Europe is considering a sweeping new law that would force Internet firms like Amazon.com and Facebook to obtain explicit consent from consumers about the use of their personal data,delete that data forever at the consumers request and face fines for failing to comply.
Companies must be transparent about what they are doing, said Viviane Reding,the European Commissions vice-president for justice.
The proposed data protection regulation from the European Commission,a copy of which was obtained by The New York Times,could have significant consequences for all Internet companies that trade in personal data,whether it is pictures that people post on social networks or what they buy on retail sites or look for on a search engine.
The regulation would compel websites to tell consumers why their data is being collected and retain it for only as long as necessary. If data is stolen,sites would have to notify regulators within 24 hours. It also offers consumers the right to transport their data from one service to another to deactivate a Facebook account,for example,and take ones trove of pictures and posts and contacts to Google Plus.
The proposed law strikes at the heart of some of the knottiest questions governing digital life and commerce: who owns personal data,what happens to it once it is posted online,and what the proper balance is between guarding privacy and leveraging that data to aim commercial or political advertising at ordinary people.
Companies must be transparent about what they are doing,clear about which data is being used for what, the European Commissions vice-president for justice,Viviane Reding,said in a recent telephone interview. I am absolutely persuaded the new law is necessary to have,on the one hand,better protection of the constitutional rights of our citizens and more flexibility for companies to utilise our Continent.
Reding is scheduled to release the proposed regulation on Wednesday in Brussels. The European Parliament is expected to deliberate on the proposal in the coming months,and the law,if approved,would go into effect by 2014. The regulation is not likely to directly affect American consumers. For American companies,its silver lining is that it offers one uniform law for all 27 countries in Europe. Currently each country,and sometimes,as in the case of Germany,each state,has separate laws about data protection. Even so,many of the provisions are likely to be costly or cumbersome. And the proposed penalties could be as high as 2 per cent of a companys annual global revenue.