EU-US talks close to collapse – Web privacy war ensues?
Indubitably, lots of US companies are already breaking EU law - so when's the bust?
Privacy talks between the US and Europe are close to collapse, according to US sources, and Web database hell could ensue. An EU directive last autumn banned export of personal data covering EU citizens to countries whose standards aren't deemed sufficient by Europe, and this includes the US. Nobody's been busted so far, as the two sides have been in a deep huddle and trying to avoid lighting the touch-paper, but lots of you people (The Register included, unfortunately, but that's another story) out there are currently breaching EU law by holding personal records on EU citizens. If a deal can't be reached, the likelihood of banana- or hormone beef-style escalation will increase. Plenty US, and some non-EU, companies already hold data on EU citizens, and the number of 'offences' will increase vastly as more and more business is conducted on the Web. Any registration of a product with a US company (hello Microsoft), for example, would probably be an offence unless the bare minimum of data was collected. Comments about business partners (checked the fields in the groupware you're using recently?) could also be offences. And if a deal isn't done soon, someone, somewhere, is going to press the button. The noises coming out of the US may however involve a certain amount of spinning. Negotiators are due to meet in Brussels tomorrow with a view to stitching up a deal in time for a US-European summit late next month, and we Europeans can't help noticing that US negotiating teams tend to turn up the volume just before crunch meetings. But it's a sticky one, just the same. The basic dispute is about how privacy is actually protected, rather than whether or not (or to what extent) it should be protected. The EU goes for legislation and the use of agencies to enforce standards, while the US wants to stick with voluntary codes of conduct. Letting industries regulate themselves has of course been the inclination of UK governments for the past 20 years or so, but we suspect this may be connected with why our trains (among other things) don't work. At the moment the US team seems to be digging its heels in, even suggesting that it ought to be OK if companies just made formal commitments to privacy protection principles. This doesn't seem likely to play in Brussels, so failing an extremely dubious fudge, we could be headed for a privacy war. ®
Sponsored: Global DDoS threat landscape report