Two leading trade organisations have called for changes to international rules on data transfer.
The American Chamber of Commerce to the European Union (AmCham EU) and the International Chamber of Commerce (ICC) "urgently call upon decision-makers on both sides of the Atlantic to deliver real progress on international transfers of personal data, a matter of growing concern for businesses worldwide," the trade groups said in a statement.
The call for action comes as more and more companies face legal uncertainty sparked by the different approach to data privacy in the US and Europe.
In recent weeks SWIFT, a Belgian financial data transfer company, has been found guilty of handing over personal data to US authorities in breach of European data protection laws. Meanwhile, European airlines are being forced by the US to break European data protection laws by handing over personal details about passengers flying to the US Failure to hand over the information, including passengers' names, addresses and credit card details, would result in them losing landing rights at US airports, or being fined up to US$6,000 per passenger.
AmCham EU and the ICC said companies are increasingly faced with the challenge of how to manage efficiently the growing number of complexities of their employee and customer data.
"This is every bit as true for European businesses operating in the US, for US companies doing business in Europe and for companies operating in other parts of the world," the groups said in a statement issued at the beginning of a two-day conference in Brussels about international transfers of personal data. The conference was organised by the European Commission and the U.S. Department of Commerce.
The legal framework in the EU has not effectively eliminated national data protection, forcing companies to comply with rules from 25 different sets of laws when processing data, the groups found. "Companies operating outside the EU, notably in the U.S., are especially hard-hit by this massive set of requirements," they said.
Exemptions from some of the more onerous requirements of Europe's tougher data protection rules include the Safe Harbor Agreement, signed in 2000, which lays out seven principles of data privacy. Companies that sign the agreement get immunity from some of the European laws, allowing them to transfer data to the US.
AmCham EU and the ICC were involved in drafting alternative standard contractual clauses for data transfers by companies. They are also promoting the use of Binding Corporate Rules, another legal tool to get around the problem of differing rules on data protection.
"Closer cooperation between the EU, the U.S. government, global business and other international institutions will lead to data protection mechanisms that will protect the rights of individuals and take business realities into account," AmCham EU and the ICC said.