TMCnet News

LEAD: EU debates online "right to be forgotten," privacy-breach fines Eds: Adds Reding quotes, details of proposed laws, reax
[January 25, 2012]

LEAD: EU debates online "right to be forgotten," privacy-breach fines Eds: Adds Reding quotes, details of proposed laws, reax

BRUSSELS, Jan 25, 2012 (dpa - McClatchy-Tribune Information Services via COMTEX) -- Internet users who leave an online data trail should have a "right to be forgotten," the European Union's executive said Wednesday as it unveiled a proposed overhaul of data protection laws, which also foresees hefty fines for privacy breaches.

The EU's existing rules date back to 1995, when less than 1 per cent of Europeans used the internet, Justice Commissioner Viviane Reding noted.

"Today, vast amounts of personal data are transferred and exchanged, across continents and around the globe in fractions of seconds," she said in a statement. "Citizens do not always feel in full control of their personal data." "It is not an if or when for protecting personal data," she later told reporters in Brussels. "This is inscribed as a must, as a right in our primary law." The commissioner acknowledged that she had nevertheless faced "a lot of lobbying" over the measure.

"The one says it goes too far and the others say it doesn't go far enough. I'm somewhere in the middle," she said. "I did not want to have minimum rules, I wanted to have solid rules." The new proposals are grounded in the belief that a person has ownership over his or her data. A company wishing to use personal data should thus for instance have been "given explicit consent by the citizen," Reding said.

"The personal data which I freely give out to a company, I can take it back from this company, give it to another company," she added. "I can also take it back and keep it." Internet users should also have the right to delete any of their online data unless there are "legitimate grounds" to retain it, Reding said. This controversial "right to be forgotten" measure would particularly affect social networking websites such as Facebook.

Indeed, the new regulations would apply not only to data processed in the EU. The commission's proposal also targets "personal data ... handled abroad by companies that are active in the EU market and offer their services to EU citizens." National data protection authorities would enforce the rules, with the power to fine companies that violate them up to 1 million euros (1.3 million dollars) or 2 per cent of the firm's annual turnover.

She pointed to the recent high-profile case of an Austrian student who sought to take on Facebook over his personal data and found himself dealing with Irish regulators because the company's international headquarters are in Dublin.

"In future, this student will go to his Austrian regulator, ... (which) will be in contact with the Irish regulator and ask (him) to solve the problem," Reding said.

If the outcome were not satisfactory, the Austrian national could then take his case to a court in his country, she said.

The commission's proposal also seeks to make life easier for businesses, doing away with "unnecessary" notification requirements that should save companies some 2.3 billion euros a year, according to commission figures.

But some argued that the new rules will nevertheless constitute an extra burden for businesses.

"The draft of the regulation contains new requirements and restrictions that ... would have a disastrous effect on both online and offline business," data protection experts at the international law firm Latham & Watkins charged.

The commission's plan will need the approval of EU member states and the European Parliament to become law, and could be amended during the process. The commission would like the new rules to then take effect two years after their adoption.

___ (c)2012 Deutsche Presse-Agentur GmbH (Hamburg, Germany) Visit Deutsche Presse-Agentur GmbH (Hamburg, Germany) at Distributed by MCT Information Services

[ Back To's Homepage ]