"I want to start by thanking Subcommittee Chairman Stearns for calling the first ever Congressional hearing, in either the House or Senate, specifically focused on the EU Privacy Directive. The topic of today’s hearing is extremely relevant to the Committee’s consideration of privacy and information exchange issues."
"The development of electronic commerce has accentuated the fact that the U.S. economy is interdependent on the rest of the world. The Internet and other electronic networks expand the ability of businesses to reach new or untapped markets worldwide. These technologies fundamentally shrink the size of the globe. Policies affecting electronic commerce made by the world’s largest trading block – the European Union – have an impact on the U.S. It also has an impact on how the U.S. Congress will approach the debate over privacy."
"The U.S. and EU Member States approach the issue of privacy from different perspectives. Europeans are instilled with the belief that privacy is a fundamental human right. There are a number of reasons for this belief, including the vast and traumatic experiences of the Nazi regime during the 1940’s. Another reason for this perspective is the simple fact that many EU countries are relatively new democracies. It was not long ago that Kings and Queens ruled throughout Europe. In the U.S., we take a different approach towards privacy as we have fundamental protections to free expression provided in the U.S. Constitution, including the First Amendment. By in large, we also rely heavily on the private sector to protect consumer privacy."
"I believe that the EU Privacy Directive may act as a de-facto privacy standard on the world. It may or may not be permissible under the WTO because of the technical structure and specific carve-outs, but it certainly is an effort to impose the EU’s will on the U.S. While I recognize that similar charges have been laid against certain U.S. policies, the EU Privacy Directive could be the imposition of one of the largest free trade barriers ever seen and is a direct reversal of the efforts we have made in various free trade agreements. It certainly provides for extraterritorial enforcement of EU principles on Americans and American companies."
"I have serious reservations about the real impact of the EU Privacy Directive on commerce and trade. I am very concerned that U.S. companies, which have been the creators and the leaders of E-commerce, will be forced to deal with such a restrictive concept. I would love for someone to provide some type of compliance cost analysis for the Privacy Directive but that simply hasn’t been done. I suspect the costs would be in the multi-billions, and are all costs that will be passed onto consumers."
"One of the many drawbacks of imposing something like the Privacy Directive on the entire world is that one-size does not fit all. Europeans do not view lawsuits as an answer to problems. “In the U.S., lawsuits are filed at the drop of a hat. A stock dropped too much or too fast, a lawsuit gets filed. A neighbor’s dog barks too loud, a lawsuit gets filed. That is a reality that we have to deal with. However, such lawsuits could cripple the beneficial exchange of information that is a cornerstone of American business practices today."
"Compliance and enforcement of the Privacy Directive has, at best, been spotty in European nations. In fact, a number of nations have not even bothered to required enact implementing legislation. This lax attitude is something that Americans are not used to. We do not build elaborate restrictions with a wink and a nod so they can be ignored. Given this, we need to know whether enforcement of the Privacy Directive on U.S. companies represent a double standard when compared to enforcement of European firms. We also need to know the consequences for competition if this occurs."
"I must admit that I take a dim view about the way that the EU went about enacting this new privacy regime. The EU designed the rules and told the U.S. companies to abide by them or risk losing the transfer of any data from European nations. In essence, do it or suffer the consequences. There were no international negotiations. The U.S. was allowed to participate in negotiations resulting in the so-called ‘Safe Harbor’ but it is interesting to note that very few firms have signed up for it."
"The Safe Harbor raises a whole host of issues in and of itself. For instance, the legal status of the Safe Harbor is highly questionable. Further, the Safe Harbor doesn’t cover financial firms. Indications are that privacy provisions of the ‘Gramm-Leach-Bliley’ Financial Services Modernization Act are not ‘adequate’ for purposes of the Privacy Directive. This is non-sense, as many people make a compelling case that these provisions are too strong. More importantly, what are global financial firms to do? They don’t qualify for the Safe Harbor, and U.S. law, which they must obey, is being overrun by the Privacy Directive."
"Recently, the EU has been designing so-called ‘model contracts’ that can be used to meet the stringent requirements of the Privacy Directive. Many experts have suggested that the model contracts will be imposed on U.S. firms as a way to ‘top-off’ or strengthen the Safe Harbor. This seems to directly contradict the purpose of the Safe Harbor and the negotiations that took place. Was the Department of Commerce duped into supporting the Safe Harbor? Are the Europeans really trying to find ways to strengthen the Privacy Directive?"
"I am hopeful that this hearing will provide some insight and provide
some comfort regarding the EU Privacy Directive. Unless or until that occurs, I
think it only appropriate to consider all the options this Committee can take.
Many have asked for our assistance in steering the new Administration towards
the proper perspective on this issue. I think we should give serious
consideration to doing just that."