European Commission director Sue Binns says that she sees the US developing "a mosaic" of legislation to meet the EU's requirement for equal levels of data protection on both sides of the Atlantic.
She believes laws and codes of conduct will issue rapidly from Washington to meet EU criteria for allowing data transfers to continue after next October.
Speaking at an American Chamber of Commerce conference on data protection, Binns said that in some areas the US data privacy codes are "pretty good", while in others further efforts will be have to be made for the EU to recommend transfers when its directive comes into force in under a year's time.
"In the US financial services sector, banking is pretty good. Insurance is less good. If you take life insurance or motor insurance there is a lot of personal data and the US has no laws on medical data. That is an unsatisfactory gap which has consequences in the insurance area," she said.
"Either a law on the security of medical data, or on insurance, would be an improvement. In telecomms there are a number of provisions which protect security and with pretty big companies with a reputation to protect that. Bell Atlantic has an excellent code," she added.
"Talks are ongoing with the US at various levels and we need some understanding before the directive comes into force. We are unlikely to bridge all the gaps but have to decide how to manage difficulties and avoid a disruption of commerce," she continued.
The Amcham conference was aimed at discussing practical industry solutions to transfers of data, which companies will only be allowed to make to those countries with equivalent protection for private data.
Binns, a director in the Commission's directorate-general for financial services and the internal market, said the EC wanted to be "flexible and pragmatic" in solutions but that industry's proposals for contractual agreements were only "a last resort".
Contractual arrangements already protect EU personal data sent to the US for processing and Binns cited the well known case of the season ticket-cum-credit card package put together by Deutsche Bundesbahn and Citibank, in which German regulators approve US processing.
"The German data protection registrar was not very happy and Citibank decided to subject themselves to the German rules and to investigative powers in Germany in order to keep that business and made a contractual arrangement. As far as I know there are no difficulties," she said.
The US is the main trading partner of the EU to be affected by the data protection rules but not the partner with the worst data protection rules, she said.
Binns noted president Bill Clinton's call for industry to come up with proposals on data protection by July next year in order to help electronic commerce flourish.
The US has proposed to the Commission a number of measures that meet EU concerns over the absence of a regulator to deal with data privacy complaints in the US, she said.
These include a possible extension of misleading advertising rules, use of Federal Trade Commission powers to sanction companies, and extended use of arbitration. She agreed that mechanisms must give individuals the right to deal with abuse without going to "a great expense", she concluded.
BT wants to make the public switched telephone network history within eight years
Personal data being purloined by third parties via Facebook Login API
MacOS and iOS are better off apart, says CEO Tim Cook
Or they'll no longer be entitled to updates and bug patches