As the European Union continues to discuss potential amendments to its current data privacy laws, officials have asked the United States to do the same in an effort to create a cooperative regulatory framework that protects and serves the international business community.
The impetus for this request stems from a series of disagreements between the EU and U.S. related to the scope of counterterrorism efforts. According to the Washington Post, the U.S. Patriot Act has frustrated European legislators and business leaders alike, with many asserting that American investigative tactics represent a serious threat to data privacy.
In fact, U.S. regulatory intervention in European business practices has become so invasive, in some cases, that circumventing American jurisdiction has now become a selling point for some technology providers. According to the Post, several cloud service vendors are showcasing the fact that their European-based operations are sheltered from Patriot Act provisions.
"I do encourage cloud computing centers in Europe … but this cannot be the only solution," EU Justice Commissioner Viviane Reding told reporters. "We need free flow of data between our continents [and] it doesn't make much sense for us to retreat from each other."
Preliminary negotiations between the two parties have already begun, according to the Post, and may yield a new comprehensive data protection agreement that will go into effect by the end of 2012. However, progress will likely hinge on how well opposing sides handle the contentious issues of monitoring flight passenger data and banking transactions related to the operations of organized criminals and international terrorists.
Initiating an overhaul of complicated – and at times controversial – legislation will be no simple task, but Reding is hoping that her U.S. counterparts will be inspired by progress underway in the EU.
According to BusinessWeek, Reding's staff is currently piecing together legislation that would bring crucial updates to a 16-year old data protection law that has drawn the ire of digital innovators. A formal proposal is expected to be released in January, revealing the regulators' strategy for aligning data privacy policies with the emergence of Internet-based economies and holding companies accountable for data breaches.
The Financial Times has suggested that offending companies may face fines equivalent to 5 percent of their global turnover. In addition to this stern deterrent, firms with more than 250 employees will have to specifically dedicate staff to data protection issues and all companies will be required to notify data protection authorities within 24 hours of an incident.