EU overhauling data-privacy policies to protect consumers

The EU says that data protection for individuals will be drastically improved by not allowing companies to process sensitive data without the user's consent.

Don Reisinger
CNET contributor Don Reisinger is a technology columnist who has covered everything from HDTVs to computers to Flowbee Haircut Systems. Besides his work with CNET, Don's work has been featured in a variety of other publications including PC World and a host of Ziff-Davis publications.
Don Reisinger
3 min read

Privacy advocates are one step closer to winning a big one in the European Union.

The European Commission, the EU's executive arm, today unveiled a set of proposals aimed at improving the privacy of personal data, like e-mails, Facebook posts, and Web activities, across the European Union's 27 countries. The EC, which claims 70 percent of Europeans are concerned that their private data is being misused, says the time has come for the continent to overhaul the 1995 data protection rules that currently govern privacy across the zone.

"Seventeen years ago, less than 1 percent of Europeans used the Internet. Today, vast amounts of personal data are transferred and exchanged, across continents and around the globe in fractions of seconds," Viviane Reding, the Commission's vice president, said in a statement today. "The protection of personal data is a fundamental right for all Europeans, but citizens do not always feel in full control of their personal data. My proposals will help build trust in online services because people will be better informed about their rights and in more control of their information."

Here are some of the key proposals Reding has brought before the European Union to help individuals:

  • A "right to be forgotten" that will allow consumers to permanently delete data when there is no reason for keeping it.
  • Consumers must give explicit consent for companies to process their sensitive data, rather than see their data culled after giving "assumed" consent.
  • Companies must make data easier to be transferred from one service provider to another by making consumer information readily available to individuals.
  • Any "serious data breaches" must be brought before the EU's data protection authority within 24 hours, or as soon as feasible.
  • The EU rules, if approved, would apply to data processed overseas by companies that are actively engaging in business across the zone.

If companies commit "serious" violations related to the processing and safekeeping of consumers' sensitive data, the proposal calls for fines of up to 1 million euros (about $1.3 million) or 2 percent of their global annual sales.

Although the Commission is trying to put additional pressure on companies with its proposal, the organization says the new rules could help firms, as well. It believes that if the rules are approved, they could save businesses across the EU 2.3 billion euros a year by creating a single code to work from. Currently, companies must adhere to several different policies implemented by the European Union's member states.

The EC also says that companies could save 130 million euros annually "by cutting red tape and abolishing formalities such as general notification requirements for companies."

Privacy has long been a concern for the European Union. The governing body has, for the last several years, aimed at improving privacy for citizens and targeting companies that it believes might violate a person's right to security. This proposal attempts to make it easier for the EU to enforce privacy policies across the continent.

But before Europeans hoping for better privacy get too excited, beware that this isn't the final step. The Commission's proposals will be sent to the European Parliament and EU member states for discussion. If they're finally approved, the rules will be enforceable across the EU two years after they have been adopted.