Europe Advances New Data Protection Rules

Notably, the agreement sets the maximum corporate fine for violating user privacy to four percent of a company’s worldwide revenue-significantly more than the marginal sums that companies like Facebook and Google have paid in the past. “I am very confident that this law will offer the right balance between safeguarding citizen’s fundamental rights and increasing the effectiveness of police cooperation throughout the Union”, she added. As we enter into a crucial period for the DSM strategy, high-levels of political ambition and commitment will be essential if we are to realise a strong and competitive digital Europe.

Recent research into how companies were preparing for the GDPR across the US and Europe showed half of companies were still unaware of the changes, while others were investing up to $0.5 million to address the new law.

“Most companies will be shocked at the scale of the new rules and the work that needs to be done before the laws take effect in two years”, says Stewart Room, head of PwC Legal’s data privacy and protection service.

One of the powers given to consumers will be the right to be forgotten, which will enable consumers to request that their personal information is deleted in cases where there are no legitimate grounds for retaining it. It will also be easier to transfer personal data from one service provider to another.

Among the most eye-popping parts of the new directive are fines of up to 4% of a company’s global gross profit if it doesn’t adequately inform users what information about them it is collecting and what it plans to do with it. After explaining that clearly and in multiple languages, the user must consent to the use.

EU lawmakers and member states struck the agreement on a tough new data protection regulation in talks on Tuesday evening, several members of the European Parliament said on Twitter without giving details.

This move is prompted by costs and practicality, with 68% of respondents claiming the new regulations will dramatically increase the costs of doing business in Europe, and more than 50% feeling they will not be able to fulfil the requirements set out by the EU.

A problem with current data protection laws is that regulators can only levy fines which are small in comparison to the revenues of the companies involved.

According to European Justice Commissioner Vera Jourova, the approved rules are “good for citizens and good for businesses”.

US tech companies, like Facebook and Google, have had run-ins with national data protection authorities over their privacy practices.

The text of the reform is still subject to a final endorsement by the 28 member states and the European Parliament, which is expected next week.

Companies would also be required to quickly report data breaches and to remove out-of-date or contested data under a “right to be forgotten” standard.

“More than 90% of Europeans say they want the same data protection rights across the EU – and regardless of where their data is processed: this will soon be a reality”, the EU said in a statement Tuesday. The new rules will become applicable two years thereafter.