Everyone knows that the Internet is a global medium, that it is no respecter of national boundaries, and that, barring extreme action by individual countries, the free flow of information across its infrastructure is all but unimpeded.
Despite that obvious truth, many companies, including most U.S.-based corporations, tend to view any attempt on the part of a foreign government to impose any restrictions or regulations on Internet traffic and commerce as irrelevant. They see such efforts as either technically impossible, politically unenforceable or doomed to failure.
This cavalier attitude is a serious mistake.
American companies who have any business dealings with any of the 27 nations in the European Union must be alert to the implications of tough privacy standards being touted by the EU’s privacy chief. These regulations, pending in the EU Parliament at this writing, can ultimately cost American businesses billions of dollars in fines. This despite the fact that a number of large EU member states have begun pressing for a softening of some of the regulations in recent days, and that some loosening of restrictions will almost certainly take place before their adoption. The European Parliament is thought to be opposed to the new changes but it is possible enough member states could combine to block any regulations from being adopted.
Still, it is important to realize that the right to data privacy is enshrined in the founding documents of the EU. Article 8 of the EU Charter of Fundamental Rights guarantees that every European citizen “has the right to the protection of personal data concerning him or her.”
In recent news reports, Viviane Reding, EU commissioner for justice, has demonstrated adamant support for this right and a plan to thwart any attempt by American companies to lobby the U.S. Government into opposing the rules on traffic between the U.S. and the EU. “Exempting non-EU companies from our data protection regulation is not on the table. It would mean applying double standards,” she has told news outlets.
A number of U.S. companies, led by Google and Facebook, have been lobbying both in the U.S. and Europe in opposition to the tough regulations, which under the proposed law would carry fines of as much as 2% of a company’s global revenues.
It’s important for American companies to stay abreast of developments in this legal arena. Even though the U.S. is pressing hard on the EU to confine enforcement of the new regulations to EU companies only, there is stiff and widespread opposition to that perspective in the EU.
It’s not just the U.S. government on behalf of American companies who are opposed to the new regulations. A number of British Information Commissioners past and present have come together to admonish the EU and advice them to send the proposed rules “back to the drawing board.”
Whether or not the regulations are adopted is anyone’s guess. What is probably not subject to guesswork, however, is the fact that, if they are adopted, they will be enforced against any company, regardless of its country of origin, that wants to engage in Internet-based business with Europeans on any level.
That means that whether you have customers, business partners, servers or any other presence in Europe, you may be subject to adhering to the data privacy rules of the EU. It also means that remaining ignorant or complacent is a potentially costly mistake.