Classic Cases : ELECTRONIC COMMERCE
Maintaining the Flow of Global E-commerce Data
In October 1998, the European Union (EU) issued a directive to ensure the free flow of data across the 15 EU member countries by establishing strict standards for data privacy. The directive mandates that member states must ensure that data transferred outside the EU is protected and bars the export of data to countries that do not have comparable data privacy protection. Failure to meet this requirement could lead to the EU's blocking E-commerce data flows.
Negotiations regarding data flows with the United States have been plagued by EU concerns that the largely voluntary system of data privacy in the United States does not meet the EU directive's stringent standards. Each side has its own privacy philosophy, with the key difference being enforcement. Europe favors strict government regulation of data privacy, and the enforcement is done by a set of commissioners. The U.S. government follows a more laissez-faire approach with no federal privacy policy, and it relies on self-regulation overseen by such watchdog organizations as the U.S. Department of Commerce, Better Business Bureau Online, and TRUSTe.
In May 2000, the EU agreed that U.S. companies that voluntarily enter safe harbor will be deemed as providing adequate privacy protection and that data transfers to those firms will continue. However, this decision is reversible if the EU determines that the safe harbor participants are not living up to their commitments or that the U.S. Department of Commerce is not overseeing the process with a high level of enforcement. Should this happen, the EU could withdraw the classification and possibly block data flows to the United States. European governments are particularly concerned that safe harbor does not provide for individual redress of data privacy violations.
Prior to this agreement, U.S. firms doing business with European citizens or their overseas subsidiaries needed a signed contract each time a transaction called for personal data. Requiring contractual agreements every time data is exchanged is very cumbersome and administratively prohibitive.
If European data privacy commissioners and other privacy advocates had their way, the United States. would pass federal laws and create a European-style data-protection authority, eliminating the need for U.S. exceptions. They feel it will become clearer and clearer as more countries adopt privacy laws that the United States is the exception in failing to protect its citizens. The shocking result of safe harbor is that Americans could become second-class citizens in their own country-having fewer safeguards than foreign citizens.
Discussion Questions:
- 1. What is the primary difference in philosophy between the European Union and the United States with regard to data privacy policy?
Answer Europe favors strict government regulation of data privacy, and the enforcement is done by a set of commissioners.
The U.S. government follows a more laissez-faire approach with no federal privacy policy, and it relies on self-regulation overseen by such watchdog organizations as the U.S. Department of Commerce, Better Business Bureau Online, and TRUSTe.
- 2. Do a Web search on "safe harbor" and "data privacy." Summarize the current state of affairs.
Answer safe harbor will be deemed as providing adequate privacy protection and that data transfers to those firms will continue.
Critical Thinking Questions:
- 3. What would be the impact on E-commerce if the EU and United States could not agree on standards for ensuring data privacy of E-commerce data flows? How might this affect the economies of the countries involved?
Answer This decision is reversible if the EU determines that the safe harbor participants are not living up to their commitments or that the U.S. Department of Commerce is not overseeing the process with a high level of enforcement. Should this happen, the EU could withdraw the classification and possibly block data flows to the United States. European governments are particularly concerned that safe harbor does not provide for individual redress of data privacy violations.
- 4. In what way, relative to data privacy, could Americans become second-class citizens in their own country?
Answer If European data privacy commissioners and other privacy advocates had their way, the United States. would pass federal laws and create a European-style data-protection authority, eliminating the need for U.S. exceptions.
