The European Commission has announced sweeping reforms in privacy and data protection laws within the union – including a single legal framework, and stronger penalties to make sure companies abide by these new rules.
The EU Justice Commissioner Viviane Reding announced the new reforms, claiming that businesses will also save €2.3 billion a year because of the reduction of unnecessary administrative procedures and paperwork. EU rules will apply to all companies that are active within the EU market – so this includes companies like US-based companies Facebook, Google and Twitter.
New rules include the right of data portability – meaning users will be able to transfer their personal data from one site to another; the ‘right to be forgotten’ where users will be able to delete their data if the company has no legal reason of retaining it; and rules on how data can be transferred internationally.
“Personal data can be collected in Berlin and processed in Bangalore. I therefore want to improve the current system of binding corporate rules to make these exchanges less burdensome and more secure,” Reding said in a speech.
In addition, the reforms also state that consent must be explicitly given, rather than assumed, for data to be processed; and all companies must inform all users how users’ data will be processed “in simple and clear language”. Companies, however, will still need to report any personal data being stolen, loss or hacked within a 24 hour period.
The reform also comes with stronger penalties. First offences will get a warning; while serious offences could see penalties of up to as high as 2 percent of a company’s annual turnover. For less serious offences, companies could be fined up to €250,000 or up to 0.5% of the annual turnover; and companies not rectifying the problems or notifying users of data loss could face fines of up to €500,000 or 1% of turnover.
The reforms will be given to the European Council of Ministers and European Parliament; and once passed, will be enforced within the Union two years after passing so member states can put it in national law.