Foreign firms operating in the EU, including those that dominate the Internet, will be subject to a new data protection law which is still being finalised, the EU Commission said Friday.
Personal data protection has become a hugely sensitive issue after revelations of massive snooping by US and other intelligence services, including through networks belonging to major telecoms and Internet giants.
"Data protection will apply to all companies operating in the European Union," said Viviane Reding, European Justice Commissioner after talks with EU ministers,
"You might think this is self evident, but let me tell you—far from it. It was one of the most contentious points when I presented the data protection reform in January 2012," Reding said.
Europeans have been alarmed by information on US snooping leaked by ex-security contractor Edward Snowden and the 28 EU member states are locked in marathon negotiations to agree a data protection policy that would apply bloc-wide.
Reding said a deal on all aspects of the bill was possible by the end of the year.
With the Snowden revelations especially damaging to telecommunications and tech companies, some of the biggest names—such as Microsoft, Facebook and Yahoo—have warned their image could suffer if the US did not scale back spying.
In a report Friday, British telecommunications giant Vodafone admitted government agency tapping into its network is widespread in some of the 29 countries in which it operates.
Vodafone admitted that as a global business it faced "constant tension" while enforcing the laws of different countries and the "expectations" of governments.
Reding slammed the new revelation.
"One year after the Snowden revelations, this shows again the scale of collection by governments of data being held by private companies," she said.
Government spying by private companies, if ever necessary, should take place "not with a hoover but with tweezers," she said.
Explore further: EU data protection reform to replace national laws