Deputy Under Secretary O’Neill Addresses U.S.–EU Personal Data Transfer Concerns
Reconciling the different approaches taken by the United States and the European Union was the focus of a conference in Brussels, Belgium, this October, with a U.S. delegation led by Deputy Under Secretary Michelle O’Neill.
The transfer of personal data created, collected, and used by companies operating both in the United States and the European Union (EU) is important because it allows for various functions, such as human resources, to be seamlessly performed across borders. Rules governing how personal data are managed differ between the United States and the EU, and finding ways to harmonize them is the objective of the annual Conference on the International Transfer of Personal Data (ITPD).
The most recent of these conferences was held on October 23 and 24, 2006, in Brussels, Belgium. The U.S. delegation was led by Michelle O’Neill, deputy under secretary for international trade. C. Boyden Gray, the ambassador to the U.S. mission to the European Union, also participated, giving opening remarks on the first day of the conference.
The results of those meetings, which have been sponsored by the U.S. Department of Commerce and the European Commission for the past six years, have been impressive. The number of companies participating in the “Safe Harbor” international data-processing regime has increased from 2 to 1,000 since self-certification was first allowed, with more than 200 joining since October 2005.
The most recent meeting of the ITPD came at a time of increasing concern in the EU about the integrity of personal data, because U.S. demands for access to this information for security and law enforcement reasons have increased. “We must continually strive to keep our initiatives fresh, relevant, and oriented to the needs of the people, businesses, and governments who benefit from our efforts,” O’Neill said.
At the close of the conference, O’Neill invited participants to reconvene in 2007 in Washington, D.C., and to increase the frequency of the meetings from once a year to twice a year. “As data protection has become an increasingly important subject, the opportunities for all stakeholders to regularly exchange views at meetings like this [are] very valuable.”
More information on the conference can be found on the European Commission’s Web site.
What Is the “Safe Harbor:” Framework?
The United States and the EU share the goal of enhancing privacy protection for their citizens, but each takes a different approach to privacy. The United States uses a sectoral approach that relies on a mix of legislation, regulation, and self regulation. The EU relies on comprehensive legislation, most notably the Directive on Data Protection that went into effect in October 1998. In an effort to bridge these different privacy approaches and provide a streamlined means for U.S. organizations to comply with the EU directive, the U.S. Department of Commerce in consultation with the European Commission developed a "Safe Harbor" framework that was approved by the EU in July 2000. Being certified under its provisions is an important way for U.S. companies to avoid experiencing interruptions in their business dealings with the EU or facing prosecution by European authorities under European privacy laws. For more information on the Safe Harbor framework, vist the Safe Harbor Web site.