31 May 2000

Fact Sheet: U.S.-EU Data Privacy Accord

The United States and the European Union "have taken steps" toward a "Safe Harbor" data privacy agreement, which would help U.S. organizations comply with the 1998 European privacy law forbidding transfer of personal data to countries that do not meet the EU standard for adequate privacy protection.

Following is the text of a White House fact sheet on the accord issued in Lisbon May 31 in conjunction with President Clinton's visit to Portugal and the U.S.-EU summit:

(begin text)

THE WHITE HOUSE
Office of the Press Secretary
(Lisbon, Portugal)

May 31, 2000

FACT SHEET: DATA PRIVACY ACCORD WITH EU (SAFE HARBOR)

The U.S. and the EU have taken steps to conclude a "safe harbor" Data Privacy Accord that will protect consumers' privacy, maintain data flows and create the right environment for e-commerce. The accord will help U.S. organizations comply with the European privacy law and prevent the potential disruption of approximately $120 billion in U.S.-EU trade.

In October 1998, the EU enacted a sweeping privacy law that prohibits the transfer of personal data to the United States and other non-EU countries that do not meet the EU standard for adequate privacy protection. The Data Privacy Accord provides businesses predictability and certainty, which are essential for investment and growth. Without the assurance that companies would be able to conduct their business free of the threat of data cutoffs, many businesses would find it difficult, if not prohibitively expensive, to conduct business in Europe. European companies would be similarly affected. This would have a devastating effect on our respective economies.

Data transfers are the lifeblood of many organizations and the underpinnings for all of electronic commerce. Multinational organizations routinely share among their different offices a vast array of personal information. This information can be as simple as personnel telephone directories to more sensitive information such as personnel records, insurance information needed to process medical claims, credit card billing information, or patient information essential for conducting pharmaceutical research on new drugs.

Safe harbor is a mechanism which, through an exchange of documents, enables the EU to certify that participating U.S. companies meet the EU requirement for adequate privacy protection. Participation in the safe harbor is voluntary. Organizations will need to agree to adhere to the privacy requirements laid out in the safe harbor documents for all data received from the EU. The safe harbor is, figuratively, a place where US companies can find shelter from potentially damaging crosswinds caused by different privacy regimes in the U.S. and EU.

Without the safe harbor, corporations would find it difficult to run multinational operations. Basic information about their employees would not be transferable to the U.S. Accountants would not be able to perform consolidated audits for multinational firms with offices in Europe and the U.S. Pharmaceutical companies would be unable to collect information they need to conduct long term research and they would be unable to share such information with companies located outside the EU.

The data privacy issue is likely the first of many trade issues involving electronic commerce and the agreement reached today could provide a model for how the US and the EU can move forward as they grapple with conflicting national laws and regulations.

(end text)

This site is produced and maintained by the U.S. Department of State. Links to other Internet sites should not be construed as an endorsement of the views contained therein.