THE WHITE HOUSE|
Office of the Press Secretary
For Immediate Release
May 31, 2000
Data Privacy Accord with EU (Safe Harbor)
The U.S. and the EU have taken steps to conclude to a "safe harbor" Data
Privacy Accord that will protect consumers' privacy, maintain data flows
and create the right environment for e-commerce. The accord will help
U.S. organizations comply with the European privacy law and prevent the
potential disruption of approximately $120 billion in U.S.-EU trade.
In October 1998, the EU enacted a sweeping privacy law that prohibits
the transfer of personal data to the United States and other non-EU
countries that do not meet the EU standard for adequate privacy
protection. The Data Privacy Accord provides businesses predictability
and certainty, which are essential for investment and growth. Without
the assurance that companies would be able to conduct their business
free of the threat of data cutoffs, many businesses would find it
difficult, if not prohibitively expensive, to conduct business in
Europe. European companies would be similarly affected. This would
have a devastating effect on our respective economies.
Data transfers are the lifeblood of many organizations and the
underpinnings for all of electronic commerce. Multinational
organizations routinely share among their different offices a vast array
of personal information. This information can be as simple as personnel
telephone directories to more sensitive information such as personnel
records, insurance information needed to process medical claims,
credit card billing information, or patient information essential for
conducting pharmaceutical research on new drugs.
Safe harbor is a mechanism which, through an exchange of documents,
enables the EU to certify that participating U.S. companies meet the EU
requirement for adequate privacy protection. Participation in the safe
harbor is voluntary. Organizations will need to agree to adhere to the
privacy requirements laid out in the safe harbor documents for all data
received from the EU. The safe harbor is, figuratively, a place where
US companies can find shelter from potentially damaging crosswinds
caused by different privacy regimes in the U.S. and EU.
Without the safe harbor, corporations would find it difficult to run
multinational operations. Basic information about their employees would
not be transferable to the U.S. Accountants would not be able to
perform consolidated audits for multinational firms with offices in
Europe and the U.S. Pharmaceutical companies would be unable to collect
information they need to conduct long term research and they would be
unable to share such information with companies located outside the EU.
The data privacy issue is likely the first of many trade issues
involving electronic commerce and the agreement reached today could
provide a model for how the US and the EU can move forward as they
grapple with conflicting national laws and regulations.