In unwelcome news for some Silicon Valley internet giants, European governments have agreed a draft data protection law that will place limits on the automated processing of personal data.
Yesterday in Luxembourg, 28 EU governments agreed the new EU-wide data protection law.
The new agreement will see the draft law go before the European Commission, with a view to the law being ratified by the end of the year and coming into force in 2016.
On one hand, the new data protection rules will remove friction for many businesses in Europe in terms of keeping up with regulations, saving them approximately €2.3bn a year in administration costs.
However, for US internet services like Google, Yahoo! and Facebook, it adds new restrictions, particularly in areas like automated processing of personal data and what the companies can do with the data they gather on EU citizens.
The rules will be backed up by heavy fines – as high as €100m – for non-compliance.
The new rules will make it easier for consumers to withhold their data and will codify the “right to be forgotten” principle enforced on Google last year by Spanish data regulators.
A right to data portability will make it easier for users to transfer personal data between service providers.
Silicon Valley internet firms fear increased costs of doing business in Europe
US cloud companies like IBM, EMC and Cisco, however, believe the new data protection rules could damage Europe’s cloud economy by making it difficult to conduct business.
Many of these companies operate data centres and business headquarters in Ireland and are continuing to invest. Facebook and Apple, for example, are building massive renewable energy powered data centres in Meath and Galway respectively.
The companies fear that meeting the new law will result in increased costs for US internet companies in Europe.
The new rules will also mean that so-called ‘Safe Harbor‘ rules agreed between the US and Europe will have to be changed to comply with the new law.
A court case taken by Austrian activist Max Schrems against Facebook in Ireland over the handling of European citizens’ data is currently awaiting a crucial decision – due 24 June – by the European Court of Justice.
Schrems’ allegations that transferring EU citizens’ data to the US violates European rights were given extra impetus following the revelations by Edward Snowden that the NSA was gathering this data for surveillance purposes.
EU Parliament in Luxembourg image via Shutterstock