- A month after the 15 member nations of the European Union approved a proposed set of data-privacy rules for US companies that do business in those countries, the European Parliament this week voted to send the so-called safe harbour agreement back to the negotiating table.
By a 279-259 vote with 22 abstentions, the parliament adopted a resolution criticizing the proposed privacy protections and calling for further changes in the safe harbour agreement, which has been in the works for nearly two years. According to a report posted on the parliament's Web site, the resolution directs the European Commission to add things such as a mechanism for consumers to file privacy-related complaints to an independent body and a requirement that companies compensate people for any damage resulting from violations of the privacy rules.
The safe harbour agreement is supposed to clear the way for US-based companies that promise to adhere to its provisions to continue engaging in e-commerce transactions with European customers and to download employee information from corporate databases maintained in Europe.
But the U.S. Department of Commerce, which negotiated the agreement with European officials following the passage of stringent privacy regulations by the countries in that region, said it isn't certain what impact yesterday's vote will have on the safe harbour process.
"We still think the (agreement) is the most effective vehicle for bridging our different approaches to privacy," a Commerce Department spokesman said. But it's "unclear what the (European Commission) will do now," he added. "They too are studying the provisions."
David Aaron, an attorney at the Washington law firm Dorsey & Whitney LLP who helped negotiate the safe harbour deal while serving as undersecretary of commerce, said U.S. officials are unlikely to agree to at least two of the European Parliament's requested changes.
For example, the resolution approved by the parliament calls on the European Commission to draw up contracts that European citizens could invoke in U.S. courts as part of lawsuits for alleged privacy violations. Letting foreign consumers file suits here "would require a complete change in U.S. jurisprudence, and we're not going to go for that," Aaron said. "It is completely unreasonable."
Some European Parliament members also want to see the safe harbour system up and running before they approve it, Aaron added. But that would require U.S. companies to "make millions of dollars in investments" to implement the privacy provisions without knowing whether they would actually be able to use them, he said.
The Computer & Communications Industry Association (CCIA), a Washington-based trade association, also criticized the parliament's action.
The vote "can do very little to promote Internet usage, investment and the development of e-commerce initiatives in Europe," said CCIA President Ed Black in a statement released yesterday. "(It) only adds to the confusion of U.S.-based and other international companies as they try to work through various European interests."
According to the parliament's report on the vote, the resolution was approved over the strenuous objections of European Commission member Frits Bolkestein, who was said to have "categorically excluded (the idea of) going back to the negotiating table with the U.S." during a debate on the issue that took place Monday.
Bolkestein denied that the European Commission had exceeded its powers in declaring the safe-harbour provisions adequate, as the parliament's resolution claims. And he said that the negative vote on the agreement would put the commission "in a very difficult position" given the lengthy negotiations with U.S. officials.
Aaron said he is of a similar view. "Unless the (European Commission) can come up with some way around this, I don't think the ball is in our court," he said. "If the Europeans think that they can put on an information embargo that will bring us to our knees, that's not the case. They have as much to lose as we do."
Mitch Betts contributed to this article.