The European Union has proposed, in a draft, new online privacy protection laws, which would update their current policies put in place 17 years ago. The new laws would allow individuals to request that certain personal data, which has been collected about them, to be erased.
In addition, companies could be subject to fines under the new code, a penalty tax as high as $1.3 million or 2% of a company's total sales.
“The protection of personal data is a fundamental right for all Europeans ....my proposals will help build trust in online services because people will be better informed about their rights and in more control of their information”, asserts Viviane Reding the EU Justice Commissioner.
On the Business end however; their are concerns these new policies, if put into place under their current structure, could put many companies in jeopardy. For one thing, the draft proposes a 24 hour window in which organizations must report a privacy breach to consumers. This is a really narrow timeline, especially if your business isn't stringently tied to customer communication. In other words, it may take several days for one arm of the business to communicate to the other, let alone the customer.
From a legal standpoint, there is also trouble on the horizon. As they stand currently, the privacy law drafts are too open ended about what is, and what isn't considered personal data. Lawyers would have a heyday with corporate lawsuits especially considering the hefty fines which could be involved!
In any event, these changes to the privacy laws could take more than two years to come into effect and they are bound to be scrutinized, amended, and transformed during that period. First the European Union States would have to approve them, then they would have to be ratified by the European Parliament. Progress will be slow on this one, I am sure. We'll have to wait and see what they make out of these drafts, if anything at all.