European Committee Votes For Strict Privacy Laws

The European Parliament’s Committee on Civil Liberties, Justice and Home Affairs  has voted for strict privacy laws which include fines of up to €100 million (£85m) or more for large companies, despite the best efforts of Internet firms to water down the rules during the nearly two years of wrangling over just how tough the controls should be.

The initially stringent regime was watered down earlier this year, following lobbying from giant firms including Google, Facebook and BT, but Edward Snowden’s revelations of the extent of US government snooping into the data of those firms’ users has caused a political storm.

Hands off our data

The Data Protection Regulation now includes the “right to be forgotten“, in which citizens can request that service providers delete their personal data, and a new provision that says European laws will apply to any transfer of European citizens’ data to third parties, such as US bodies.

The rules defend user privacy, but they will impose demands on how businesses can operate, warn observers. For starters, big firms will have to have a named data protection officer, whose role is to ensure compliance.

“Ultimately, these amendments will make businesses more accountable to the public, and give the individual more power than previously,” says lawyer Bridget Treacy, managing partner and Head of the UK privacy and cyber security Practice at Hunton & Williams. “Businesses will have to state clearly  the purposes for which they will use individuals’ personal data, and not collect more data than they need. Consent will need to be specific and limited to particular purposes, with businesses having the burden of proving that they have obtained consent.

The rules will also require data to be “pseudonymised”, so companies can deal with individuals as un-named entities, which will limit the possibilities for companies who want to use profiling and mine their customer transactions for big data gems, warns Treacy. “Given the fundamental importance of personal data to the global economy, and the fact that these European reforms seem likely to restrict how businesses can use personal data, all businesses should monitor and be aware of these changes.”

The Regulation goes before Parliament in April 2014, and may be amended further before that time. In particular, the Council of Ministers – which has previously taken a more business-friendly tone – will weigh in and look for a compromise.

“In terms of next steps, the Council of Ministers continues its work under the Lithuanian Presidency to agree its position,” adds Treacy. “The Council has taken a very different approach to the reforms, seeking a more pragmatic, risk based framework. If the Council can agree on a compromise text, it will then enter a trilogue with the Parliament and the Commission, likely in February 2014, to seek agreement on the Regulation ahead of the European elections in May 2014.”

As the Regulation stands, firms can actually be fined more than the €100 million mentioned in the draft law, as there is a provision for serious offenders to be fined up to five percent of their turnover or €100 million, “whichever is greater”. So, if Google contravenes the eventual law, it could theoretically be hit with a $2.5 billion, thanks to its $50 billion turnover.

At present, privacy penalties in Europe are applied on a country-by-country basis, and have always been at a level where giants like Google can shrug them off. for instance France’s regulator fined the search giant €100,000 when its Street View mapping cars collected  unauthorised data from users’ Wi-Fi networks.

Do your privacy quiz – we won’t tell anyone!

Peter Judge

Peter Judge has been involved with tech B2B publishing in the UK for many years, working at Ziff-Davis, ZDNet, IDG and Reed. His main interests are networking security, mobility and cloud

Recent Posts

Meta Plans Subsea Cable For Its Own Exclusive Use – Report

World spanning subsea cable measuring 40,000km (or 24,854 mile) long, reportedly being planned by Meta…

2 days ago

Canada Sues Google For Alleged Anti-Competitive Conduct In Advertising

More legal trouble. Canada's Competition Bureau sues Google for alleged anti-competitive conduct in online advertising

2 days ago

German Government Plots €2 Billion For Chip Subsidies – Report

Is it enough? After Intel disappointment, Germany to offer approximately 2 billion euros in subsidies…

3 days ago

Google Asks Appeal Court To Throw Out Epic App Store Verdict

After Epic Games 2023 courtroom victory, Google appeal argues “dramatic redesign” of Play store will…

3 days ago

Intel Says $7.86bn Grant From US Will Restrict Foundry Spin-off

Chip giant's plan for Intel Foundry to be spun off as independent subsidiary will be…

3 days ago