site

noted that the United States has a long tradition of insisting on personal privacy — and is in some ways, such as a cultural antipathy to national identification cards and showing passports at hotel check-ins and the like, even more privacy conscious than Europe— the fact of the matter is that protection of personal data does not rise to the level of fundamental right in our society. 

That difference in approach in the US from the EU, with its Charter of Fundamental Rights which very specifically guarantees a right to personal data protection, suggests that the road to a bilateral treaty will be long.

Likewise, the path to the EU recognizing the US as a country with "adequate protections" allowing the cross-border flow of personal data without the encumbrances of model contract clauses, the EU-US Safe Harbor or Binding Corporate Rules seems distant.  Still, at a dinner this author had with Vice-President Reding with her delegation following her Atlantic Council (and her deposit of the new EU "Bill of Rights" a the National Archives), I was able to preview some of the themes of my upcoming presentation at the PLI Privacy Law Institute in Chicago on Monday, 19 July entitled "Is the Tide Turning? The Impact of the HITECH Act & Other Federal Regulation."  I conveyed to Ms. Reding that the time has come for the EU to reappraise the US level of protection given the FTC's "common law of consent decrees" through which specific rules on data protection have arisen, given the forty-six state data security breach notification laws which have prompted heightened attention to the protection of personal data, and given the application and enforcement of the many other sectoral and geographic privacy laws. 

• Email This
• Print