BRUSSELS: European citizens will be "masters" of their personal data after the European Union agreed sweeping data protection reform that will give them much more say over how companies use their information, a top EU official said.
Under the new law agreed between EU lawmakers, member states and the European Commission on Dec 15, firms will have to ask for citizens' unambiguous consent to use their data for activities such as online advertising and could be fined up to 4% of global revenues if they break the law.
The data protection regulation, proposed four years ago by the Commission, the EU executive, replaces 28 different sets of privacy laws in the EU dating back to the 1990s, when the Internet was still in its infancy.
Vera Jourova, EU Justice Commissioner, said it was "high time" the law was updated, both for businesses and individuals.
"Citizens should have more possibilities, more chances to be the masters of their personal data, to be informed on what somebody does with their personal data," she said in an interview.
Privacy concerns include where data is stored and how companies analyse it and target advertising. While companies such as Google and Facebook already ask for people's permission to keep and use their data, the current set of laws is less stringent on when people's permission must be sought.
The new law, which will come into force in two years, also enshrines the "right to be forgotten" whereby Europeans can ask for outdated or irrelevant information about them to be taken down from the web.
Privacy concerns have also risen following revelations by former US National Security Agency contractor Edward Snowden about US government mass spying programmes.
"We must make sure that the data subject will not change into the data object," Jourova said.
Guidelines on law next year
The Commission will work with European data protection authorities in the coming year to issue guidelines on the law.
They will clarify what types of companies will be particularly affected and what kinds of data breaches will be subject to fines by regulators, Jourova said.
Stressing that the 4% limit for fines was the "last resort", Jourova said it was important that regulators implement the law consistently in the 28-country bloc.
"It would be bad if an Italian company were sanctioned more than a French one for the same thing," the Czech politician said.
US tech companies, like Facebook and Google, have had run-ins with national data protection authorities over their privacy practices. But while the fines that regulators can currently levy are paltry compared to the billions of dollars of revenue that the companies earn, the new law dramatically changes that.
James Kinsella, a former Microsoft executive and founder of Zettabox, a European cloud storage company, said companies would have to be more aware of where their data was stored to avoid falling foul of the new rules.
"For business this law has real teeth," Kinsella said. — Reuters
We're sorry, this article is unavailable at the moment. If you wish to read this article, kindly contact our Customer Service team at 1-300-88-7827. Thank you for your patience - we're bringing you a new and improved experience soon!
What do you think of this article?