Following five years of delicate negotiations, the European Union Tuesday night agreed on sweeping new rules aimed at protecting Europeans’ information in the digital age.
Preliminarily approved by the European Commission, the E.U. Parliament and the 28 E.U. member states, the data protection reforms replace Europe’s current patchwork of national policies with a common approach.
“These new pan-European rules are good for citizens and good for businesses,” Věra Jourová, E.U. Commissioner for Justice, Consumers and Gender Equality, said in a statement at the conclusion of the negotiations.
“Harmonized data protection rules for police and criminal justice authorities will ease law enforcement cooperation between member states based on mutual trust,” she added.
“Harmonized data protection rules for police and criminal justice authorities will ease law enforcement cooperation between member states based on mutual trust.”
The reforms include both a general data protection regulation to give people more control over the use of their data, and a data protection directive for enforcement of the law.
Under the new rules, national governments can fine companies four to five percent of their annual revenue for breaking the law, which requires all companies operating in Europe to obtain permission from users before processing and sharing their data.
Such fines could amount to billions of dollars for large Internet companies found to be in offense.
In addition to requiring companies to provide individuals with clear, understandable information on how their data is used, the reforms give people the right to know when they have been hacked and require companies to report serious data breaches to national authorities.
The reforms also clarify a “right to be forgotten” for those wishing to delete their accounts with certain service providers.
“An individual’s consent to use their data will carry more weight,” German Minister of Justice Heiko Maas, a Social Democrat, told Handelsblatt. Mr. Maas hopes the reforms boost Europe’s so-called digital single market.
Data protection is a contentious issue in Germany where people are concerned about giving away their personal data, partly because some recall how dictatorial governments in the past abused people’s personal information. It is also an issue many feel strongly about across Europe and several countries are investigating cases against Facebook for possible breaking data protection regulations.
“Companies offering goods or services in the E.U. must pay attention to E.U. data protection – independently of where their server is located,” Mr. Maas said. As a result, “many U.S. companies will be held to European data protection laws,” he added.
Not everybody is pleased with the new rules.
Some Internet-based social media companies are up in arms over because children under 16 years old must first obtain parental permission to share data with companies like Facebook once the new rules go into effect.
Next, the rules will have to be passed by national governments.
Formal adoption of the new rules is expected in early 2016, before they become law in 2018.
Handelsblatt’s Thomas Ludwig is the newspaper’s Brussels correspondent, Dana Heide writes about politics from Berlin and Anja Stehle is a trainee journalist also based in Berlin. To contact the authors: firstname.lastname@example.org, email@example.com, firstname.lastname@example.org