European Commission and US officials are at loggerheads over internet privacy for people banking and buying financial products online.
In a letter received by the European Commission on Monday, officials from the US Departments of Commerce and the Treasury criticised the EC proposal, which demands financial services firms sign contractual agreements guaranteeing privacy protection for personal data exported from Europe, as unworkable.
Instead, the Bush administration said it wants the commission to recognise existing US privacy laws as also being good enough for European residents.
So far, the two sides appear to be at an impasse on the issue. The Bush administration's letter said the contracts would "impose unduly burdensome requirements that are incompatible with real-world operations".
But an EC official dismissed the US position. "They expressed their concerns but, in our view, these are unfounded," said the Brussels-based official, who requested anonymity.
As proposed by European officials, the privacy contracts "are not something to be negotiated," said David Aaron, a former US Commerce Department official. "They are kind of 'take it or leave it'." Aaron helped negotiate the so-called 'safe harbour' privacy agreement that was approved last year to give some US companies self-regulatory coverage under Europe's stringent privacy laws.
US companies that sign up for the safe harbour provisions agree to follow a set of data privacy rules for European customers and employees that are more restrictive than those offered to US residents. But the safe harbour agreement doesn't cover companies in the financial services industry.
Companies, or entire countries, that don't meet the adequacy test for privacy protections risk having their data flows from Europe cut off. For example, European data protection authorities have threatened to take action against US companies that don't agree to abide by the privacy rules, perhaps beginning this summer, after a scheduled review of compliance with the safe harbour agreement.