[Federal Register Volume 64, Number 77 (Thursday, April 22, 1999)]
[Notices]
[Pages 19747-19748]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 99-10145]
-----------------------------------------------------------------------
DEPARTMENT OF COMMERCE
International Trade Administration
Reports and Guidance Documents; Availability etc.; European
Union's Directive on Data Protection; Compliance Guidance for U.S.
Organizations
AGENCY: International Trade Administration, U.S. Department of
Commerce.
ACTION: Notice of publication.
-----------------------------------------------------------------------
SUMMARY: The Department of Commerce has been working very closely over
the last several months with the European Commission to develop clear
and predictable guidance to U.S. organizations that would enable them
to comply with the European Union's Directive on Data Protection. The
Directive, which went into effect late last year, allows the transfer
of personally identifiable data to third countries only if they provide
an ``adequate'' level of privacy protection. Because the United States
relies largely on a sectoral and self-regulatory, rather than
legislative, approach to effective privacy protection, many U.S.
organizations have been uncertain about the impact of the ``adequacy''
standard on personal data transfers from European Community countries
to the United States.
Last Fall, the DOC proposed a safe harbor for U.S. companies that
choose to adhere to certain privacy principles. As the DOC explained
then, the principles are designed to serve as guidance to U.S.
organizations seeking to comply with the European Union Directive.
Organizations within the safe harbor would have a presumption of
adequacy and data transfers from the European Community to them would
continue. Organizations could come into the safe harbor by self
certifying that they adhere to these privacy principles. The decision
to enter the safe harbor is entirely voluntary. As a result of the safe
harbor proposal, the European Union announced last Fall its intention
to avoid disrupting data flows to the US so long as the US is engaged
in good faith negotiations with the European Commission.
Last November, the DOC issued draft principles for review and
comment by interested organizations, noting that the content of the
principles was of course crucial to the proposal. The DOC received
numerous written comments in response to that draft and countless
additional comments and suggestions in the subsequent months through
extensive discussions with interested parties. Generally, the comments
the DOC received supported the safe harbor concept. They also raised
concerns with certain aspects of the principles, particularly access
and onward transfer.
Because the principles are quite broad and general, questions were
also raised about how they would be applied in specific circumstances.
DOC consultations also made clear that US organizations would welcome
additional information on the benefits of being in the safe harbor and
the procedures that would be followed when they were in the safe
harbor. The comments the DOC received have been extremely valuable both
in helping the DOC understand how data is protected in practice and in
working with the European Commission to find appropriate solutions to
issues raised in DOC/EC discussions.
Concurrently with DOC discussions with US organizations, the DOC
has had extensive discussions with the European Commission about the
content and contours of the safe harbor as well as on the comments
raised by US organizations. On the basis of our discussions with US
negotiators and the EU Commission, the DOC has further refined the safe
harbor principles to account for the many views expressed and those of
our European counterparts.
New Documents for Review and Comment
At this point, the two sides have achieved a substantial level of
consensus on the content of the principles, on the content of more
specific guidance (FAQs), and safe harbor procedures and benefits.
Accordingly, the DOC is now issuing for comment by US organizations the
first tranche of documents that will comprise the relevant safe harbor
documents. These include: (1) revised safe harbor principles; (2)
frequently asked questions and answers (FAQs) on access; and (3) a
draft European Commission document on the procedures that will be
established for the handling of complaints where the Commission had
made an adequacy determination, as it will with the safe harbor. (These
documents are also available on our web site at http://www.ita.doc.gov/
ecom.) In addition to your comments on these documents, the DOC also
requests your views on the weight to give the FAQs relative to the
principles.
The DOC will also be issuing within the week additional FAQs
addressing certain sectoral concerns, procedural issues, and several
clarifications requested during DOC consultations. The European
Commission is also providing these documents to the Member States for
their comments and review. Additional documents will be put on the ITA
website as soon as they are available for review.
All the draft documents are still under negotiation with the
European Commission. Points of difference between the two sides have
been identified in footnotes in the text and mark those parts of the
document that are most likely to be revised further. Please note that
these principles and the
[[Page 19748]]
accompanying explanatory materials were developed solely for use by US
organizations receiving personal data from the EU under the safe
harbor. Consequently, they rely on references to European Union law, as
for example in defining sensitive information and some of the relevant
exceptions, which limit their general applicability. For that reason,
adoption of the principles for other purposes may well be
inappropriate.
Safe Harbor Benefits
The Dept. of Commerce would like to highlight the several benefits
of the Safe Harbor approach. They include:
All 15 Member States (MS) will bound by US/EC
understanding;
The understanding will create the presumption that
companies within the safe harbor provide adequate data protection
(rather than the opposite) and data flows to those companies will
continue;
MS requirements for prior approval of data transfers
either will be waived or approval will be automatically granted; and
US companies will have a transition period to implement
safe harbor policies.
Claims against US organizations will for the most part be
limited to claims of non-compliance with the principles, European
consumers will be expected to exhaust their recourse with the US
organization first, and due process will be assured for US
organizations that are subject to complaints; and
Generally, only the European Commission, acting with a
committee of Member State representatives (the Article 31 Committee),
will be able to interrupt personal data flows from an EU country to a
US organization.
In addition to the documents made available today and next week,
the final package of safe harbor documents will include the European
Commission's Article 25.6 decision, letters from the Department of
Commerce to the European Commission and a reply letter from the
Commission to the Department of Commerce, and memoranda describing
enforcement authority in the US for unfair and deceptive practices and
European Union Member State enforcement procedures involving data
protection claims. Please remember to check the website http://
www.ita.doc.gov/ecom for postings of additional documents.
Document Availability: April 19, 1999 at URL; http://
www.ita.doc.gov/ecom. If you would like to speak to someone or want
hard copies of the documents please call Brenda Carter-Nixon on (202)
482-5227.
Address Comments: Please submit comments on any of the draft
documents to the Department of Commerce by May 10, 1999. DOC requests
that all comments be submitted electronically in an HTML format to the
following email address: E[email protected]. If organizations do not
have the technical ability to provide comments in an HTML format, they
can forward them in the body of the email, or in a Word or WordPerfect
format. The DOC intends to post all comments on the ITA/ECOM website.
If necessary, hard copies of comments can be mailed to the
Electronic Commerce Task Force, U.S. Department of Commerce, Room 2009,
14th and Constitution Ave., NW, Washington DC 20230, or faxed to 202-
501-2548.
Dated: April 19, 1999.
Eric Fredell,
International Trade Specialist, International Trade Administration/
Trade Development.
[FR Doc. 99-10145 Filed 4-20-99; 2:35 pm]
BILLING CODE 3510-DR-P