US firms see relaxation of EU privacy laws ahead

The Global Privacy Alliance hopes the EC has taken on board its concerns about data protection laws in the EU. They make it difficult for US firms to do business in Europe, the group says

A group of US companies believes that it is making good progress in its attempt to change data protection legislation in Europe. It could be some time before any such amendments come into effect, though.

After taking part in a conference that debated the EU Data Protection Directive, the Global Privacy Alliance is hopeful that changes will be made to the way that European countries protect the privacy of their citizens.

This consultation took place on 30 September and 1 October and was attended by academics, business people and representatives from European governments and data protection authorities.

The Global Privacy Alliance claims that it is currently very difficult for companies to conduct business effectively while complying with data protection legislation -- partly because individual member states have implemented the directive in different ways. This, the Alliance has warned, makes it much more costly for companies who have customers and operations across the EU to comply with privacy laws.

Barbara Wellbery, Washington partner at legal firm Morrison & Foerster, told ZDNet UK that the Global Privacy Alliance is optimistic that changes will be made, especially after EU commissioner Fritz Bolkerstein admitted that Europe's business sector could be losing out because of the way the directive has been implemented.

"The conference was very productive and promising, and there was a very high degree of consensus that changes need to be made," said Wellbery, who represented the Global Privacy Alliance at the conference.

As ZDNet UK reported last month, the Global Privacy Alliance consists of 12 US companies including IBM, Oracle and VeriSign. These firms claim that the EU Directive on Data Protection restrict the free flow of information between the EU and other countries, as well as between member states.

The Global Privacy Alliance has identified several changes that it believes should be made to Europe's data protection laws.

These include the simplification of the cross-border flow of data, possibly through industry self-regulation rather than legislation; the harmonisation of EU privacy regulation between member states; and the relaxation of restrictions on data sharing between affiliate companies.

Commissioner Bolkerstein gave the closing speech at the conference, in which he said that the European Commission had been persuaded that some changes must be made.

In particular, Bolkerstein acknowledged that the Global Privacy Alliance might have a good point when it complains that the data protection directive has been implemented in different ways by different member states.

"A lot of what we have listened to and learned about in this Conference tells us that divergences in data protection legislation and the way it is applied in the Member States are in fact creating problems for the free movement of data. These difficulties damage the competitiveness of our enterprises, because they are prevented from operating effectively on a European scale," warned Bolkerstein

"This is a matter of serious concern for the Commission as it should also be to the Member States. It makes no sense to invest huge efforts in developing and delivering an ambitious programme to create a single market for financial products and services in the EU, just to discover that the idea of European products or services trips up on obstacles that prevent companies from running personal databases on a European basis," he added.

Bolkerstein warned, though, that it is unlikely that the directive itself will be changed, not least because such a process could take many years. Instead, he indicated that the EC wants member states to ensure that they apply the directive in the same way, by changing any discrepancies in national laws.

Wellbery warns, though, that some member states are more committed to change than others.

"Four member states agreed at the conference that the directive went too far and should be changed. But there is a concern that Italy, Spain, and maybe France will oppose simplification. It's a question of whether the commission will be successful or whether some member states will fight them back," Wellbery said.

Who's watching you? Get the latest on spy networks such as Echelon and Carnivore, as well as privacy issues for companies and individuals alike, at ZDNet UK's Privacy News Section.

Have your say instantly, and see what others have said. Go to the ZDNet news forum.

Let the editors know what you think in the Mailroom.