An agreement between the US and Europe on data protection is an ineffective compromise and has diluted stringent European rules to maintain the security of personal data, according to Reuters' global security chief.
European rules forbid companies from transferring data to any country beyond the EU that has inferior data protection policies, including the US. In response to concerns that these rules might stifle trade with the US, which does not have as stringent data protection safeguards, the EU devised the "safe harbour" code. If a company signs up to follow the code, it can freely transfer data.
But speaking at the E-Business Regulatory Alliance Conference last week, Mark Lomas, global security chief at news and information firm Reuters, said his company collected and processed data worldwide to EU data protection standards and not the transatlantic safe harbour rule.
"We collect data in New York, the Far East and the UK but process it as if in the UK," he said. "Safe harbour is a compromise and is not working as claimed. US organisations can say they believe they comply with the principles of European data protection regulation then sign a declaration."
"Reuters does not use the safe harbour rule. We have explicit control," he said.
Lomas's concerns follow the news earlier this month that European data protection ombudsman Jacob Soderman had written to European Commission president Romano Prodi, expressing fears that data protection rules were being misinterpreted.