Article excerpt


EUROPE and the United States are on the brink of a costly trade war over the protection of personal privacy.

Though largely unnoticed by the public, it threatens banks, travel and leisure operators, credit card suppliers and multinationals - any company that moves personal data around the globe.

The threat comes in the form of a new Europe-wide privacy regime that will take effect on October 24. From that date, any country or business that wants to trade personal information with Europe will have to embrace a rigorous standard of privacy protection.

No privacy, no trade. It's that simple.

The European Commission in Brussels has already issued an ultimatum to Washington: Adopt strong privacy laws or risk losing billions of dollars of business with Europe.

The White House has responded by threatening to take Europe to the World Trade Organisation.

Chaos The new European Data Protection Directive will oblige every country in Europe to conform to a common set of standards that bind all governments and corporations to rigorous privacy rules. The British government is planning to amend UK data protection law in line with the directive.

'Principle 8' of a new Bill effectively prohibits companies from exporting personal information about European citizens to companies or countries that do not have adequate privacy protection.

The US has no such protection law, nor does Japan or South East Asia. Or, indeed, most of the world.

The first indications of the chaos to come have already surfaced in Sweden, which has forbidden the export of health-related data to the American Airlines SABRE reservation system.

German privacy authorities also threatened to paralyse a credit card co-branding deal between the German National Railway and America's Citibank.

The project survived because Citibank agreed to a complex contract that obliges it to enforce privacy rules in the US that meet German standards. The contract took nine months and cost millions of dollars to negotiate.

Under Europe's new privacy regime, Brussels must be informed about arrangements involving the export of personal data. Any European country planning to export such information must tell the

data protection regulators of all other European states, any of whom can object and seek to have the export blocked. …