American consumers would be robbed of time and money-saving
practices if the European Union's Directive on Data and Privacy
were enacted in the US, according to a study sponsored by the
Financial Services Coordinating Council (FSCC).
According to a study by Ernst & Young for US-based FSCC, at
least US$16bn (£11.2bn) worth of current financial services would
be lost and bank and insurance customers would be forced to spend
an additional 305 million hours annually on their personal finances
if a US version of the EU's privacy rules on data sharing were
introduced to the US. The FSCC is a group of associations that
represents US insurance companies and banks, including the American
Bankers Association and the American Council of Life
Insurers.
The study results should serve as a warning to lawmakers that
consumers would be greatly harmed by privacy rules that amend the
privacy provisions that went into effect under the
Gramm-Leach-Bliley Financial Services Modernisation Act of 1999,
according to the FSCC. Congress is concerned that the EU directive
could become a global standard.
While the EU directive may work well to serve the needs of European
governments and European consumers, it would have a very different
impact if applied in the US because of cultural differences, said
Cynthia Glassman, an economist with Ernst & Young and director
of the study project. In addition, the EU directive is stricter
than any existing privacy policy in the US.
The study examined the potential impact of the directive on
customers at 90 large US financial institutions. It assumed that
the directive would be interpreted to allow those institutions to
only offer consumers opt-in policies, and less than 10% of
consumers would choose to allow their information to be used by the
institutions, said Glassman.
US consumers have come to rely on savings and conveniences that
result from information sharing by financial companies, said Jim
Pitts, executive director of the FSCC's Privacy Project. These
conveniences are being threatened by proposals on the federal and
state level to adopt laws patterned on the EU directive, which has
been in effect in Europe since 1998, he said.
Among the consequences of implementing the EU system would be a
loss of 67 million hours per year because consumers would no longer
be able to call one number, such as a call centre, to access
multiple accounts. A loss of another 31 million hours would result
from consumers no longer being able to use centralised Web sites to
access multiple accounts.
In addition, special offers based on data collected from consumers
and targeted marketing would be lost, the study says.
The computer systems at some financial institutions also could be
affected, especially legacy systems that are unable to comply with
some of the privacy requirements, said Glassman. The study notes
that technologies designed to enable new products and services
based on customer information could be cut short by privacy
policies.
Because the study is an effort to examine the impact of the EU
directive if it were implemented in the US it does not mention the
"safe-harbour" agreement negotiated by the US Commerce Department
and EU last year, which provides some legal protection to US
companies and organisations that gather personally-identifiable
data in Europe from employees and customers.
The safe-harbour agreement is meant to bridge the US and EU's
different privacy approaches and to provide a streamlined means for
US organisations to comply with the directive. So far, 30 companies
have notified the Department of Commerce that they adhere to the
safe-harbour framework.