Proposed EU data protection rules include right to be forgotten
The European Commission wants companies that fail to comply with the proposed rules to pay signficant fines
IDG News Service - A proposed new data-protection law for the European Union includes fines of up to 2% of global turnover for companies that breach the rules, E.U. Justice Commissioner Viviane Reding announced Wednesday.
Despite rumors that the figure would be 5%, Reding insisted the legislative proposals had not been watered down. "Five percent was not something in my pipeline," she said at a news conference to unveil the proposals.
Fines will be on a sliding scale: 0.5% of a company's global turnover for charging a user for a data request, 1% if a firm refused to hand over data or failed to correct bad information and 2% for more serious violations.
Under the proposals, companies with more than 250 employees will have to appoint a data-protection officer to be responsible for compliance with the new rules, which include the controversial "right to be forgotten", allowing people to have data held about them deleted if there are no legitimate grounds for retaining it.
Reding insisted that "personal data belongs to the person" and that individuals have the right to take any information about them held by a company and move it to another company. They also have the right to insist that personal data be deleted, and companies must comply unless they can show legitimate grounds for retaining the data.
Reding also said that companies would have to report data security breaches "as soon as possible" -- which she said means 24 hours.
The news was welcomed by Green member of the European Parliament Jan Philipp Albrecht.
"We particularly welcome the proposals to impose conditions and time limits on the use of data from individuals who volunteer their private information. In the current online era it is easy for internet users to lose sight of private data that they volunteer online or simply forget, making it all the more important to ensure safeguards are in place. To this end, the proposals for sanctions against major online businesses that abuse private data are also welcome," Albrecht said.
However some industry representatives were less pleased.
"The Commission's proposal today errs too far in the direction of imposing prescriptive mandates for how enterprises must collect, store, and manage information. The rules should focus more on the substantive outcomes that matter most to citizens. The risk in the proposal's current design is that it will bog down companies with onerous compliance obligations, which could inhibit digital innovation at the expense of job creation and growth," said Thomas BouA(c), European director of government affairs for the Business Software Alliance.
The reform of the E.U.'s old 1995 Data Protection Directive is one of the key pieces of legislation the European Commission is pushing in 2012, but it has been dogged by more criticism than is usual for a directive reform proposal.
Wednesday's announcement, however is just the first step in a long process as the proposals must still be approved by E.U. member states and the European Parliament.
- 15 Non-Certified IT Skills Growing in Demand
- How 19 Tech Titans Target Healthcare
- Twitter Suffering From Growing Pains (and Facebook Comparisons)
- Agile Comes to Data Integration
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
Changing the Way Government Works: Four Technology Trends that Drive Down Costs and Increase Productivity
This paper discusses four technology-based approaches to improving processes and increasing
productivity while driving down department and agency costs.
- The Critical Role of Support in Your Enterprise Mobility Management Strategy Most business leaders underestimate the importance of tech support when they choose an EMM solution. Here's what to put on your checklist.
- Separating Work and Personal at the Platform Level: How BlackBerry Balance Works BlackBerry® Balance™ separates work from personal on the same mobile device, right at a platform level. Find out how it can work for...
- Protection for Every Enterprise: How BlackBerry Security Works Get an IT-level review of BlackBerry® Security, addressing data leakage protection, certified encryption, containerization and much more.
- Getting Ready for BlackBerry Enterprise Service 10.2 Find out how BlackBerry® Enterprise Service 10 helps organizations address the full spectrum of EMM challenges, while balancing the needs of both the...
- Containerization Options: How to Choose the Best DLP Solution for Your Organization This webcast outlines a framework for making the right choice when it comes to containerization approaches, along with the pros and cons of... All Gov't Legislation/Regulation White Papers | Webcasts