Discover Privacy News
The Trans-Atlantic Data Privacy Dispute
The issue began to heat up in 1998 when the European Commission's Directive on Data Protection went into effect. The Directive is an attempt to protect the data privacy of Europeans regardless of where their personal data is transferred and processed. But to be effective, Kobrin notes, the Directive needed a "transnational footprint": It had to apply both inside Europe and beyond Europe's borders. The result was Article 25, which prohibits the transfer of personally identifiable data from Europe to any third country -- including the United States -- that does not provide "adequate" protection, as defined by the European Commission.
Because the American approach to data protection is so fundamentally different from the European approach, it soon became clear that companies in Europe could be forced by Article 25 to cut off the flow of European personal data to their branches, affiliates or business partners in the United States. (In theory, this would include U.S. companies based in Europe.) However, both sides recognized that cutting off transatlantic data flows would have "catastrophic impacts," Kobrin notes in his paper, so the U.S. and the European Commission developed a compromise solution, known as the "Safe Harbor" program.
The link for this article located at Emory is no longer available.