The European Union wants to replace a mishmash of national laws on data protection with one bloc-wide reform, updating laws put in place long before Facebook and other social networking sites even existed.
EU Justice Commissioner Viviane Reding said Monday that social networks must become more open about how they operate. Under her proposals, businesses - including Internet service providers - would have additional responsibilities, such as having to inform users of what data about them is being collected, for what purpose, and how it is stored.
EU regulators have been concerned about how commercial online services use customers' personal data to attract advertisers, saying they want to make sure that citizens' Internet privacy rights are respected.
"All social network service providers active in the EU must fully comply with EU data protection laws," Reding said. "Companies have a specific responsibility when personal data is their main economic asset,"
Existing EU laws date to 1995, long before Facebook and other social networking sites existed. EU officials expect the draft legislation to be ready early next year, and after that, it could take up to 18 months for the bill to become law.
The EU has to iron out differences between its members over privacy issues. Countries like France and Germany favor stronger protections for privacy, while Ireland, Britain and others prefer more market-friendly rules.
A Eurobarometer survey this summer found that 75 percent of Europeans are worried about how companies - including search engines like Google and social networks like Facebook or LinkedIn - use their private information.
The proposed reform also would help businesses by replacing the current patchwork of 27 national regulations, she said.
"They need ... to have a 'one-stop-shop' when it comes to data protection matters, one law and one single data protection authority," Reding told the American Chamber of Commerce to the EU. "I want to drastically cut red tape."
Explore further: French official: Europe must defend privacy rights