The European Union (EU) has agreed to allow American businesses to self-regulate the safeguarding of personal information collected about European consumers over the Internet.
U.S. companies that comply with the voluntary data privacy pact, called “safe harbor,” will be granted immunity from legal action by the European governments who adopt the agreement.
The pact must clear two hurdles, however, before it goes into effect: approval by both the European Parliament and the European Commission, the EU’s executive arm. Both approvals could come as early as this summer.
Critics: Plan Does Not Measure Up
Critics, however, complain that the new protections, mandated by the safe harbor agreement, would actually weaken existing European laws covering privacy on the Internet.
“It’s the fox guarding the hens,” Electronic Privacy Information Center analyst Sarah Andrews told the Associated Press. “We think that there won’t be proper enforcement of it.”
Others say the agreement goes too far, arguing that the restrictions could become a barrier to expanding e-commerce opportunities in Europe. Forrester Research predicts that e-commerce in Europe could rise from its current level of $87 billion (US$) to $1.5 trillion by 2004.
“What we need is a reasonable balance between a consumer’s right to the privacy and security of data and the legitimate interests of businesses to use that data in order to meet our customers’ goals,” said John Schall of the National Business Coalition on E-Commerce and Privacy.
Self-Regulation May Be Insufficient
Currently, the EU prohibits the transfer of data to those countries that do not meet the EU’s stringent standards for protecting personal information. Eight of the 15 EU members have put the regulation into effect.
Although the United States does not meet the EU’s data privacy standards, the EU has allowed U.S. businesses to export data while they negotiated terms for online privacy protections. After two years of meetings, the EU and U.S. negotiators agreed on the safe harbor proposal.
The Clinton administration, which has long favored self-regulation with regard to Internet privacy, is praising the safe harbor accord as a breakthrough.
There are signs, however, that the U.S. policy of self-regulation may be challenged in the courts and by Internet privacy groups.
In February, online advertising company DoubleClick abandoned its plan to match Internet users’ names with their anonymous “cookies,” text files that enable a Web site to retain user preferences and store personal information, only after bowing to pressure from the U.S. Federal Trade Commission (FTC) and consumer groups.
Last month, the FTC urged Congress to pass stricter laws to protect Internet users’ privacy. “Self-regulation alone has not adequately protected consumer online privacy,” according to an FTC report.
Many Americans Unaware
Despite efforts by the FTC and consumer groups to inform Americans about Internet privacy issues, most Americans are unaware of how companies are using Internet technologies to track their behavior.
A recent report by CyberDialogue found that 69 percent of Internet users have unknowingly signed up for e-mail distribution lists and that 40 percent do not understand what is contained in a “cookie.”
Americans may be uncertain about how the technology is being used to track their online usage, surveys consistently show that a majority of American Internet users favor some type of government regulation regarding their privacy rights.