THE WHITE HOUSE
Office of the Press Secretary (Lisbon, Portugal) ________________________________________________________________________ For Immediate Release May 31, 2000 FACT SHEET Data Privacy Accord with EU (Safe Harbor)
The U.S. and the EU have taken steps to conclude to a "safe harbor" Data Privacy Accord that will protect consumers' privacy, maintain data flows and create the right environment for e-commerce. The accord will help U.S. organizations comply with the European privacy law and prevent the potential disruption of approximately $120 billion in U.S.-EU trade.
In October 1998, the EU enacted a sweeping privacy law that prohibits the transfer of personal data to the United States and other non-EU countries that do not meet the EU standard for adequate privacy protection. The Data Privacy Accord provides businesses predictability and certainty, which are essential for investment and growth. Without the assurance that companies would be able to conduct their business free of the threat of data cutoffs, many businesses would find it difficult, if not prohibitively expensive, to conduct business in Europe. European companies would be similarly affected. This would have a devastating effect on our respective economies.
Data transfers are the lifeblood of many organizations and the underpinnings for all of electronic commerce. Multinational organizations routinely share among their different offices a vast array of personal information. This information can be as simple as personnel telephone directories to more sensitive information such as personnel records, insurance information needed to process medical claims, credit card billing information, or patient information essential for conducting pharmaceutical research on new drugs.
Safe harbor is a mechanism which, through an exchange of documents, enables the EU to certify that participating U.S. companies meet the EU requirement for adequate privacy protection. Participation in the safe harbor is voluntary. Organizations will need to agree to adhere to the privacy requirements laid out in the safe harbor documents for all data received from the EU. The safe harbor is, figuratively, a place where US companies can find shelter from potentially damaging crosswinds caused by different privacy regimes in the U.S. and EU.
Without the safe harbor, corporations would find it difficult to run multinational operations. Basic information about their employees would not be transferable to the U.S. Accountants would not be able to perform consolidated audits for multinational firms with offices in Europe and the U.S. Pharmaceutical companies would be unable to collect information they need to conduct long term research and they would be unable to share such information with companies located outside the EU.
The data privacy issue is likely the first of many trade issues involving electronic commerce and the agreement reached today could provide a model for how the US and the EU can move forward as they grapple with conflicting national laws and regulations.