January 18, 2000 Web posted at: 11:31 a.m. EST (1631 GMT) by Elizabeth de Bony

From...

(IDG) -- The U.S. government has invited representatives from European Union countries to Washington D.C. next week to work out an agreement on data privacy before their self-imposed March deadline.

European officials will meet Jan. 17 and 18 with U.S. government officials, members of the U.S. Federal Trade Commission and private industry groups, a U.S. official said.

The EU representatives are all members of the so-called Article 31 Committee set up by the European data-privacy directive to determine whether third-country data privacy rules meet EU standards. The EU data-privacy directive, which went into effect in 1998, prohibits transmission of data to countries outside the European Union that do not meet the EU privacy standards.

There is controversy in the European Union regarding whether the U.S. voluntary "safe harbor" guidelines for consumers' data privacy meet the EU standards.

Next week, "the [EU] committee members will be able to meet first-hand those people who will make the safe harbor principles work," said the U.S. official, who asked not to be named.

MORE COMPUTING INTELLIGENCE

IDG.net home page

InfoWorld home page

InfoWorld forums home page

InfoWorld Internet commerce section

E-BusinessWorld

Reviews & in-depth info at IDG.net

IDG.net's personal news page

Year 2000 World

Questions about computers? Let IDG.net's editors help you

Subscribe to IDG.net's free daily newsletter for IT leaders

Search IDG.net in 12 languages

News Radio

Fusion audio primers

Computerworld Minute

The EU committee will meet back in Brussels on Jan. 24 and 25 to discuss their findings and, on the basis of this discussion, EU and U.S. negotiators will probably meet sometime in early February for another round of negotiations.

The United States and EU have set March 31 as the new target date for reaching an agreement on the issue.

The EU privacy directive remains the source of a trans-Atlantic disagreement that has been simmering for nearly four years, but particularly since October 1998 when the 15 EU countries could have introduced the legislation into national law. Even within the European Union, however, not all countries have effectively implemented the directive.

Separately it was revealed that the European Commission has decided to take France, Luxembourg, the Netherlands, Germany, and Ireland to the European Court of Justice over their failure to implement the data-privacy directive.

Condemnation by the court could lead to the imposition of fines, but court procedures generally take about two years.

The step taken earlier this week represents the third stage in the European Union's infringement proceedings, which the Commission began last July. At that time the Commission gave nine EU countries two months in which to comply with the privacy directive.

Since then, the United Kingdom, Denmark, Spain, and Austria brought their national rules into line with the EU directive, but the five countries cited this week have still failed to inform the Commission of compliance. Only Greece, Portugal, Sweden, Italy, Belgium, and Finland implemented the privacy directive more or less on time in October 1998.

The data-protection directive establishes a common regulatory framework for data transmission, to ensure both a high level of privacy for the individual and the free movement of personal data within the EU. The directive introduces high standards of data privacy to ensure the free flow of data throughout the 15 member states, and gives an individual the right to review personal data, correct it, and limit its use.