The European Parliament has rejected the current system of US data privacy protection, contending that it does not represent the adequate level of protection required by European legislation, because the system of "safe harbour" principles is not yet in place in the US.
The vote, however, might have little impact on the transatlantic agreement reached earlier this year between the European Commission and the US government, recognising the US system based on safe harbor principles as representing adequate protection, an EU official who asked not to be identified told IDG.
Although the European Parliament represents voters in the 15 member states of the EU, in May those 15 governments agreed with the Commission that the US system presented adequate standards of privacy as defined by a 1995 EU directive.
That directive stipulated that personal data from databases maintained in the EU could only be transmitted to countries outside the EU provided they respected similar standards of data privacy.
However, the European Parliament has decided otherwise.
"The Parliament takes the view that the adequacy of the (US) system cannot be confirmed and, consequently, the free movement of data cannot be authorised until all the components of the safe harbour system are operational and the United States authorities have informed the Commission that these conditions have been fulfilled," according to the opinion drafted by Elena Ornella Paciott, an Italian member of the Parliament's Socialist Group.
The Parliament's plenary session endorsed this position 279-259, with 22 abstentions.
Although the Parliament's opinion is not legally binding, it would nevertheless be politically delicate for the Commission to publicly ignore the warning. Indeed, the Commission is downplaying the situation until it has examined how best to respond to the Parliament's vote.
"The Commission is disappointed that the European Parliament did not give us a clear endorsement. We will now carefully study the resolution and reflect on the next step," said Jonathan Todd, the spokesman for Frits Bolkestein, European Internal Market Commissioner, in an interview.
But other sources question the importance of the European Parliament vote.
"The European Parliament's opinion is not binding, and if the Commission complies with the negative opinion, it sets a dangerous precedent for the powers of the Commission in the future," said an EU official who asked not to be identified.
As a result, perhaps as soon as later this month, but more probably in September, Commissioner Bolkestein will propose that the full Commission formally recognise the US safe harbour principles as representing adequate data privacy standards, the official said.
Earlier this year, the Commission reached an agreement with the US that a system based on safe harbour principles did represent adequate levels of data privacy, after the US administration agreed to reinforce consumer access rights and set up dispute settlement procedures for consumers.
The safe harbour principles require that a company seek explicit agreement of a data subject before transferring personal data to another company.
It also gives the data subject reasonable access to personal data to review and possibly correct it. The principles also require organisations using personal information to "take reasonable precautions to protect it from loss, misuse and unauthorized access, disclosure, alteration and destruction," according to EU documents.