Slide 22 of 26
I would like to submit, therefore, that in all of the areas that the Jurisdiction Project is addressing, the single most likely approach toward a solution over the long haul is by means of international agreements. The WTO Financial Services Pact now under consideration points the way home.
The qualification of “in the long haul” is fundamental. The fact is that international agreements develop at a glacial pace almost regardless of subject matter. Further, in this area, the national laws are so complex and divergent, that convergence -- much less harmonization -- will be very difficult to achieve. In addition, the global nature of the Internet causes an expansion of the number of entities that need to come to agreement.
I would also like to submit that those agreements need not be, in each case, governmental. In that regard, the work of the Privacy Working Group of the Jurisdiction Project is instructive. Efforts have been made to work out between the United States and the EU a set of safe harbor agreements. There is a widespread feeling in the privacy community that this process has largely failed and that they are, therefore, moving directly to solving the problems by means of contractual provisions among private parties. In essence, they are adopting methods employed in the wholesale payment systems market. (The EU Directive on Data Protection [Directive 95/46/EC; see http://www.cdt.org/privacy/eudirective/EU_Directive_.html] permits data transfers to third countries that do not ensure an “adequate” level of privacy protection when contractual or other safeguards protect the privacy of the data. 95/46/EC Art. 26(2). The Directive authorizes the European Commission to adopt standard contractual clauses that will be deemed to “offer sufficient safeguards.” 95/46/EC Art. 26(4)).