Thursday

7th Jul 2022

EU citizens to remain in the dark on data breaches

  • If your data is encrypted, your bank does not have to tell you it was hacked (Photo: Agnes Lisik)

Telecom operators and Internet Service Providers (ISPs) will not have to tell people their personal data has been hacked if they adhere to European Commission guidelines.

The commission on Monday (24 June) said the yet-to-be published guideline includes a new safeguard on encrypting personal data, which would spare companies the embarrassment of having to go public if the information is stolen by a hacker or released by accident.

Read and decide

Join EUobserver today

Become an expert on Europe

Get instant access to all articles — and 20 years of archives. 14-day free trial.

... or subscribe as a group

“If a company applies such techniques but suffers a data breach, they would be exempt from the burden of having to notify the subscriber because such a breach would not actually reveal the subscriber’s personal data,” the commission said in a statement.

Digital agenda commissioner Neelie Kroes said it would “level the playing field” between consumers and businesses.

“Businesses need simplicity,” she noted.

She added that consumers also need to know when their personal data has been compromised, but only when this is possible.

The encryption rule is bundled with a new set of other measures to clarify what the industry should do in the event of a breach.

The rules enter into force in August and would set up a common online identification form for data loss notifications. Companies would use the form to notify a national authority if their system has been hacked.

The rules are being added to the existing ePrivacy directive which requires companies to keep people’s data secure and to notify them of data breaches.

Companies are required to erase or anonymise any data that serves no purpose.

But a controversial article in the EU legislation allows member states to keep the data in the event of criminal investigations or in cases involving national security.

The article is similar to one in the EU data retention directive, which is currently being challenged in the EU court in Luxembourg.

The data retention directive requires mobile phone companies and ISPs to monitor a person’s location, calls and emails.

The companies are then obliged to store the data for up to two years in the event of a police investigation.

Digital Rights Ireland has filed a case against the EU data retention law in the European Court of Justice, arguing there are not enough safeguards in the legislation.

A verdict is due on 9 July.

Digital rights experts say that even if the data retention directive is overturned the corresponding article in the ePrivacy law could remain intact.

Pegasus spyware makers grilled by MEPs

"We will not continue to work with a customer that is targeting a journalist illegally," Chaim Gelfand, chief compliance officer of NSO Group told MEPs — but shed little light on EU governments' use of its Pegasus spyware.

Opinion

Romania — latest EU hotspot in backlash against LGBT rights

Romania isn't the only country portraying lesbian, gay, bisexual, and transgender (LGBT) people as a threat to children. From Poland and Hungary in EU, to reactionary movements around the world are prohibiting portrayals of LGBT people and families in schools.

News in Brief

  1. France to nationalise nuclear operator amid energy crisis
  2. Instant legal challenge after ok for 'green' gas and nuclear
  3. Alleged Copenhagen shooter tried calling helpline
  4. Socialist leader urges Czech PM to ratify Istanbul convention
  5. Scottish law chief casts doubt on referendum
  6. British PM faces mounting rebellion
  7. Russian military base near Finnish border emptied
  8. Euro slides to lowest level in two decades

Stakeholders' Highlights

  1. Nordic Council of MinistersNordic and Canadian ministers join forces to combat harmful content online
  2. Nordic Council of MinistersNordic ministers write to EU about new food labelling
  3. Nordic Council of MinistersEmerging journalists from the Nordics and Canada report the facts of the climate crisis
  4. Council of the EUEU: new rules on corporate sustainability reporting
  5. Nordic Council of MinistersNordic ministers for culture: Protect Ukraine’s cultural heritage!
  6. Reuters InstituteDigital News Report 2022

Latest News

  1. Legal action looms after MEPs back 'green' nuclear and gas
  2. EU readies for 'complete Russian gas cut-off', von der Leyen says
  3. Rising prices expose lack of coherent EU response
  4. Keeping gas as 'green' in taxonomy vote only helps Russia
  5. 'War on Women' needs forceful response, not glib statements
  6. Greece defends disputed media and migration track record
  7. MEPs adopt new digital 'rule book', amid surveillance doubts
  8. 'World is watching', as MEPs vote on green finance rules

Join EUobserver

Support quality EU news

Join us