Encryption. On December 31, 1998, the Department of Commerce's Bureau of Export Administration issued regulations implementing the changes in U.S. encryption export controls previously announced by the Clinton Administration on September 16, 1998. As a general matter, the regulations create a new license exception for exportation of certain encryption products (License Exception ENC (Encryption)) to certain industries, such as financial institutions (including insurance companies), and ease the burden of exporting financial-specific encryption products.
The new license exception also extends to U.S. subsidiaries located outside the U.S. and other industries, such as health/medical organizations and on-line merchants (for client server applications with the purpose of securing electronic commerce transactions between merchants and their customers). Applicants for which the new regulations are applicable hopefully will experience a quicker, less expensive and otherwise less burdensome license application process.
On-Line Privacy. In our June/July 1998 Financial Services Regulatory Report article "Privacy Update," we reported that the Federal Trade Commission reviewed 1,400 commercial Web sites to examine the extent to which commercial enterprises inform consumers of the entity's information collection practices and the extent to which such entities offer effective privacy policies on-line. In a follow-up report, the FTC concluded that implementation of a self-regulatory approach to on-line privacy and data protection had to date been ineffective. Recently, the FTC announced that it will conduct a second survey of on-line privacy policies (to be completed this Spring) with the Direct Marketing Association. It is speculated that the FTC will use the results of this survey to determine whether progress in the area of self-regulation and on-line privacy has been sufficient or whether federal legislation is necessary.
Transborder Data Flows. In our April/May 1998 Financial Services Regulatory Report article "Potential Disruption of Transborder Data Flow: The European Data Directive," we reported that, as an alternative to national data protection legislation, the United States has consistently promoted industry self-regulation as a means of ensuring an "adequate level of protection" (and thus compliance with Article 25 of the Directive). Most recently, the U.S. Department of Commerce released draft "safe harbor" principles, which represent an approach to compliance through a mix of industry self-regulation, regulation and legislation. Although the Member States initially rejected the safe harbor principles as providing adequate data protection, the EU Commission recently stated that the principles would need to be clarified and improved, suggesting that the principles may form an appropriate basis for compliance with the Directive. The U.S. and the EU are hopeful that negotiations concerning data protection compliance will be concluded by the end of June 1999.
Prepared by Kimberly B. Kiefer, Esq. of the Washington, D.C. Office
This article was first published in the December/January 1999 Issue of Mayer, Brown & Platt's Financial Services Regulatory Report. The Financial Services Regulatory Report is edited by Melody A. Chestnut of the Washington, DC Office
Copyright © 1999 Mayer, Brown & Platt. This Mayer, Brown & Platt article provides information and comments on legal issues and developments of interest to our clients and friends. The foregoing is not a comprehensive treatment of the subject matter covered and is not intended to provide legal advice. Readers should seek specific legal advice before taking any action with respect to the matters discussed herein.
We operate a free-to-view policy, asking only that you register in order to read all of our content. Please login or register to view the rest of this article.