U.S. bankers are fearful that a new European privacy law could impede their ability to detect and fight international fraud.
The European Union Data Protection Directive, which took effect this week, governs how companies collect and export personal data about European citizens. Companies must obtain consumers' permission to collect information about them and must disclose how they will use the information and for what purpose it is being collected.
European backers of the law argue that it protects consumers against Big Brother-style corporate intrusion, but U.S. bankers fear criminals could use it to learn about investigations of their activities. The bankers also said they worry it could inhibit their ability to compile information about competitors and potential business partners.
The disclosure requirements run counter to standard business practice in the United States, where it is relatively common to gather information about customers and corporate rivals without their knowledge.
"A lot of things private investigators do in this country would be illegal in Europe," said Scott Blackmer, a lawyer at Wilmer, Cutler & Pickering in Washington.
The European law "compromises businesses' ability to check out other businesses," said Daniel Brooker Sr., executive vice president of the National Fraud Center of Horsham, Pa., which conducts fraud investigations on behalf of banks.
Under the law, "banks will not be able to know their European customers in the same way they are able to know their U.S. customers," and fraud could increase, Mr. Brooker said.
"Know your customer" is a basic principle in banking, and it will soon be written into U.S. regulations requiring banks to monitor customers' banking habits so that irregular transactions stand out. That would require the collection of certain personal information.
But the European directive seems to require banks to give customers unlimited access to the information held on them, including files opened as part of an investigation into, for example, money laundering.
If U.S. banks were forced to disclose such information, "government investigators would be given away," said John J. Byrne, senior counsel and compliance manager of the American Bankers Association in Washington.
Bankers said the law could also make it difficult to evaluate the credibility of senior executives of European concerns they might want to acquire or do business with. In the United States such due diligence is routinely done without the consent or knowledge of the party being examined.
Still, some privacy experts said that U.S. businesses' concerns may be exaggerated.
"Everything in the directive is based on consent," said Duncan MacDonald, who recently retired from Citibank as general counsel on privacy issues. "All a company has to do is get permission. Most of the discussion on the American side of the directive is hysteria."
Robert Ellis Smith, a consumer advocate and publisher of Privacy Journal in Providence, R.I., said, "Fraud investigators ought to be able to operate within the restrictions of the directive. If it requires them to change the way they do business, then that is a good thing."
