Wednesday

17th Aug 2022

EU citizens to remain in the dark on data breaches

  • If your data is encrypted, your bank does not have to tell you it was hacked (Photo: Agnes Lisik)

Telecom operators and Internet Service Providers (ISPs) will not have to tell people their personal data has been hacked if they adhere to European Commission guidelines.

The commission on Monday (24 June) said the yet-to-be published guideline includes a new safeguard on encrypting personal data, which would spare companies the embarrassment of having to go public if the information is stolen by a hacker or released by accident.

Read and decide

Join EUobserver today

Become an expert on Europe

Get instant access to all articles — and 20 years of archives. 14-day free trial.

... or subscribe as a group

“If a company applies such techniques but suffers a data breach, they would be exempt from the burden of having to notify the subscriber because such a breach would not actually reveal the subscriber’s personal data,” the commission said in a statement.

Digital agenda commissioner Neelie Kroes said it would “level the playing field” between consumers and businesses.

“Businesses need simplicity,” she noted.

She added that consumers also need to know when their personal data has been compromised, but only when this is possible.

The encryption rule is bundled with a new set of other measures to clarify what the industry should do in the event of a breach.

The rules enter into force in August and would set up a common online identification form for data loss notifications. Companies would use the form to notify a national authority if their system has been hacked.

The rules are being added to the existing ePrivacy directive which requires companies to keep people’s data secure and to notify them of data breaches.

Companies are required to erase or anonymise any data that serves no purpose.

But a controversial article in the EU legislation allows member states to keep the data in the event of criminal investigations or in cases involving national security.

The article is similar to one in the EU data retention directive, which is currently being challenged in the EU court in Luxembourg.

The data retention directive requires mobile phone companies and ISPs to monitor a person’s location, calls and emails.

The companies are then obliged to store the data for up to two years in the event of a police investigation.

Digital Rights Ireland has filed a case against the EU data retention law in the European Court of Justice, arguing there are not enough safeguards in the legislation.

A verdict is due on 9 July.

Digital rights experts say that even if the data retention directive is overturned the corresponding article in the ePrivacy law could remain intact.

Greek PM embroiled in spyware scandal

Greece has become embroiled in a wiretapping scandal that led to the resignation of its intelligence chief as well as the Greek prime minister's top aide.

Stakeholders' Highlights

  1. Nordic Council of MinistersNordic prime ministers: “We will deepen co-operation on defence”
  2. EFBWW – EFBH – FETBBConstruction workers can check wages and working conditions in 36 countries
  3. Nordic Council of MinistersNordic and Canadian ministers join forces to combat harmful content online
  4. European Centre for Press and Media FreedomEuropean Anti-SLAPP Conference 2022
  5. Nordic Council of MinistersNordic ministers write to EU about new food labelling
  6. Nordic Council of MinistersEmerging journalists from the Nordics and Canada report the facts of the climate crisis

Latest News

  1. Germany rejects visa ban for Russian tourists
  2. Iran responds to EU's 'final text' on nuclear deal
  3. Model minority myths
  4. EU must make public who really owns its fishing fleets
  5. Germany needs to cut gas use by 20% to stave off winter crisis
  6. Europe's wildfire destruction set to hit new record
  7. How Putin and Erdoğan are making the West irrelevant
  8. Defying Russian bombs, Ukraine football starts 2022 season

Join EUobserver

Support quality EU news

Join us