Search /
Docfinder:
Advanced search  |  Help  |  Site map
RESEARCH CENTERS
SITE RESOURCES
Click for Layer 8! No, really, click NOW!
Networking for Small Business
TODAY'S NEWS
FCC chairman gives support for use of 'white spaces'
Cyber security threats grow in sophistication, subtlety and power
Ex-Google, Yahoo employees behind Hadoop startup
Ex-Enron Broadband exec pleads guilty to wire fraud
Quest's post-acquisition road map a killer for NetPro
Cisco rolls out TelePresence rental service
Willing to pay a 'Mac tax'?
Microsoft reveals critical holes in Active Directory, mainframe gateway
Intel reports record Q3 revenue
Federal employees lack tools for mobile work, study finds
Apple's new MacBooks carved from blocks of aluminum
How bad is U.S. broadband deployment?
Cisco iPrize goes to energy-efficient power grid
Cisco launches first-ever authorized CCIE training program
Novell buying Managed Objects for BSM
Security /

EU data-privacy laws bog down U.S. firms

Today's breaking news
Send to a friendFeedback

Advertisement:

By Ellen Messmer
Network World, 12/17/01

Multinational firms that handle employee and customer data in Europe are finding it increasingly hard to quickly roll out new applications because of data-privacy laws mandated by the European Union.

Across Europe, corporations must now pay a visit to the local "data-protection authority" to disclose how marketing, human resources, financial and healthcare data they collect is being warehoused, processed or transported, in or out of the EU. Moreover, these firms have to seek permission from worker-based organizations known as "works councils" to start new IT projects.

Each of the 15 EU countries has adopted, or is in the process of adopting, slightly different provisions to satisfy the EU privacy directive issued in 1998 to promote harmonization of data-privacy regulations. The strictest and perhaps most complex country in this regard might be Germany, where each of the regional states has its own data-protection authority.

Advertisement:

"If we install a new business-information system, we have to tell the data-protection authority," says Armgard von Reden, head of IBM's privacy initiative in Europe. The process can add months of delay and uncertainty as IT departments hold off on application and network development until European authorities give the thumbs up, she says.

"We see a need to harmonize the data-protection laws even further," von Reden says.

Across Europe, businesses acknowledge they must plan further in advance than they used to for IT projects.

"Each country is implementing the EU directive a little differently, and we have to register databases within each country," says Jeff Nicol, manager of corporate privacy programs at Intel. U.S. operations have to be sure they are abiding by European laws if they receive data on European subjects. The EU won't let data go to places deemed not to have "adequate" data-privacy laws, such as giving European citizens the right to give consent for how data is shared or processed.

Europe views the U.S., with its freewheeling marketing practices, as generally inadequate in data-privacy protection. At one point, it seemed possible the EU might not allow citizen data to be transported to the U.S. However, last summer, the EU and the U.S. reached a compromise with the so-called Safe Harbor agreement.

Safe Harbor went into effect Nov. 1, 2000 and is designed to provide some legal protection to U.S. companies and organizations that, as part of their European operations, gather personal data about people living there, including employees and customers. Companies that sign up for Safe Harbor avoid the prospect that the EU might perfunctorily shut down their network operations from Europe, says Jim Allen, customer-privacy officer at Agilent Technologies.

With Safe Harbor the EU can spot check and if they don't like what they see, complain to the Federal Trade Commission, added Jonathan Winer, attorney at Washington, D.C., firm Alston & Bird. About 100 firms have signed up for Safe Harbor in the last six months.

One Safe Harbor firm, Baxter International, has manufacturing and office divisions in Europe. The EU data-privacy laws last year spurred Baxter to create what it calls its Data Privacy and Security Initiative. Baxter organized about two dozen employees from the IT, legal and marketing divisions around the world to prepare local approaches to data privacy, in coordination with headquarters. The initiative's goal is to coordinate strategy around the world.

"Everything is cascading from the EU directive," says Heather Humphrey, Baxter's global manager for privacy and information security. She emphasized that Canada, Australia and Japan appear to be following in the footsteps of Europe on this issue of data privacy, and companies with global interests need to respond to changing conditions.

And woe to those that run afoul of the "data police," which can mete out thousands of dollars in fines and even cut off data flows, if they wish. Two years ago, Microsoft quarreled with Spanish authorities over user data it was collecting for its Windows 98 rollout.

"We ended up arguing over type sizes and colors, which wasn't in the rules," says Richard Purcell, Microsoft's director of corporate privacy. Spain slapped Microsoft with a fine of several thousand dollars and "we agreed to disagree."

But these days Microsoft, like a growing number of other firms, has joined Safe Harbor to assure Europe of its "adequacy" in data protection, to keep business running smoothly.

"If you haven't signed up for Safe Harbor, you put at risk these business relationships," Purcell says.

RELATED LINKS

Contact Senior Editor Ellen Messmer

Other recent articles by Messmer


NWFusion offers more than 40 FREE technology-specific email newsletters in key network technology areas such as NSM, VPNs, Convergence, Security and more.
Click here to sign up!
New Event - WANs: Optimizing Your Network Now.
Hear from the experts about the innovations that are already starting to shake up the WAN world. Free Network World Technology Tour and Expo in Dallas, San Francisco, Washington DC, and New York.
Attend FREE
Your FREE Network World subscription will also include breaking news and information on wireless, storage, infrastructure, carriers and SPs, enterprise applications, videoconferencing, plus product reviews, technology insiders, management surveys and technology updates - GET IT NOW.
* HOME    * RESEARCH CENTERS     * NEWS     * EVENTS

Contact us | Terms of Service/Privacy | How to Advertise
Reprints and links | Partnerships | Subscribe to NW
About Network World, Inc.

Copyright, 1994-2006 Network World, Inc. All rights reserved.