PRIVACY VS. MARKETING: EUROPE DRAWS THE LINE
Two years ago, Fiat managers in France were all ready to transmit personnel records to their home office in Turin, Italy. But this simple action hit an unexpected snag. Citing the private nature of the data--salaries and performance reviews--the French government halted the transmission. It relented only after Fiat's management promised to follow France's strict data-privacy law in Italy.
The incident highlights the problems of doing business across borders when countries have contrasting notions of privacy. Since the late 1970s, seven European Community nations have enacted a patchwork of data-protection laws. But Italy, Belgium, Spain, Portugal, and Greece have passed none. Now, as all 12 nations lurch toward a unified market in 1993, these matters must be sorted out. The European Commission, the EC's executive branch, is pushing a single privacy standard. Experts say if the proposal is adopted in its current form, Western Europe will have the world's strictest set of protections (table, page 124H).
Companies on both sides of the Atlantic are lobbying intensely. Industry and government critics claim that the rules are so broad, they could chill international trade and cripple entire industries. Anyone selling names and other personal data, for example, would first have to get approval from everyone on the list. The result? "Direct marketing would be impossible," asserts Jan Soede of Direct Marketing Services, a Dutch company.
U. S. companies say the proposal would impede them in myriad ways. Companies operating in the EC would be barred from sending data to any country, maybe even the U. S., without what the EC deems "adequate" protections. Some fear that would let the commission control much of the world's information flow. Thus, many U. S. businesses see the rules as "unworkable," says Cly Wallace, director of EC affairs for the New York-based U. S. Council for International Business. While the U. S. State and Commerce Depts. don't oppose privacy protection in principle, they think the commission's efforts go overboard.
'OPPORTUNITY.' In defense, Ulla Ihnen, a commission lawyer, says the new rules are simply designed to prevent abuses in countries without privacy laws. She notes that in Belgium, census-takers ask whether respondents ever leave for work from an address other than home--and if so, what address? Later, the data can be sold for marketing purposes. "If people want that information released, fine," she says. "But they should be asked."
The EC proposal comes just as privacy fears are mounting in the U. S. Public outcries early this year led Lotus Development Corp. to scrap a plan to peddle demographic data on 80 million U. S. households. And last year, New York Telephone decided against selling subscriber lists after more than 800,000 people requested removal from them.
The EC directive "provides an opportunity to tighten and reexamine our own privacy laws," says Janlori Goldman, who directs the American Civil Liberties Union's privacy-and-technology project. The proposal is spurring interest in a privacy bill introduced by Representative Bob Wise (D-W. Va.) that updates the Privacy Act of 1974. It calls for a federal data-protection agency. "In the not-too-distant future," Wise told House colleagues in January, "consumers face the prospect that a computer somewhere will compile a record about everything they do. . . . If you buy Preparation H, you could get a call from a proctologist."
Not if EC-like rules cross the ocean. Despite opposition, the plan is likely to be approved, possibly with changes. Says Spiros Simitis, who heads an EC advisory group on privacy: "I am confident that it won't be watered down." If he's right, Washington may be forced to follow the EC's lead, giving Americans the same sweeping protections--and some businesses cause to weep.THE PRIVACY FUROR
The European Commission's proposal
-- Prevent companies from keeping personal data or ID numbers without the
-- Let consent be withdrawn at any time and permit damage suits if such
privacy rights are infringed
-- Require file-keepers to set up a security system to bar unauthorized access
-- Ban electronic profiles of individuals based on what they buy or do through
-- Bar transmission of data to countries without similar protections
Patrick Oster in Brussels, with Michele Galen and Evan I. Schwartz in New York