EU Promises Extra Online Protection With Data Protection Law Overhaul

Brussels has decided to create tougher data protection rules governing the way that social networking sites collect data about their users to better protect European citizens online.

The current rules, which date from a directive passed in 1995, are no longer up to date and are set to be reviewed.  After three years of consultation, Viviane Reding, the European Commissioner for Justice, Fundamental Rights and Citizenship, will set out her plans for reform tomorrow.  The proposals—all 116 pages of them—are aimed at offering better protection for users' personal data collected by firms like Facebook, Apple and Google, whose Street View service drew particularly intense investigation recently.  Big changes are promised.

The existing European framework is no longer suited to today's Internet, which gains more and more new users every day.  In Commissioner Reding's proposals, 'instead of a patchwork of 27 different rules in 27 countries, there will be one law that will apply to all Member States in the European Union and to all companies which are offering their goods and services to consumers in the EU – even if their servers are based outside of the European Union.'

Right To Be Forgotten

In particular, the new data protection rules will give citizens more rights to protect their own personal data, including a 'right to be forgotten': 'I want to explicitly clarify that people shall have the right – and not only the 'possibility' – to withdraw their consent to the processing of the personal data they have given out themselves.' said Reding.  Today, even if you ask for personal data to be removed, it is rarely actually deleted.  In the future, users should finally be able to close their Facebook account permanently and be sure that all of their will disappear too.

Companies will also have new responsibilities to inform both users and the authorities if data has been lost, stolen or hacked—and will only have 24 hours to do so.

Service providers based outside of the European Union with customers inside the 27 Member States will have to follow the new rules, with any breaches sanctioned.  Current discussions in Brussels point to fines of up to one million euros or 5% of annual turnover.

The precise nature of the relationship between service providers and their customers may well evolve to give users more confidence in what they do online.

If the directive is approved, Member States will have three years in which to implement it.  Estimates from the Commission suggest that savings of 2.3 billion euros will accrue as a result from having common data protection rules in place across Europe.

> Buyer's Guides: Our Pick of The Best Products