Untitled Document

Europe Proposes Standard Contracts to Protect Privacy

April 8, 2001

Remember the good old days when all you needed for international harmony was "a Coke and a smile". That certainly is not the case today - especially if Coca-Cola wants to collect personal data about its European customers.

About a year ago the United States and the European Union finally agreed on the terms of Safe Harbor, a self-regulating system that allows for the transfer of data between the countries. The major issue throughout the Safe Harbor issue was the protection of the European's privacy where the argument was that the United States was an advocate of the business and the EU was an advocate of the consumer's privacy. However even with those differences, the EU and US were able to arrive at a middle ground by implementing the terms of Safe Harbor. Five months into the program, only thirty companies had signed up for the Safe Harbor system.

Apparently the EU is still unhappy with the lack of privacy protections to the Europeans and is asking that more protections be implemented. The EU has proposed that contracts, with standard clauses relating to the transfer of data from EU companies to US companies, be used in these data transfers. Additionally the standard clauses of the contracts include terms that extend beyond just privacy issues and require that EU law apply. Some in the US feel that neither these clauses nor the use of EU law is practical in the real world and infringes on US sovereignty. It is somewhat unclear whether a company complying with the Safe Harbor provisions will also have to use the standard contract language.

The EU is still reviewing the contracts and standard clauses but they do express that US companies are to inform Europeans how their personal information is being used and give them access to the personal information collected.

So now the big question . . . who does this affect?

The primary companies affected include those companies that have European Customers.

Although many US lawmakers are opposed to the proposals by the EU, the end result may be that US companies have to either sign up with Safe Harbor (which is self regulating and less restrictive) or enter into these contracts if they want to collect data from European consumers.