The EU data privacy law went into effect last month and could prevent database marketing firms, Web sites, U.S. firms with European employees, and credit card companies from sending personal data back to the United States and other countries that do not provide "adequate" protection of the data.
White House officials such as Ira Magaziner have scrambled over the past eight months to stay the directive until safe harbors could be created for U.S. firms, which are now subject to more relaxed privacy protection laws.
The Commerce Department proposed a set of privacy protection principles earlier this month that it hoped would meet the EU's demands for tough restrictions on the way businesses use and store electronic data about individuals.
But the EU apparently isn't satisfied.
"Unfortunately, the member states considered that the principles are not sufficient to guarantee equivalent protection [to the EU law]," an EU source told Reuters yesterday, adding that they complained about gaps in the areas of access to information and consumer redress.
The 15 EU countries, which discussed the proposal last week at a meeting in Brussels, were still in a cooperative mood and not threatening to cut off exports of data to the United States, the source added.
Commerce officials countered today that the EU is expected to react to their proposal by the end of this week and that negotiations are set to continue after that.
"This document is in flux. We called them, and they haven't rejected our proposal," said Barbara Wellbery, counselor to the undersecretary for e-commerce at Commerce's International Trade Administration Bureau.
"The EU would like to see some changes, and we've [received] 70 comments from our private sector on this and they would like to see some changes," she said. "The joint goal is to develop a practical approach to keep data flows going while enhancing privacy protection."
The EU's data protection directive gives individuals broad rights to know, and in some cases control, how information about their buying habits, credit ratings, health, and other characteristics is used.
One of the biggest stumbling blocks has been the EU's insistence that individuals be allowed to seek redress from an independent body with effective enforcement powers if they believe their privacy has been violated.
Commerce's proposal is likely failing to meet the EU standard when it comes to giving consumers access to their digital profiles as well as in areas of enforcement for privacy breaches. Still, the United States has no plans to implement a comprehensive EU-style privacy law. Instead, the Clinton administration has been a cheerleader for industry self-regulation.
The Commerce Department proposed that consumers have access to independent entities to resolve disputes, with companies facing unspecified "consequences" for violating the guidelines. Voluntary systems that have been cited in public meetings include Truste and principles by the Online Privacy Alliance.
European Commission spokeswoman Elisabetta Olivi told reporters that Commission internal market director-general John Mogg would discuss the issue with U.S. undersecretary of Commerce David Aaron in Washington on December 1.
A committee of EU national government representatives will return to the question on December 9, she added. The United States wants to strike a privacy deal before a summit next month.
"We are trying to finish up by the end of the year--that was a deadline we had set for ourselves," Commerce's Wellbery said.
Reuters contributed to this report.