As lawmakers ponder whether or not pursue Internet privacy legislation, one thing appears certain: The United States won't adopt the European Union's privacy and data collection regulations, if a Sept. 15 House hearing is any indication.

The European Union may soon revise its privacy law, incorporating tighter privacy restrictions that may impact E.U. states' recognition of a U.S. safe harbor arrangement, Nicole Lamb-Hale, assistant secretary of the International Trade Administration, told the House Energy and Commerce subcommittee on commerce, manufacturing and trade. The possibility of a nullified safe harbor rule places lawmakers at a crossroads on privacy legislation.

U.S. companies are not currently required to comply with the 1995 E.U. data privacy law because the U.S. government in 1998 negotiated a safe harbor framework on behalf of U.S. businesses. The voluntary arrangement allows companies to self certify and declare compliance with an agreed set of privacy principles.

Lamb-Hale said U.S. companies would be more globally competitive and better prepared to comply with international privacy laws if an Internet privacy law were adopted.

"Foreign competitors could use the lack of U.S. privacy protections as a excuse for protectionism, and insist that information processing happens in their country, and not in the United States," said Peter Swire, a law professor at the Ohio State University.

"I think it would help the competitiveness of our businesses if we had baseline privacy protections that are flexible," said Lamb-Hale, later adding that the Commerce Department is "certainly not advocating that the U.S. operate under [the E.U.] type of [privacy] regime."

"The last thing we need to do is to look toward Europe for guidance on new privacy regulations," said Rep. Peter Olson (R-Texas), during the hearing.

Rather than overhauling privacy regulations, Lamb-Hale suggested the adoption of a "basic principles" that do not supersede existing regimes. "Our effort is to plug gaps--gaps that exist in the privacy regime that quiet frankly could not be anticipated at the time those various laws were enacted because, of course, we've had innovation, through the Internet and generally in the economy," she explained.

Stuart Pratt, president of the Consumer Data Industry Association, characterize E.U. privacy legislation as an umbrella entity, which if duplicated would insert "the greatest uncertainty" for companies navigating compliance. "To me this is just aggregating the congressional responsibility to legislate. It's empowering a regulator to then make decisions about commerce in a way that I just think is unhealthy. That kind of uncertainty makes it hard to innovate," said Pratt.

Pratt insisted that those who shared his sentiments were "not isolationists" trying to stifle information flow, but they did want what's best for American businesses.

For more:
- see the hearing page for a webcast and prepared testimonies

Related Articles:
US-EU data sharing efforts snagged by privacy oversight debate 
Napolitano: US-EU data sharing is critical 
Intelligence community collaboration efforts underway
EU IT agency warns governments away from private-sector cloud