Letter from the National Business Coalition on E-commerce and Privacy to the US Commerce Department
g2news.com
1. Interface With U.S. Law
The EU privacy principles that would be effectively imposed on American business by this agreement far exceed any privacy requirements that have ever before been imposed in the United States, thus raising a very real question of national sovereignty. The Coalition questions the appropriateness of this importation of EU privacy standards into the United States -- especially at a time when the U.S. Congress and state legislatures are addressing what kind of privacy policy should apply in this country. To date, the EU has been unwilling to accept the privacy provisions of either the Financial Services Modernization Act (the "Gramm-Leach-Bliley Act") or the Federal Fair Credit Reporting Act as "adequate" for purposes of the safe harbor. The EU's failure to accept these U.S. laws as "adequate" implies that U.S. financial services organizations and other businesses, broadly defined, must accept EU standards in toto or face the serious consequences of possible denial of data flows, even if these organizations are in complete compliance with U.S. law. We believe that U.S. organizations ought not to be put in the position of having to comply with potentially conflicting privacy regimes whenever personal data crosses a border. The free flow of data across national borders is the keystone of the information age and one of the engines driving the global economy. To establish a system that could require conflicting regimes for U.S. business organizations would risk undermining rather than supporting U.S. competitiveness. This concern is particularly germane since, given the breadth of the definition of "financial institution" in the Gramm-Leach-Bliley Act, a broad swath of U.S. industry -- not just companies traditionally characterized as "financial institutions" -- could, and quite likely would, be adversely affected. For the U.S. to accept an agreement with the EU that does not recognize the adequacy of the Gramm-Leach Bliley Act or the Federal Fair Credit Reporting Act, even with the understanding that those statutes will be the subject of further talks, reduces most leverage that the U.S. might have to obtain eventual coverage for financial services under safe harbor. We therefore believe that ideally the U.S. should not finalize the safe harbor agreement without the EU agreeing to the adequacy of the Gramm-Leach-Bliley Act and the Federal Fair Credit Reporting Act for purposes of the safe harbor; however, at a minimum, the U.S. should continue to negotiate this critical issue with the EU.
2. Competitiveness Issues
The safe harbor agreement in effect establishes a non-tariff trade barrier in that a U.S. person cannot do business with the EU unless that U.S. person agrees to play by EU rules. This trade barrier will disadvantage U.S. companies in relation to their competitors in other areas which do not have to abide by the principles of the EU Directive. Apart from the United States, the EU has yet to negotiate equivalent safe harbor agreements with any other nation or to impose the EU Directive on organizations from any other country outside the EU. We believe the U.S. should receive a commitment from the EU that the standstill on enforcement will be maintained in a manner that ensures that U.S. organizations are treated in law and in practice according to the same rules and standards that are actually applied by the EU to organizations based in other non-EU countries. The U.S. routinely makes national treatment and nondiscrimination a precondition to entering into international trade agreements and should receive an explicit assurance within the safe harbor framework that the EU has so agreed here. U.S. organizations should not be placed in the position of having to comply with EU rules that are not simultaneously and effectively applied to organizations in other countries that may process the data of EU citizens, including such major data processing centers as Canada, India and Japan, among others. We therefore recommend that the Department of Commerce consult with the Office of the U.S. Trade Representative, if it is not already doing so, in order to assess the full extent of the impact of the safe harbor agreement on U.S. competitiveness during this period when other countries are free to operate without complying with the EU privacy requirements. |
