The European Union has rejected an appeal by the Bush
administration to dilute proposals under the Data Protection
Directive that the US Treasury and Commerce Departments say would
make it difficult for US financial institutions to conduct business
in Europe.
The Data Protection Directive forbids the transfer of personal
data to countries without equivalent privacy protection, including
the US. A Safe Harbor scheme was introduced last year to provide a
loophole for US firms. It sets out a number of principles with
which US businesses must comply if they want to receive personal
data on European citizens from businesses operating in the EU.
Voluntary compliance, monitored by the US Federal Trade Commission,
allows, for example, the exchange of customer details from their
European offices or subsidiaries.
However, financial services firms are excluded from the Safe
Harbor provisions because they compromise the strength of EU data
protection rules. Instead, financial services firms will be
expected to comply with the stricter terms in the proposed
“standard clause” rules – to which the US Treasury and Commerce
Departments objected. In practical terms, US banks with a European
presence must get consent any European customer before they can
transfer that customer’s details to the US.
According to ZDNet UK, John Mogg, the director general of the
European Commission’s internal market directorate, has told the US
that the model contract plan will go ahead.
