Proposed EU data protection rules include right to be forgotten
The European Commission wants companies that fail to comply with the proposed rules to pay signficant fines
IDG News Service - A proposed new data-protection law for the European Union includes fines of up to 2% of global turnover for companies that breach the rules, E.U. Justice Commissioner Viviane Reding announced Wednesday.
Despite rumors that the figure would be 5%, Reding insisted the legislative proposals had not been watered down. "Five percent was not something in my pipeline," she said at a news conference to unveil the proposals.
Fines will be on a sliding scale: 0.5% of a company's global turnover for charging a user for a data request, 1% if a firm refused to hand over data or failed to correct bad information and 2% for more serious violations.
Under the proposals, companies with more than 250 employees will have to appoint a data-protection officer to be responsible for compliance with the new rules, which include the controversial "right to be forgotten", allowing people to have data held about them deleted if there are no legitimate grounds for retaining it.
Reding insisted that "personal data belongs to the person" and that individuals have the right to take any information about them held by a company and move it to another company. They also have the right to insist that personal data be deleted, and companies must comply unless they can show legitimate grounds for retaining the data.
Reding also said that companies would have to report data security breaches "as soon as possible" -- which she said means 24 hours.
The news was welcomed by Green member of the European Parliament Jan Philipp Albrecht.
"We particularly welcome the proposals to impose conditions and time limits on the use of data from individuals who volunteer their private information. In the current online era it is easy for internet users to lose sight of private data that they volunteer online or simply forget, making it all the more important to ensure safeguards are in place. To this end, the proposals for sanctions against major online businesses that abuse private data are also welcome," Albrecht said.
However some industry representatives were less pleased.
"The Commission's proposal today errs too far in the direction of imposing prescriptive mandates for how enterprises must collect, store, and manage information. The rules should focus more on the substantive outcomes that matter most to citizens. The risk in the proposal's current design is that it will bog down companies with onerous compliance obligations, which could inhibit digital innovation at the expense of job creation and growth," said Thomas BouA(c), European director of government affairs for the Business Software Alliance.
The reform of the E.U.'s old 1995 Data Protection Directive is one of the key pieces of legislation the European Commission is pushing in 2012, but it has been dogged by more criticism than is usual for a directive reform proposal.
Wednesday's announcement, however is just the first step in a long process as the proposals must still be approved by E.U. member states and the European Parliament.
Changing the Way Government Works: Four Technology Trends that Drive Down Costs and Increase Productivity
This paper discusses four technology-based approaches to improving processes and increasing
productivity while driving down department and agency costs.
- Path Selection Infographic Path Selection Infographic
- Hyperconvergence Infographic A wide range of observers agree that data centers are now entering an era of "hyperconvergence" that will raise network traffic levels faster...
- Preparing Your Infrastructure for the Hyperconvergence Era From cloud computing and virtualization to mobility and unified communications, an array of innovative technologies is transforming today's data centers.
- Cloud Knowledge Vault Learn how your organization can benefit from the scalability, flexibility, and performance that the cloud offers through the short videos and other resources...
- LIVE EVENT: 5/7, The End of Data Protection As We Know It. Introducing a Next Generation Data Protection Architecture. Traditional backup is going away, but where does this leave end-users? All Gov't Legislation/Regulation White Papers | Webcasts