New bill asks companies to notify EU of security breaches

The European Union works on legislation that would set up local cybersecurity agencies, in an effort to regulate tech companies that have access to user data.

Donna Tam Staff Writer / News

Donna Tam covers Amazon and other fun stuff for CNET News. She is a San Francisco native who enjoys feasting, merrymaking, checking her Gmail and reading her Kindle.

See full bio

Donna Tam

Jan. 18, 2013 12:40 p.m. PT

Neelie Kroes, VP of the European Commission. European Commission

Proposed legislation in the European Union would force tech companies that have access to user data -- such as Facebook, Google, and Microsoft -- to report any security breaches to local cybersecurity agencies, the Financial Times reported today.

This is the European Commission's effort to make private companies accountable for privacy and security problems, European Commission Vice President Neelie Kroes told the Financial Times.

If passed, the measure would require each of the EU's 27 member states to set up local cybersecurity agencies to implement security standards on online networks. Social networks, e-commerce companies, and large online platforms that have access to users' data would all have to report any server issues and security breaches to these agencies, or face sanctions.

Most U.S. states already require these companies to report security breaches involving more than 500 customers, but nothing has been done on a national level.

The European bill is in line with the EU's latest efforts to catch up with user data-protection standards. Another proposed law aims to improve data protection by curtailing the ability of services to collect, analyze, or sell the personal data of users.