U.S. and EU Narrowing Differences on Privacy Policies

    Apr 08, 2014

    A joint statement issued following the U.S.-EU summit in Brussels on March 26 pledged to reduce tensions over revelations about the National Security Agency’s surveillance programs. Among the 33 provisions of the joint statement, President Barack Obama, European Commission President Jose Manuel Barroso, and European Counsel President Herman Van Rompay agreed to resolve differences regarding the treatment of personal data transferred across the Atlantic as part of the U.S.-EU Safe Harbor Program.

    “The transatlantic digital economy is integral to our economic growth, trade and innovation,” the joint statement said.  “Cross border data flows are critical to our economic vitality, and to our law enforcement and counterterrorism efforts. We affirm the need to promote data protection, privacy and free speech in the digital era while ensuring the security of our citizens. This is essential for trust in the online environment.”

    The statement is seen as a hopeful sign for U.S. companies operating in Europe, who face possible restrictions on their ability to transfer customer data. In February, a key European Parliament committee adopted a resolution calling for the suspension of the U.S.-European Union Safe Harbor Program, which allows U.S. companies to self-certify that they meet the seven privacy protection principles outlined in the EU’s 1998 Data Protection Directive.

    In another hopeful sign, the European Parliament on March 13 voted overwhelmingly to approve a revised version of the EU cybersecurity directive, which is seen as narrowing the differences with the United States and avoiding difficult challenges similar to the current disagreement over privacy policy. The directive would, among other things, require companies operating critical infrastructure to maintain a specified minimum level of cybersecurity preparedness and report to national authorities about cyber attacks with a “significant impact” on the security of their networks. The Parliament’s action is a step in the direction of the voluntary approach to cybersecurity standards favored by the Obama administration and may improve the prospects for cybersecurity cooperation between the United States and the EU going forward.

    The European Parliament must reach agreement with the EU Council on the content of the directive before the proposal becomes effective. European Commission officials, who proposed the draft directive, said they want to reach agreement on the directive by the end of the year.

    The Washington Policy Brief is an online advisory that contains brief summaries of recent legislative and regulatory issues that may affect the records and information management profession. Further information about the issue is accessed by clicking on the link provided at the end of each summary.


    Want to sign up to receive an e-mail version of the Washington Policy Brief? It's free! Just tell us a little about yourself and you'll receive a monthly dose of the latest in legislation, regulation, and more.



    © 2017, ARMA International