In a March 23 letter to a top commission official, the Commerce and Treasury Departments said the proposed rules "impose unduly burdensome requirements that are incompatible with real-world operations."
At issue are proposed "standard clauses" for contracts between U.S. and European firms regarding exchanges of customer data. The clauses would obligate U.S. firms to operate under European Union privacy standards, which are much stricter than U.S. law. EU standards require, for example, that consumers have access to information collected about them and notice on how it is used.
The clauses, which are slated to go to the European Parliament for consideration, could become mandatory for U.S. firms. While some American companies have a measure of protection under negotiated "safe harbor" provisions, financial-services firms do not.
"In short, we share the concern of a number of multinational firms that the adoption of the proposed standard clauses will introduce uncertainty about the use of contracts," said the letter from the undersecretary for domestic finance, Donald Hammond, and acting undersecretary for international trade, Bernard Carreau. The letter, sent Friday to John Mogg, the European Commission's top financial policymaker, asked that implementation of the rules, likely this summer, be delayed.
While the companies most immediately affected by the new rules will be banks, brokerage houses, insurance companies and large multinationals with lending and investing operations, the letter also expresses concern that the rules "will create a de facto standard" applied to all other firms with e-commerce operations.
The letter doesn't spell out what U.S. officials find objectionable, but people familiar with the matter said U.S. companies have complained that they will be made liable in court for actions by their European partners and be bound by any legal settlements that European companies enter into. Some lawyers believe the rules could subject U.S. firms to lawsuits by anyone in the world whose data have passed through Europe. The rules also appear to place U.S. firms under the jurisdiction of EU privacy regulators.
David Aaron, the former undersecretary of commerce for international trade in the Clinton administration who last year negotiated a U.S.-EU data-privacy pact, said European officials went beyond what was agreed to in that deal. "Some of the things they added are obviously very troublesome," he said, backing the Bush administration's objections. Aaron is a senior international adviser with Dorsey & Whitney LLP in Washington.
A spokeswoman for the European Commission in Washington had no immediate comment on the request.
Safe-harbor provisions negotiated last year allow some U.S. firms to avoid the full force of the EU privacy standards. Under the agreement, businesses can self-certify that they are in compliance with the EU directive; any regulation, however, would be at the hand of the U.S. Federal Trade Commission. So far, only some two dozen firms have signed up for this so-called safe-harbor deal.
The fact that financial-services firms aren't covered by the safe-harbor option has prompted many of them to complain to the Treasury about the standard clauses. "It is very interesting and important the Treasury signed the letter," Mr. Aaron added, as a sign of U.S. concern in the financial-services industry. "That's kind of a squeeze play they're objecting to, and I would too."
The letter raises the specter of further possible trade fallout. "We are concerned future negotiations for the financial-services sector may be adversely affected by the Commission's proposal to adopt standard causes for contracts from firms in the EU to firms in other countries," it states.