New EU data rules: fines of up to 2pc of turnover for privacy breaches

25 Jan 2012

Vice-president of the European Commission Viviane Reding

Tough new EU data protection rules revealed today confirm penalties of up to 2pc of the global annual turnover of a company can be applied for data breaches. The EU estimates that having a single set of rules on data protection will save businesses around €2.3bn a year.

In new rules that will no doubt be eagerly watched by internet giants Google, Facebook, Microsoft, Amazon and others, the new rules include a ‘right to be forgotten’, which means people will be able to delete their data forever unless there are legitimate grounds for retaining it.

National data protection authorities will be empowered to fine companies that violate EU data protection rules penalties of up to €1m or 2pc of their global annual turnover.

Organisations will only have to deal with a single national data protection authority in the EU country where they have their main establishment. This means that in many cases internet giants such as Google, Twitter and Facebook, which have their European headquarters in Dublin, will deal with the Irish Data Protection Commissioner on privacy matters.

Some €130m a year will be saved by a new provision that ensures that firms processing personal data must notify their national data protection authority within 24 hours, rather than trying to notify all data supervisory authorities.

The vice-president of the European Commission Viviane Reding said a single law will do away with existing administrative burdens, and will help reinforce consumer confidence in online services, providing a much-needed boost to growth, jobs and innovation in Europe.

“Seventeen years ago, less than 1pc of Europeans used the internet,” Reding said. “Today, vast amounts of personal data are transferred and exchanged, across continents and around the globe in fractions of seconds.

“The protection of personal data is a fundamental right for all Europeans, but citizens do not always feel in full control of their personal data. My proposals will help build trust in online services because people will be better informed about their rights and in more control of their information.

“The reform will accomplish this while making life easier and less costly for businesses. A strong, clear and uniform legal framework at EU level will help to unleash the potential of the Digital Single Market and foster economic growth, innovation and job creation,” Reding added.

Under the new rules, it will be easier for people to access their own data and transfer it from one service provider to another.

EU rules will apply if personal data is handled abroad by companies active in the European market.

A new directive will apply data protection rules for police and judicial co-operation in criminal matters, including domestic and cross-border data transfers.

John Kennedy is a journalist who served as editor of Silicon Republic for 17 years