Brussels to strengthen data protection rules

New fines of up to €1 million proposed for breaches

The European Commission has launched proposals to give more powers to data protection agencies and to individuals who want to protect their privacy.

People will be better informed about their rights and in more control of their information

Proposed legislation will overhaul the EU’s rules enacted in 1995 and harmonise them so citizens will have the same rights across the bloc.

Among other things, it empowers data protection agencies to impose fines of up to €1 million on companies and businesses which are found in breach of the new rules.

Launching this legislative initiative, the EU’s Justice Commissioner Vivian Reding said the protection of personal data was a fundamental right for all Europeans.

“My proposals will help build trust in online services because people will be better informed about their rights and in more control of their information. The reform will also make life easier and less costly for businesses,” she said.

Among the most significant changes proposed to the current regime is the introduction of “the right to be forgotten”, which means that individuals can now ask companies or social network sites to delete their personal data – something which is not so far obligatory.

Data enforcement agencies, such as Malta’s Data Commissioner, would also gain the right to regulate companies that operate in other EU member states.

According to a recent EU-wide survey, 70 per cent of Europeans said they were concerned that their personal data could be misused and that companies could be passing on their data to other companies without their permission.

The survey also shows that many users, particularly young people, are not aware of privacy policies when they create a profile on a social networking site. And when people surf the net, many are not aware that their search data can be used by online advertisers.

What are the main proposals?

• The “right to be forgotten” will enable people to demand that companies or social network sites such as Facebook delete all the data related to them from the companies’ systems.

• Wherever consent is required for data to be processed, it will have to be given explicitly, rather than assumed as is sometimes the case now. In addition, people will have easier access to their own data and be able to transfer personal data from one service provider to another more easily.

• There will be increased responsibility and accountability for those processing personal data: for example, companies and organisations must notify the national supervisory authority of serious data breaches as soon as possible (if feasible, within 24 hours) while

people will be able to refer data protection breaches to an authority in their country even when their data is processed by an organisation based outside the EU.

• EU rules will apply even if personal data is processed abroad by companies that are active in the EU market. This will give people in the EU confidence that their data is still protected wherever it may be handled in the world.

Sign up to our free newsletters

Get the best updates straight to your inbox:

You can unsubscribe at any time by clicking the link in the footer of our emails. We use Mailchimp as our marketing platform. By subscribing, you acknowledge that your information will be transferred to Mailchimp for processing.