Skip to main content

Consumer Groups Seek 'Fair and Balanced' EU Privacy Reg Debate

An international alliance of consumer groups are concerned about the tenor of a Sept. 15 hearing on the "Internet Privacy: The Impact and Burden of EU Regulation" in the Republican-led House Commerce Subcommittee, particularly that "burden" part, with no countervailing "benefit" to balance it, at least in the title of the hearing.

According to a briefing memo, the hearing will look into EU privacy and data-collection regulations and their impact on the Internet economy, which it suggests include "inconsistent" application across different regulatory regimes and created problems for U.S. multinationals, including targeted enforcement.

The groups, which include Consumers Union and the Consumer Federation of America, are part of the Transatlantic Consumer Dialogue (TACD), a joint forum that develops consumer policy recommendations to the U.S. and European Union. "We appreciate the interest of the United States Congress in the very important issue of Internet privacy," the groups wrote in a letter to Rep. Mary Bono Mack (R-Calif.), chair of the Subcommittee, and ranking member G. K. Butterfield (D-N.C.). "TACD is therefore somewhat surprised by what appears to be an effort to call into question the purpose and ‘burden' of the EU Data Directive.

"Given the widespread agreement across consumer organizations in both Europe and the United States, that the United States lacks adequate privacy safeguards and that the U.S. privacy laws lag woefully behind current technology and business practices, we expected a hearing that would focus on the lessons that the Congress might draw from the EU experience with data protection," they wrote.

The EU adopted a Data Privacy Directive in 1995 to "harmonize" privacy protection within EU and prevent personal information from flowing to other countries that EU believed lacked adequate protections, the memo says.  The directive applies to affiliates of U.S. corporations and requires them to adhere to seven basic principles: Notice, purpose (data should be relevant to its use), consent, security, disclosure, access (ability to correct inaccuracies in data) and accountability.

The fact that each state is responsible for incorporating them into its own privacy laws has created those problems for U.S. affiliates, says the memo, even though the U.S. negotiated a safe harbor in 2000 that allows them to voluntarily adhere to data protection principles.

Even with that harbor, say the Republican majority staffers, "Compliance within the EU remains fractured, with several member states not fully complying with the Directive. Additionally, industry observers argue EU enforcement is sporadic and inconsistent, with a seemingly disproportionate number of American companies targeted for compliance violations. These challenges facing U.S. businesses in the European theater and the lessons learned from the EU experience will be closely examined at the hearing."

TACD said that, since the hearing does not appear to provide a "fair and balanced" perspective on the upsides of the data directive -- technology neutral, transparency, basic obligations rather than "burdens," fundamental human rights protections -- they asked that their letter be made part of the record of the hearing.