New EU Data Privacy Rules Will Give More Power To Regulators

Firms must repoert data breaches and could be fined up to one percent of their global revenues

The European Union (EU) is set to propose new rules on how companies can handle Internet users’ personal data.

The new data protection proposals are expected to be revealed on 25 January and could change the way that Internet companies such as Facebook and Google use information from users.

Increased Responsibility

According to Reuters, the new proposals would increase regulators’ powers on fighting data protection breaches and would require companies to notify the authorities when data has been stolen or mishandled.

The mandatory notification rule has been promised by Commissioner Viviane Reding. The UK does not yet have mandatory notification as yet – but the UK’s Information Commissioner’s Office (ICO) has been pushing for it for some time.

Sony’s Playstation Network was hacked in April last year, resulting in 77 million accounts being compromised, yet Sony chose to wait a week before notifying users.

When these rules are applied, member states will have the power to fine companies up to one percent of their global revenues for violations. Individuals will also be granted the power to request the deletion of their information and the ability to transfer their data between different companies and services.

The EU says that the current regulations on data protection are too complicated and expensive and that consumers need to be able to trust companies with their data. It first announced plans to update its rules so that non-EU organisations would be responsible for upholding them last March.

The proposals would need approval by national governments, something which could prove tricky with those which would be loath to see more powers transferred to Brussels, but the process could take as long as two years, meaning companies may not have to comply until 2014.

Facebook Worries

The news could be a worry for Facebook, which has acquired large amounts of personal data from users of its social network.

It has come under fire for its privacy policy and last November it agreed a settlement with the US Federal Trade Commission which would subject it to privacy audits for 20 years and would ban it from sharing information that had previously been made private. The settlement was agreed following complaints about changes it made to its privacy settings in December 2009.

Google was accused by the EU justice commissioner Viviane Reding of not respecting European privacy rules after the search giant’s admission that its Street View cars had collected over 600GB of data from private networks while taking photos for the service. Reding has also previously accused the US authorities of demanding access to EU citizens’ data without any regard to their privacy rights.