Share this content
EU set to shake up customer data rulesby
26th Jan 2012
Share this content
The European Union is poised to propose tough new rules on how corporations handle internet users' personal data, after revealing that inconsistencies cost businesses across Europe and extra 2.3 billion euros a year.
The European Commission has warned that Europe's approach to online data protection must be simplified because the current system is too cumbersome and costly for business. It says new data protection legislation is needed to protect users and cut red tape for businesses in Europe.
Viviane Reding, vice president of the European Commission, said in a speech on Sunday: "Only if consumers trust that their data is protected will they entrust companies with it ... We need individuals to be in control of their information."
Europe's new data protection rules are expected to be issued this week and could have far-reaching implications for Web giants such as Google and Facebook, although the legislative process is likely to take at least two years. Internet companies will not be required to comply before 2014 or 2015.
According to a draft obtained by Reuters, the EU proposals would bolster significantly regulators' powers on fighting data protection breaches, requiring companies to notify regulators when data has been stolen or mishandled.
The proposals also give member states new powers to fine companies up to 1 percent of their global revenues for violating EU data rules. The Financial Times reported in December that the rules would allow for fines up to 5 percent of global revenues, so the EU may have reconsidered its approach since then.
The EU regulation will need to be approved by national governments, some of which may resist seeing their oversight on privacy matters shift to Brussels.
Commenting on the anticipated EU Privacy Laws Paul Davis, director of European Operations at FireEye said: “It’s all well and good to legislate that companies must notify the public and the authorities within 24 hours or face a fine of 2% of their global revenue, but the elephant in the room is that most companies are unable to detect external targeted attacks leading to data loss.
“The protection of information is critical to business and the establishment of trust with customers and the notification of data breaches is important, but detection and blocking of exploits should take precedence. An organisation has to be aware of an attack and they can't report a data breach they have no knowledge of: that’s the real issue facing businesses today.”