Tuesday

18th Jan 2022

EU citizens to remain in the dark on data breaches

  • If your data is encrypted, your bank does not have to tell you it was hacked (Photo: Agnes Lisik)

Telecom operators and Internet Service Providers (ISPs) will not have to tell people their personal data has been hacked if they adhere to European Commission guidelines.

The commission on Monday (24 June) said the yet-to-be published guideline includes a new safeguard on encrypting personal data, which would spare companies the embarrassment of having to go public if the information is stolen by a hacker or released by accident.

Read and decide

Join EUobserver today

Become an expert on Europe

Get instant access to all articles — and 20 years of archives. 14-day free trial.

... or subscribe as a group

“If a company applies such techniques but suffers a data breach, they would be exempt from the burden of having to notify the subscriber because such a breach would not actually reveal the subscriber’s personal data,” the commission said in a statement.

Digital agenda commissioner Neelie Kroes said it would “level the playing field” between consumers and businesses.

“Businesses need simplicity,” she noted.

She added that consumers also need to know when their personal data has been compromised, but only when this is possible.

The encryption rule is bundled with a new set of other measures to clarify what the industry should do in the event of a breach.

The rules enter into force in August and would set up a common online identification form for data loss notifications. Companies would use the form to notify a national authority if their system has been hacked.

The rules are being added to the existing ePrivacy directive which requires companies to keep people’s data secure and to notify them of data breaches.

Companies are required to erase or anonymise any data that serves no purpose.

But a controversial article in the EU legislation allows member states to keep the data in the event of criminal investigations or in cases involving national security.

The article is similar to one in the EU data retention directive, which is currently being challenged in the EU court in Luxembourg.

The data retention directive requires mobile phone companies and ISPs to monitor a person’s location, calls and emails.

The companies are then obliged to store the data for up to two years in the event of a police investigation.

Digital Rights Ireland has filed a case against the EU data retention law in the European Court of Justice, arguing there are not enough safeguards in the legislation.

A verdict is due on 9 July.

Digital rights experts say that even if the data retention directive is overturned the corresponding article in the ePrivacy law could remain intact.

Frontex chief: 'about time' MEPs probe his agency

Some 14 MEPs have created a group to probe allegations of rights abuse by the EU's border agency Frontex. Its head, Fabrice Leggeri, welcomed its creation and said it "is about time".

Romania denies forcing migrant-boat back to Turkish waters

Romania's ministry of internal affairs wrote to Frontex claiming it did not engage in any illegal pushbacks of people on rubber boats into Turkish territorial waters. The country says it followed EU engagement rules and Greek orders.

LGBTI fears over new Polish member at EU institution

A letter sent to the European Economic and Social Committee by a group of cross-party MEPs fighting for LGBTi rights expresses fears that a recently-appointed Polish member may try to undermine those rights.

News in Brief

  1. French parliament agrees stricter vaccine-pass system
  2. US speaks to energy firms about EU gas cut-off scenario
  3. Anti-vax protests held in the Netherlands, Hungary, Austria
  4. German MEP spends €690,000 on office renovation
  5. Microsoft identified destructive malware in Ukraine agencies
  6. Danish intelligence crisis deepens
  7. Hackers expose Polish military secrets
  8. Swedish soldiers might leave Sahel due to Russian fighters

Feature

Covid-hit homeless find Xmas relief at Brussels food centre

The Kamiano food distribution centre in Brussels is expecting 20 people every half hour on Christmas Day. For many, Kamiano is also more than that - a support system for those made homeless or impoverished.

Top court finds Hungary and Poland broke EU rules

EU tribunal said Hungary's legislation made it "virtually impossible" to make an asylum application. Restricting access to international protection procedure is a violation of EU rules.

Latest News

  1. James Kanter, Shada Islam are new editors at EUobserver
  2. The loopholes and low bar in Macron's push for a global tax
  3. No love for Russia in latest EU strategy
  4. New EU Parliament chief elected This WEEK
  5. Lead MEP now wants ETS opt-out for homes and private cars
  6. MEPs seek probe into EU commissioner over Bosnia
  7. EU's Borrell contradicts Germany on Russia gas pipeline
  8. It's time for a more geopolitical EU-Turkey cooperation

Join EUobserver

Support quality EU news

Join us