EU to enforce data privacy as default for businesses and social sitesby
As part of a package of privacy measures due to be unveiled before the summer, the European Union will ban the surreptitious gathering of data without explicit user consent.
Under its proposals, which constitute the first major revamp of data protection legislation first introduced in 1995, it also intends to force social networking sites to delete personal information should local citizens no longer wish to share it.
National privacy watchdogs will likewise be given the power to investigate and launch legal proceedings against offending firms offering services that are consumed by EU citizens – whether the actual websites or data processing activities are based in the EU or not.
In a speech to the European Parliament earlier in the week, EU Justice Commissioner Viviane Reding warned social media firms such as Facebook that they would need to ensure that high standards of data privacy became the default in order to hand control back to consumers.
"I want to explicitly clarify that people shall have the right – and not only the possibility – to withdraw their consent to data processing. The burden of proof should be on the data controllers – those who process your personal data. They must prove that they need to keep the data rather than individuals having to prove that collecting their data is not necessary," she said.
Reding’s spokesman Matthew Newman told the Guardian: "A year ago, she issued Facebook a warning because the privacy settings changed for the worse and now she’s legislating to put flesh on those bones."
Facebook has made user profiles accessible by default since January last year and users have to opt in to ensure that their personal information can only be viewed by friends. The company said that it was already compliant with EU law and users could remove their data completely from public view, although it took a few weeks to clean it from its own servers.
Newman added that the proposed legislation would make the EU the first jurisdiction in the world to deliver a "right to be forgotten" rule. "Maybe you’ve been at a party up until four in the morning and you or someone you know posts photos of you. Well, it’s a bit of harmless fun, but being unable to erase this can threaten your job or access to future employment," he said.
The announcement came as the US government revealed that it intended to introduce a "privacy bill of rights" to govern the collection and use of personal data. Unlike, Europe, the US currently has no federal law establishing a general right to privacy and existing legislation only covers some subsets of data in areas such as health and personal finance.
At a Senate Commerce Committee hearing earlier in the week, the Commerce Department called for both a law that protected consumers’ personal information online and a stronger enforcement role for the Federal Trade Commission. Both bodies have recently published reports calling for enhanced privacy protections.
Lawrence Strickling, who runs Commerce Department’s telecoms policy arm, warned that without such legislation, "growing unease" over privacy issues could stifle the growth of the internet economy.
Neil Davey is the managing editor of MyCustomer. An experienced business journalist and editor, Neil has worked on a variety of newspapers, magazines and websites over the past 20 years, including Internet Works, CXO magazine and Business Management. He joined MyCustomer in 2007.