EU lawmakers OK beefing up data protection laws (Update 2)

Oct 21, 2013 by Juergen Baetz

A European Parliament committee on Monday approved sweeping new data protection rules that would strengthen online privacy and outlaw the kind of data transfers that the United States used for its secret spying program.

The draft regulation was beefed up after Edward Snowden's leaks about allegedly widespread U.S. online snooping to include even more stringent privacy protection and stiff fines for violations. The legislation will have significant implications for U.S. Internet companies, too.

After 18 months of wrangling and fierce industry lobbying, the legislation easily passed late Monday with a 49-3 committee vote, with one abstention. Parliament still needs to hold a plenary vote and seek agreement with the EU's 28 member states though—which is likely to result in some changes.

The rules would for the first time create a strong data protection law for Europe's 500 million citizens, replacing an outdated patchwork of national rules that only allow for tiny fines in cases of violation.

"Tonight's vote also sends a clear signal: as of today, data protection is made in Europe," said EU Justice Commissioner Viviane Reding.

Supporters have hailed the legislation as a milestone toward establishing genuine online privacy rights, while opponents have warned of creating a hugely bureaucratic regulation that will overwhelm businesses and consumers.

"In the future, only EU law will be applicable when citizens' data in the EU will be used, independently of where the company using the data is based, be it in Germany, Ireland or the U.S.A.," said lawmaker Jan Philipp Albrecht, who led the negotiations on the legislation.

The legislation, among other things, aims at enabling users to ask companies to fully erase their personal data, handing them a so-called right to be forgotten. It would also limit user profiling, require companies to explain their use of personal data in detail to customers, and mandate that companies seek prior consent. In addition, most businesses would have to designate or hire data protection officers to ensure the regulation is properly applied.

Grave compliance failures could be subject to a fine worth up to 5 percent of a company's annual revenue—which could be hundreds of millions of dollars, or even a few billion dollars for Internet giants such as Google.

"Those companies are making billions from European citizens' data. So if you want them to comply, you have to give them the right incentives," said Giacomo Luchetta of the Center for European Policy Studies.

In response to the revelations of the National Security Agency's online spying activities, lawmakers also toughened the initial draft regulation, prepared by the European Commission, to make sure companies no longer share European citizens' data with authorities of a third country, unless explicitly allowed by EU law or an international treaty.

That means a U.S. tech companies would no longer be allowed to hand over private data of their European customers to U.S. authorities as they did for Prism, the secret spying program led by the NSA.

"Companies that still do it—if for example pressured by the NSA—will have to face drastic sanctions," lawmaker Albrecht said.

The provision will indeed protect European citizens from seeing their data transferred abroad for commercial purposes, but experts such as Luchetta caution that because of practical hurdles and loopholes, it might still be possible to transfer data on national security matters.

"If an American company gets a court order to hand over data, they have to comply," he said. "The U.S. court doesn't care whether you may be violating EU laws, and at the same time the EU has no power over U.S. court decisions."

In a move welcomed by consumer groups and businesses, the regulation also introduces a so-called one-stop-shop approach, meaning companies would only have to deal with the national data protection authority where they are based in the EU, not with 28 national watchdogs.

Consumers, in turn, would be able to file complaints with their national authority, regardless of where the targeted service provider is based. For example that would make it easier for an Austrian consumer to complain about a social media site such as Facebook, which has its EU headquarters in Ireland.

Meanwhile, the National Security Agency leaks continued to stir unrest among European policy makers.

French leaders appeared angry on Monday upon learning that NSA allegedly recorded 70.3 million French telephone records within a month, and called for a swift implementation of tough privacy rules to govern the tech sector.

"It is an important industry, but you cannot develop this industry if there is no personal data protection," French Foreign Minister Laurent Fabius said in Luxembourg.

Fabius said French President Hollande also will push for the issue to be discussed at a summit of the EU's 28 leaders later this week in Brussels.

Explore further: Despite data privacy scandal, no deal yet on new EU laws

5 /5 (2 votes)
add to favorites email to friend print save as pdf

Related Stories

Germany lobbies for UN online privacy charter

Jul 24, 2013

(AP)—Senior German officials are seeking European support for a new global charter safeguarding personal privacy online, as the country's data protection watchdogs called Wednesday for the suspension of a key agreement ...

EU, Germany demand answers on UK surveillance

Jun 26, 2013

(AP)—The European Union's justice chief on Wednesday demanded urgent answers from Britain on the nature and extent of an alleged online eavesdropping operation comparable to the U.S. international Internet surveillance ...

Recommended for you

LinkedIn membership hits 300 million

20 hours ago

The career-focused social network LinkedIn announced Friday it has 300 million members, with more than half the total outside the United States.

Researchers uncover likely creator of Bitcoin

Apr 18, 2014

The primary author of the celebrated Bitcoin paper, and therefore probable creator of Bitcoin, is most likely Nick Szabo, a blogger and former George Washington University law professor, according to students ...

White House updating online privacy policy

Apr 18, 2014

A new Obama administration privacy policy out Friday explains how the government will gather the user data of online visitors to, mobile apps and social media sites. It also clarifies that ...

User comments : 1

Adjust slider to filter visible comments by rank

Display comments: newest first

3 / 5 (1) Oct 21, 2013
This is a very good beginning for more EU consumer and EU economic protection. Now it turns out the US is spying on EU companies, citizens and politicians like there is no tomorrow. It shows the US is not longer a European ally but a large European enemy. They choose this path and they are not stopping it or downscaling so a big shift is happening. The US spying apparatus is dozens of times bigger then any EU country. It can not be called benign anymore after these extreme spying revelations. It has little to do with terrorism prevention but far more to do with gaining large economic and strategic benifits over any other country. That makes the US a large and dangerous enemy for any modern country.

More news stories

Airbnb rental site raises $450 mn

Online lodging listings website Airbnb inked a $450 million funding deal with investors led by TPG, a source close to the matter said Friday.

Health care site flagged in Heartbleed review

People with accounts on the enrollment website for President Barack Obama's signature health care law are being told to change their passwords following an administration-wide review of the government's vulnerability to the ...

Under some LED bulbs whites aren't 'whiter than white'

For years, companies have been adding whiteners to laundry detergent, paints, plastics, paper and fabrics to make whites look "whiter than white," but now, with a switch away from incandescent and fluorescent lighting, different ...

Impact glass stores biodata for millions of years

( —Bits of plant life encapsulated in molten glass by asteroid and comet impacts millions of years ago give geologists information about climate and life forms on the ancient Earth. Scientists ...

Researchers successfully clone adult human stem cells

( —An international team of researchers, led by Robert Lanza, of Advanced Cell Technology, has announced that they have performed the first successful cloning of adult human skin cells into stem ...