EC Looks To Impose Massive Data Breach Fines

The European Commission (EC) is reportedly looking to introduce steep fines for companies that breach data protection laws as part of a proposed overhaul of privacy regulations.

The latest draft of the proposed changes would allow the EC to fine larger companies up to five percent of their global turnover, which could amount to billions of pounds for companies such as Google or Facebook, according to reports by the Financial Times and Bloomberg.

Updated Regulation

The reforms would give the EC powers comparable to those it wields in the area of competition, where it is able to fine companies up to 10 percent of their turnover for breaches. These powers have resulted in massive fines for the likes of Microsoft and Intel.

Companies would be liable for customer data sold to third parties without authorisation and data transferred to social networks or cloud-based services. The new regulations would apply to the European subsidiaries of organisations based outside the EU, forcing multinationals to strengthen their data protection policies.

In a speech in Brussels on Tuesday, EU Justice Commissioner Viviane Reding said the reforms are intended to be “an inspiration for changes in the US and elsewhere.”

She specifically singled out US plans for a self-regulation regime for companies that collect personal data, arguing that such a scheme “will not be sufficient to achieve full interoperability between the EU and US.”

The new rules would oblige companies to notify data protection authorities within 24 hours in the case of a breach affecting private data. By contrast, earlier this year RSA took two months to notify authorities of a compromise that affected its SecurID tokens.Companies with more than 250 employees would be required to employ dedicated data protection staff.

The EC is looking to introduce the first significant update to its data protection legislation since 1995, and is set to formally unveil its proposals in January. The changes will also look to alter the way social networks such as Facebook gather data about users.

The new measures will face approval by national governments, and then must be implemented in national law, meaning it is likely to be at least four years before the rules come into effect.

Matthew Broersma

Matt Broersma is a long standing tech freelance, who has worked for Ziff-Davis, ZDnet and other leading publications

Recent Posts

Ericsson To Cut 1,200 Jobs in Sweden Amid ‘Challenging’ Market

Swedish telecoms giant Ericsson blamed “challenging mobile networks market” and “further volume contraction” for job…

4 hours ago

FTX’s Sam Bankman-Fried Sentenced To 25 Years In Prison For $8bn Fraud

Dramatic downfall. Sam Bankman-Fried sentenced to 25 years in prison for masterminding $8bn fraud that…

5 hours ago

Elon Musk Orders FSD Demo For Every Tesla US Sale

Fallout avoidance? Tesla buyers in the US must be shown how to use the FSD…

6 hours ago

Amazon Pumps Another $2.75 Billion Into Anthropic

Amazon completes its $4bn investment into AI firm Anthropic, after providing an additional $2.75bn in…

7 hours ago

The Sustainability of AI

While AI promises unparalleled efficiency, productivity, and innovation, questions regarding its environmental impact loom large.…

10 hours ago

Trump’s Truth Social Makes Successful Market Debut

Shares in Donald Trump’s social media company rose about 16 percent after first day of…

10 hours ago