European Union Proposes New Data Privacy Laws

IT Management

Share this Post

If you could erase all your personal data on the Internet, would you?

The BBC is reporting that a new law is going to be proposed to the EU on Wednesday. It would include the provision for a “right to be forgotten” that would require all data on a person retained by social networks, etc to be deleted unless there are “legitimate” grounds to retain it.

This new “right to be forgotten” proposal is part of an overhaul to the 1995 Data Protection Directive.

Details of the revised law were revealed by the Justice Commissioner, Viviane Reding, at the Digital Life Design conference in Munich.

A spokesman for the commissioner clarified to the BBC that the revision was mostly for teenagers and young adults.

"These rules are particularly aimed at young people as they are not always as aware as they could be about the consequence of putting photos and other information on social network websites, or about the various privacy settings available," said the spokesman.

He said that currently teenagers and young adults have no way of deleting embarrassing information when they apply for jobs. This new bill, however, would not allow people to erase their police or medical records.

Other measures in the bill include a requirement for all firms to notify users and the authorities of any possible data loss within 24 hours.

It would also force firms to explicitly seek permission to use a person’s personal data. Internet users must also be notified when their data is being collected, what it’s being collected for and how long it’s going to be stored.

People, under the bill, must be able to easily access their personal data and move it to another firm, or delete it, if they so wish

There are some circumstances which this new right would not apply though. Commissioner Reding told DLD delegates that “the right to be forgotten cannot amount to a right of the total erasure of history.”

If passed, the law would create a new set of data privacy rules in the EU for the first time. The rules would also apply to overseas companies active in the EU, even if their servers were based in other parts of the world.

The commissioner suggested that it would simplify regulations and save firms around $3 billion a year.

Microsoft and Facebook both voiced concerns over the scope of the bill and how much data users would be allowed to control. Facebook, however, said in a statement that they agree regulation such as this should “encourage job creation and economic growth” and that they look forward to seeing how the EU Data Protection Directive develops.

Firms that fail to abide by the proposed rules could be fined as much as one percent of their global revenues.

The new rules need to be approved by the EU’s member states and ratified by the European parliament though, so any changes won’t be happening for at least a few years.