The European Commission has no objections, a priori, to the US proposal in favor of self-regulation by corporate America on the question of privacy protection on the internet in general, and in electronic commerce in particular. With the Department of Commerce poring over proposals from the private-sector Online Privacy Alliance in preparation for Secretary William Daley’s report on the subject to President Clinton this month, the US is moving toward self-regulation. This, in turn, will need to satisfy the EC’s criterion of ‘adequate protection’ in order for personal data to be transferred across the net, as the member states of the European Union are all in the process of transposing the Commission’s directive into national law by October 28. Joachim Kubosch, a spokesperson for the Commission’s DGXV telecoms directorate, said there is no reason why self-regulation should not provide the degree of protection required by the directive. However, he echoed Daley’s concern, expressed in his address to the DoC’s Privacy Summit last week, regarding the enforceability of such an arrangement. In other words, in a self-regulated environment, what kind of sanctions can be enacted against those who break the rules, and will they be contained in civil, or even criminal, law? In any case, it will, be up to the courts in the individual member states to determine whether the US provides adequate protection, Kubosch added.
