Europe’s new data privacy legislation, designed to harmonise rules for gathering and keeping personal data, came into full force on March 1 2000.
Topic: Data privacy
Who: European Union and US officials
When: March 2000-03-22
Where: Brussels
What happened:
Europe's new data privacy legislation, designed to harmonise rules for gathering and keeping personal data, came into full force on March 1 2000. The directive in question prohibits transfer of personal data outside the Union unless the state to which the data is being transferred has "equivalent" data privacy protection to that given us by the new legislation.
The UK's Data Protection Commissioner has made it clear that particular countries are a real problem. The US, with no federal data protection legislation to speak of, was an example until bilateral discussions between the US and the EU reached a breakthrough in March 2000. Subject to ratification by Congress and the Commission and the drawing up of detailed rules it should by the Autumn of 2000 be possible to transfer personal data out of the EU to the US, provided the US company involved has made itself compliant by, for example, joining a US "self-regulatory alliance" like Trust-e or BBBOnline monitored by the FTC or committed to obey a new EU data privacy panel.
It is expected that similar bi-lateral "safe-harbour" deals will be concluded with states such as Switzerland and Hungary before the year is out.
Why this matters:
The net made this deal essential if the new EU data protection rules were going to be taken seriously. By the time the arrangements are bedded down, however, there could be US data protection legislation in place at a federal level after all, such is the groundswell of American consumer opinion in favour of legal, as opposed to self-regulatory, controls.