"Scrutiny of EU data-privacy safe harbor could pose problems for U.S."
Following is an excerpt:
The introduction of the European Union’s Data Privacy Directive in 1995 presented a host of challenges for U.S. companies doing business in Europe.
While the United States took a sectoral approach to data privacy based on self-certification and compliance, the EU adopted a broad prohibition on the transfer of personal data regardless of industry, with rights of action for negatively affected individuals.
The revelations in the last year that the U.S. has been clandestinely collecting data on Europeans has not helped to enhance the trust the Europeans have in the promises made by U.S. companies to protect the privacy of data they collect.
This mistrust has led some EU member states and the European Parliament to call for the suspension of one of the most popular methods by which U.S. companies comply with the directive.
The directive was adopted in 1995 to require each of the 28 EU member states to adopt legislation protecting the personal data of EU citizens.
As the control over the data is difficult once it leaves the EU, the directive prohibits the transfer of personal data from the EU to third states such as the United States “only if … the third country in question ensures an adequate level of protection” or one of the other exceptions applies.