Jan. 24 (Bloomberg) -- Companies that operate in the European Union may face fines for losing or mishandling personal data under an overhaul of the region’s data protection rules to be published tomorrow.
The proposal would update the EU’s 17-year-old data protection policies and address online-advertising and social networking sites. National data protection regulators across the region should have the power to sanction companies if they disregard requirements on personal information, according to a draft copy of the proposal obtained by Bloomberg News.
The document builds on comments by EU Justice Commissioner Viviane Reding earlier this week that companies should tell regulators about a data breach within 24 hours. People whose data has been accessed should be notified “as soon as reasonably feasible,” according to the document.
Sony Corp. was criticized last year by U.S. lawmakers for taking six days to warn customers about a cyber attack that exposed more than 100 million customer accounts, the second- largest online data breach in U.S. history. Industry groups with members including Microsoft Corp. and Google Inc. have warned against overly strict data-privacy rules that may stifle innovation.
The EU’s proposal will be “a trademark people recognize and trust worldwide,” Reding said on Jan. 22. “Reliable, consistently applied rules make data processing safer, cheaper and inspire users’ confidence.”
Matthew Newman, a spokesman for Reding, said the proposal “will have sanctions that can be applied” by data protection agencies. He declined to give details of the maximum fines. The New York Times reported on the document earlier today.
‘Specific and Explicit’
Websites must obtain “specific and explicit” consent from Internet users to store information and to delete data that they hold without a “legally justified interest,” Reding said.
Google, Facebook Inc., Yahoo! Inc. are among Web companies that collect user information and get paid by clients who can use the data to target advertisements for products or services. Having to get approval for individual data retention and an obligation to purge files may reduce those companies’ revenue.
The draft rules aim to establish common legislation for the 27-member bloc, as well as national points of contact that can make decisions that will be valid for the region. Uniform legislation will save businesses 2.3 billion euros a year by, for example, reducing paperwork, Reding said.
Before the proposal can be implemented, it will need the backing of European governments and the European Parliament, which can both demand changes.
--Editors: Anthony Aarons, Peter Chapman
To contact the reporter on this story: Aoife White in Brussels at email@example.com.
To contact the editor responsible for this story: Anthony Aarons at firstname.lastname@example.org.