EU bill gives web users 'right to be forgotten'
The EU commission has unveiled a single EU-wide law on internet privacy that could see overseas firms hit with multi-million-euro fines.
EU justice commissioner Viviane Reding told press at the launch event in Brussels on Wednesday (25 January) that "personal data is the currency of the digital market and it must be stable and trustworthy." She also called data protection "a fundamental right for all Europeans."
Join EUobserver today
Become an expert on Europe
Get instant access to all articles — and 20 years of archives. 14-day free trial.
Choose your plan
... or subscribe as a group
Already a member?
The draft regulation updates an old law from 1995 and comes at a time when 250 million EU citizens log on every day.
It gives people the 'right to be forgotten' by enabling them to force firms such as Facebook or Amazon to take their personal information off the internet or to delete it from their internal servers unless they can give a compelling reason to say No.
It also gives users the right to take their data away from one company and give it to another.
For their part, firms would have to seek explicit consent if they want to use someone's information for actions such as a marketing campaign. They would also have to notify people and national authorities within 24 hours if there is a security breach.
Member states and MEPs still need to comb through the proposal in a process that usually takes between 18 months to three years. The regulation will come into force two years after it is adopted.
If it goes through in its current form it will affect any company around the world which does business online in the Union and it will have bite.
Fines for non-compliance start at €250,000 or up to 0.5 percent of turnover if, for instance, a firm tries to charge a fee when someone seeks access to their own data. They go up to €500,000 or up to 1 percent if it flat-out refuses to supply the data. And they hit €1 million or 2 percent of turnover for the most serious violations, such as selling people's data without their consent.
The US-based Google's turnover last year was about €30 billion.
The fines are to be levied by new regulators set up in each EU country in charge of applying the law.
Reding on Wednesday said the bill will be good for companies because it creates a single set of rules across the bloc. She estimated that firms' compliance with the mixed bag of 27 national jurisdictions currently wastes €130 million a year.
Big business is taking a keen interest in the EU development.
For its part, Google pre-empted the commission press launch by announcing earlier on Wednesday its own set of privacy reforms. When questioned on the timing, the world's largest internet company told EUobserver it has been working on a new privacy policy since last year.
Ron Zink, a senior lawyer in Microsoft, said the EU bill is good because it will reduce costs. But he added it "may be too prescriptive and not advance the interests of consumers," without going into detail.
In signs of a lobbying battle to come, pro-civil-liberties campaigners, such as German Green MEP Jan Philipp Albrecht, like the Reding scheme. But some parts of industry do not.
"Today's proposals will ... hit advertising revenue and hinder long-term innovation, competitiveness and growth in Europe," the Brussels-based World Federation of Advertisers said.
Site Section
Related stories
- EU backs down on 'right to be forgotten' online
- EU court: No 'right to be forgotten' in data rules
- Reding tells MEPs to fast-track data protection reforms
- EU institutions take on Google over privacy regime
- Obama launches online bill of rights
- UK cyber-security expert joins international calls for online regulation