The EU will propose tough new rules in the coming days on how corporations handle Internet users’ personal data, a long-awaited move that could have far-reaching implications for Web giants such as Google Inc and Facebook.
European Commission Vice President Viviane Reding said in a speech on Sunday that the new data-protection legislation was needed to protect users and cut red tape for businesses in Europe.
“Only if consumers trust that their data is protected will they entrust companies with it ... We need individuals to be in control of their information,” Reding said at the DLD conference of tech industry leaders in Munich.
However, Reding also emphasized a need to simplify Europe’s approach to online data protection, arguing that the current system was too cumbersome and costly for business.
“In Europe we have too many rules, conflicting rules,” she said. “The extra cost to business of this fragmentation is 2.3 billion euros [US$3 billion] a year.”
Europe’s new data-protection rules are expected to be issued tomorrow. The EU regulation will need to be approved by national governments, some of which, such as France and Germany, may resist seeing their oversight on privacy matters shift to Brussels.
The legislative process is likely to take at least two years, so the rules could still change considerably. Internet companies will not be required to comply before 2014 or 2015.
According to a draft obtained by Reuters, the EU proposals would significantly bolster regulators’ powers on fighting data-protection breaches, requiring companies to notify regulators when data has been stolen or mishandled.
The proposals also give member states new powers to fine companies up to 1 percent of their global revenues for violating EU data rules. The Financial Times reported last month that the rules would allow for fines up to 5 percent of global revenues, so the EU may have reconsidered its approach since then.
The proposals grant broad, new rights to individuals, including a so-called “right to be forgotten” that would allow people to request that their information be erased and not disseminated online.
The rules also create a “right to data portability” to ensure that people can easily transfer their personal information between different companies or services.
Such rules could force social networks to change the way they handle users’ data.