Privacy talks between the U.S. and the European Union have reached "a real breakthrough,'' with a final agreement expected next month on what steps U.S. companies will have to take to comply with an EU privacy directive, Undersecretary of Commerce David Aaron said on Feb. 23. After two days of talks with EU counterpart John Mogg, Mr. Aaron said the U.S.' willingness to toughen the enforcement options that qualifying self-regulatory groups must be able to impose--so that the options include deletion of data gathered in violation of privacy policies--appears to have allayed the EU's concerns that self-regulation alone wasn't sufficient. Mr. Aaron said that under the agreement, U.S. companies collecting information on EU citizens will be expected to join a self-regulatory group that polices privacy. That group, which could include Trust-e, BBBOnline or the Direct Marketing Association, among others, will then have a range of options for enforcement, from publicizing the company's actions to ordering the data destroyed. Mr. Aaron said the two sides also have agreed to a concept that will give consumers "reasonable access'' to sensitive data, but that the accessibility depends on how sensitive the information is and the extent to which companies use the data to create individual profiles.
Copyright February 2000, Crain Communications Inc.