US seeks EU deal on data privacy

The European Union and the US want to resolve their dispute on data privacy by the end of March because the US is worried that a delay may disadvantage its...

The European Union and the US want to resolve their dispute on data privacy by the end of March because the US is worried that a delay may disadvantage its businesses.

The row, which has lasted more than a year and is still unresolved despite a compromise proposal on the table, threatens to affect data transfers between the two trading groups.

This risks giving corporate IT directors headaches by having to implement new systems to satisfy employees' data rights.

Now, with the Clinton government coming to the end of its term, and key staff likely to head for the private sector, the US wants a deal. US officials are due to travel to Europe in the next two weeks to try to settle the dispute.

This leaves the EU with a dilemma. Either it pushes for better terms from the US, but risks failing to conclude a deal, or it backs off from its hard-line stance on privacy legislation.

Negotiations to settle the dispute could involve the Organisation for Economic Cooperation and Develop- ment which has produced a series of guidelines on the privacy issue. Although it cannot participate in bilateral discussions, it has been involved with a range of initiatives, such as the ICX user group's privacy code of conduct.

Mike Pullen, a European legal specialist with law firm Dibb Lupton Allsop, said the EU might have to retreat from its position that privacy is enshrined in human rights legislation, because some countries still have to implement the data protection directive. Greece and Italy's legislation is unworkable, he said.

Big businesses are starting to take data protection seriously. German car maker DaimlerChrysler has appointed a data protection "czar" in Alfred Bullesbach. He reports to senior executives and has been given the task of ensuring the firm meets data protection legislation throughout Daimler's international subsidiaries.

How the new data law could affect you

On the first of March this year, the new Data Protection Act will come into force in the UK.

Although companies can register after the legislation is in place, businesses that are registered before 1st March 2000 will have until October 2001 to change their data processing practice to comply with the new law, said Robert Bond, head of e-commerce and technology law at solicitors Hobson Audley Hopkins & Wood. In some cases companies which register after the 1st March 2000 will be required to comply immediately.

Any business operating in the UK must be registered with the Data Protection Registrar's Office, headed by Elizabeth France, to process lawfully personal data about individuals. Failure to comply with the new law brings civil and criminal sanctions.

Read more on IT risk management