November 04, 2010, 5:04 PM — Data protection and privacy is getting more complicated for multinationals, as the European Union passes even more restrictive consumer data privacy rules.
It's only a proposal that would take a year to become law, but it's the first major overhaul of EU privacy rules in 15 years.
Among the issues that could be impossibly complex to manage is a citizen's "right to be forgotten," which would require Web sites to delete private data on customers at their request.
European privacy rules, which sometimes require that data about individual consumers not only not be misused for business purposes, but not even physically leave the country in which it was created.
Microsoft is arguing that having a centralized, standard set of rules would make it easier to offer cloud computing in more than one country, which is difficult now given the mismatch of rules across the continent.
Facebook and Google are getting the brunt of the coverage, because they're the only service most people can imagine having information they'd consider sensitive.
The change applies to anyone collecting personal data online, though, so any U.S. company doing business with Europeans would be affected. Best get that private-data management project off the back burner and heat things up a little.