Proposed EU data protection rules include right to be forgotten

The European Commission wants companies that fail to comply with the proposed rules to pay signficant fines

By Jennifer Baker, IDG News Service |  Security, data protection

A proposed new data-protection law for the European Union includes fines of up to two percent of global turnover for companies that breach the rules, E.U. Justice Commissioner Viviane Reding announced Wednesday.

Despite rumors that the figure would be five percent, Reding insisted the legislative proposals had not been watered down. "Five percent was not something in my pipeline," she said at a news conference to unveil the proposals.

[ Free download: The law of unintended storage consequences ]

Fines will be on a sliding scale: 0.5% of a company's global turnover for charging a user for a data request, one percent if a firm refused to hand over data or failed to correct bad information and two percent for more serious violations.

Under the proposals, companies with more than 250 employees will have to appoint a data-protection officer to be responsible for compliance with the new rules, which include the controversial "right to be forgotten", allowing people to have data held about them deleted if there are no legitimate grounds for retaining it.

Reding insisted that "personal data belongs to the person" and that individuals have the right to take any information about them held by a company and move it to another company. They also have the right to insist that personal data be deleted, and companies must comply unless they can show legitimate grounds for retaining the data.

Reding also said that companies would have to report data security breaches "as soon as possible" -- which she said means 24 hours.

The news was welcomed by Green member of the European Parliament Jan Philipp Albrecht.

"We particularly welcome the proposals to impose conditions and time limits on the use of data from individuals who volunteer their private information. In the current online era it is easy for internet users to lose sight of private data that they volunteer online or simply forget, making it all the more important to ensure safeguards are in place. To this end, the proposals for sanctions against major online businesses that abuse private data are also welcome," Albrecht said.

However some industry representatives were less pleased.

Join us:






Ask a Question