Linux Today: Linux News On Internet Time.

VNU Net: EC bans passing consumer data to the US

Mar 01, 2000, 16:07 (0 Talkback[s])
(Other stories by Steven Mathieson)

By Steven Mathieson, VNU Net

The Europeans are coming. As of today, UK businesses cannot begin passing consumer data to states outside the European Union (EU) that lack adequate levels of protection without the individual's permission. At the moment this includes the US.

The regulation, enacted in the UK as part of the 1998 Data Protection Act, is an EU-wide attempt to provide higher levels of data protection for its citizens, and is one of several pieces of IT-related legislation planned by the European Commission (EC), the EU's executive body.

Meanwhile, the EC is setting its anti-monopoly dogs on technology firms. Brussels-based Directorate IV, which plays a similar anti-trust role to the US Department of Justice and whose judgements are binding throughout the EU, started a preliminary investigation into Microsoft's Windows 2000 operating system two weeks ago.

And last week, it began a four-month probe into the merger of US telcos MCI WorldCom and Sprint - which may force the merged company to sell Sprint's internet services - and it recently completed investigations of German mobile operator E-Plus and the Italian telecoms sector.

Furthermore, as of today, the UK's more relaxed national system for investigating unfair business practices becomes more European - that is, more active.

"The EC is trying to do an awful lot at the same time," said the secretary general of parliament/industry liaison group Eurim, Philip Virgo. "There's nine directives this year, plus the telecoms review, plus the investigation of Microsoft. There's a view that the EC is trying to do online everything to do with the Single Market it has failed to do offline."

Eurim is presenting evidence to a House of Lords select committee that examines European legislation today. EC directives are normally enacted automatically by EU national parliaments, and after scrutiny by select committee in the UK.

In this case, the Data Protection Act satisfies the requirements of the 1995 Data Protection Directive. As vnunet.com reported earlier this week, the act makes the use of cookies without active consent illegal. Cookies are pieces of code placed on web-users' computers, allowing them to be tracked.

The regulations also stop new transfers of consumer data outside the European Economic Area - the EU, plus Iceland, Norway and Liechtenstein - although existing transfers can continue until next year. (See the Data Protection Registrar website for detailed information.)

As for transferring consumer data to the US - a common event, given that many UK ecommerce sites are subsidiaries of US companies - negotiations between Europe and the US are taking place, but to date the two sides have not reached agreement. A Home Office spokesman said the government hopes the talks will reach a resolution by the end of this month.

Eurim's Virgo said one problem with the EC and US reaching an agreement on privacy, is that such legislation exists at the level of individual US states, rather than the federal government. "The most draconian legal procedures taken anywhere to date [on privacy] have been under US state legislation," he said.

On anti-competitive behaviour, EC Directorate IV's flurry of activity is partly a product of the high level of merger activity in telecoms, according to Robert Bell, head of communications group and partner at law firm Nabarro Nathanson - but this is not the whole story.

"For some time, there's been a real worry in Europe that the cost of telephony has been very high," he said. "This has spurred Directorate IV into a number of enquiries, and also Directorate XIII [the department that looks at telecoms] into looking at the pricing of calls."

Antonio Guterres, the Portuguese prime minister, said this week that cheaper telecoms will be a clear objective of an EU summit to be held later this month in Lisbon.

The UK approach to anti-competitive behaviour has, up until now, been more relaxed than the EC's, although anything with a pan-European dimension has been dealt with by the Commission since the UK joined the Common Market in 1973.

But today sees the Competition Act 1998 come into effect, under which UK firms can claim injunctions against companies they say are indulging in unfair behaviour, rather than waiting for a regulator to investigate. "We're switching from quite a laid back regime, to an active one," said Nabarro's Bell. "The Competition Act is modelled on the EC approach of blanket prohibitions of abuses of dominant positions." The Office of Fair Trading and the new Competition Commission will handle UK-based investigations.

Meanwhile, elsewhere in Brussels last week, UK intelligence expert Duncan Campbell told the European Parliament's justice committee that the Anglo-American spy network Echelon - whose existence was denied until recently - was used to help American business interests beat European firms.

Echelon uses UK listening stations to tap voice and data traffic, and the intelligence is shared by other English-speaking countries including Australia and Canada, rather than the European Union. Prime Minister Tony Blair denied Campbell's allegations of commercial spying.

But it is a good demonstration of split British attitudes towards Europe: while the UK enacts European data privacy laws and adopts its approach to anti-competitive behaviour, it still spies on Europe then shares the data with its ex-colonies.

Related Stories: