EU backs down on 'right to be forgotten' online
After intense lobbying by online companies from Europe and the US, the European Commission has softened its stance on the 'right to be forgotten' in preparation of an overhaul of the bloc's data privacy rules due early next year.
"We need a framework for privacy that protects consumers and encourages the digital economy to grow," EU justice and fundamental rights commissioner Viviane Reding said Monday (29 November) at en event organised by the American Chamber of Commerce in Brussels.
Dear EUobserver reader
Subscribe now for unrestricted access to EUobserver.
Sign up for 30 days' free trial, no obligation. Full subscription only 15 € / month or 150 € / year.
- Unlimited access on desktop and mobile
- All premium articles, analysis, commentary and investigations
- EUobserver archives
EUobserver is the only independent news media covering EU affairs in Brussels and all 28 member states.
♡ We value your support.
If you already have an account click here to login.
Unlike in March, when she delivered a barnstorming speech in the European Parliament that declared a new "right to be forgotten" and "burden of proof" that should be placed on online companies to justify why they need to store personal data, now Reding mentioned this only briefly towards the end of her intervention.
"The right to be forgotten should build on existing rules. If one doesn't want his data to be stored any longer and there is no legitimate need for the company to keep it, then data should be removed," she said.
Picking up on long-standing complaints from the industry that data privacy rules across Europe are too fragmented and costly to implement, Reding promised to deliver a "one-stop shop" for privacy rules, with new legislation that will be binding for all 27 member states.
However, companies will have to only have to adhere to the national law of the EU country where their main operations, headquarters or data storage facility lies.
The commissioner also said the new law will "drastically" cut back on red tape and create a "more business-friendly environment." Companies such as Google and Facebook will no longer be required to send general notifications to data protection authorities in each member state, but instead "will focus on those requirements which enhance legal certainty."
The current data protection rules date back to 1995 at the dawn of the internet age and long before social networks such as Facebook and Twitter had appeared.
But the revamped legislation is already two years behind schedule and even if put forward in January, by the time it will be implemented in national law, technology is very likely to have evolved still further and brought about new privacy problems that will not be covered by it.