Home > Government/Industries > Gov't Legislation/Regulation

Computerworld - In Congress last week, Rep. Clifford Stearns (R-Fla.), the chairman of the subcommittee on Commerce, Trade and Consumer Protection, warned that the European Union Privacy Directive will have a "potentially regressive impact on international commerce" and urged the Bush administration to make an "expedited" review of the impact of Europe's privacy rules.

Concern is growing in Congress that tough European data protection laws are on the verge of becoming the world's de facto privacy standard, with potentially costly implications for U.S. businesses.

Not Safe The offer: The U.S. and the European Union agreed to a safe harbor that would exempt companies from Europe’s privacy rules provided they follow voluntary rules. But only two dozen companies have signed up so far. The threat: In July, EU countries may begin enforcing data protection rules and threaten the export of data from Europe.

The EU Privacy Directive, which requires companies to follow a strict set of privacy rules, is becoming a worldwide regulatory model. Since it was adopted in 1995, other countries that have adopted or are working on similar rules include Argentina, Australia, Canada, Switzerland and New Zealand.

But there is a business cost to complying with these rules, said Jeff Maynard, founder and chairman of Netstore PLC, a U.K.-based application service provider that must follow the EU directive. He estimated that it will cost more than $100,000 to develop a process that lets people access their data, which is a directive requirement.

And despite Europe's efforts to harmonize privacy laws through the directive, Maynard, who also heads the European branch of the ASP Industry Consortium, said a study that his group released last week found wide divergence among international regulations. If that isn't corrected, "it will cost us money. It will slow things down," he said.

Privacy Defense

But at last week's subcommittee hearing, many defended the EU regulations.

"Data protection must be considered a fundamental human right," said Stefano Rodota, chairman of the EU committee that developed the data protection standard.

Rep. Edward J. Markey (D-Mass.) said that in surveys, Americans overwhelmingly favor strong privacy rules similar to Europe's.

"I think the reason is that most of our grandparents came from your countries," he said. Markey accused the Republicans and "a large corporate sector" of blocking privacy measures.

Rep. Steve Buyer (R-Ind.), however, said U.S. traditions call for less government intrusion and added that the EU's privacy rules illustrate the "good judgment by my ancestors to leave the continent."

Jonathan Winer, an attorney at Altson and Bird LLP in Washington, said the directive "threatens national sovereignty" with the possibility of shutting down data flows between nations. "The European Union is insisting that [the privacy directive] be treated as the de facto global standard," said Winer.

But the issue for the U.S. is whether it can buck international trends on privacy.

"For U.S. citizens, I think the directive highlights that American citizens are becoming second class in the privacy world at the global level," said Joel Reidenberg, a law professor at Fordham University in New York.

Read more about Gov't Legislation/Regulation in Computerworld's Gov't Legislation/Regulation Topic Center.