The European Union’s top data protection watchdog expects only a select band of U.S. IT companies will meet E.U. data protection standards for some time to come. Under the E.U. Data Protection Directive, personal data cannot be transferred out of the E.U. unless the destination country’s data protection laws are deemed adequate. There are, however, exceptions for U.S. companies that agree to abide by seven “safe harbor privacy principles” for the protection of E.U. citizens’ personal data. This data includes sensitive information such as patient records required for telemedicine. The U.S. Ambassador to Europe, William Kennard, called for the U.S. to be given “adequate” status in a speech at the Annual European Data Protection and Privacy Conference. To date, only a tiny number of jurisdictions have been deemed adequate: Argentina, Canada, Guernsey, the Isle of Man, Israel, Switzerland and Uruguay. European Data Protection Supervisor, Peter Hustinx, thinks the ambassador was being too optimistic and suggests that rather than declaring a company’s laws adequate outright, a sectoral approach to data adequacy might be more useful.

Read more

Post By (955 Posts)