EU Proposes Tougher Web Rules For Personal Data
January 24, 2012

EU Proposes Tougher Web Rules For Personal Data

The European Union (EU) is set to propose a more stringent new set of rules this week to regulate how companies operating in Europe manage the personal data of Internet users, a move that industry insiders say could have significant ramifications for how the world´s web giants do business on the Old Continent.

In a speech on Saturday in Munich, VP of the European Commission Viviane Reding said that the new legislation, which is scheduled to be rolled out on January 25, wouldn't just protect individual web users but that it would also help European businesses by helping to bypass cumbersome bureaucratic protocol.

“Only if consumers trust that their data is protected will they entrust companies with it,” she told a conference room full of tech-industry magnates. “We need individuals to be in control of their information.”

Highlighting the burden of current laws on businesses, she added: “In Europe we have too many rules, conflicting rules. The extra cost to business of this fragmentation is 2.3 billion euros [$2.8 billion] a year.”

Yet even if it is passed by the EU at the end of the month, the new pan-European legislation won´t go into effect immediately. Given the requirement that EU legislation must first be approved by the national governments of the respective member states, there´s a good chance that these may reject delegating regulatory authority over an issue as sensitive as data security into the hands of EU technocrats.

And EU experts say that even if the measures are eventually passed, companies like Google and Facebook will have time to readjust their business practices. Negotiations on the legislation are expected to take at least two years and the draft will in all likelihood be subject to serious revisions.

In the dynamic and perpetually evolving world of web technology, questions regarding who owns personal data and how online businesses can use it–while legitimate to a degree–have been a mainstay issue for legislators and traditional industries seeking to bridle the creative chaos of the Internet.

According to a draft procured by Reuters, one of the most significant aspects of the new legislation would be an increase in the authority of EU regulators to prosecute data thieves and would require that web businesses alert them to security breaches.

In its current form, the proposal also offers an allowance for the various member states to penalize companies who violate the new rules with fees of up to 1 percent of their total global revenue. This is reportedly down from a steep 5 percent included in earlier drafts of the bill.

Yet perhaps most interesting for private web users, the proposal would also give European citizens a so-called “right to be forgotten” whereby they could request that personal information be permanently erased from company records and no longer shared with third parties.

Another clause in the proposal would institute a “right to data portability” which would allow Internet users to transfer their personal data between companies as a single package of information.

While the proposal was still its nascent phase last year, Facebook representatives wrote a concerned statement to EU legislators stating their fears that the legislation would prove too rigid and stifling for a medium that is inherently fast-paced and dynamic.

“There is a risk that an excessively litigious environment would impede the development of innovative services that can bring real benefit to European citizens,” wrote representative of the social network.

Likewise, the Financial Times recently quoted chief of operations for Microsoft´s European division Ron Zink as cautiously noting his company´s concerns that the EU proposals might be “too prescriptive.”

In more recent comments, Facebook has indicated its hopes to see more details soon on exactly what personal data the EU would like to regulated, noting that it is not principally against the regulations so long as they are not stifling to growth and creativity.

“We welcome vice-president Reding´s view that good regulation should encourage job creation and economic growth rather than hindering it, and look forward to seeing how the EU Data Protection Directive develops in order to deliver these two goals while safeguarding the rights of internet users.”

In contrast to the wary stance taken by U.S. companies, a number of European companies–for years subject to tougher regulation than their American counterparts–have shown themselves far more amenable to the new proposals.

“I appreciate the EU commitment to create a level playing field in Europe [...] But the regulation that Facebook´s founder Mark Zuckerberg is subject to is nothing compared to what I´m subject to,” said Stefan Gross-Selbeck, CEO of Germany´s professional social network Xing.


On the Net: