Europe Tightens Up Rules To Protect Personal Data
The European Parlament members voted for stronger safeguards for EU citizens' personal data that gets transferred to non-EU countries in a major overhaul of the EU's data protection laws voted on Wednesday.
The new rules aim both to give people more control over their personal data and to make it easier for firms to work across borders, by ensuring that the same rules apply in all EU member states. MEPs also increased the fines to be imposed on firms that break the rules, to up to €100 million or 5% of global turnover.
To better protect EU citizens against surveillance activities like those unveiled since June 2013, MEPs amended the rules to require any firm (e.g. a search engine, social network or cloud storage service provider) to seek the prior authorisation of a national data protection authority in the EU before disclosing any EU citizen?s personal data to a third country. The firm would also have to inform the person concerned of the request.
Firms that break the rules should face fines of up to €100 million, or up to 5% of their annual worldwide turnover, whichever is greater, say MEPs. The European Commission had proposed penalties of up to €1 million or 2% of worldwide annual turnover.
The new rules should also better protect data on the internet. They include a right to have personal data erased, new limits to "profiling" (attempts to analyse or predict a person's performance at work, economic situation, location, etc.), a requirement to use clear and plain language to explain privacy policies. Any internet service provider wishing to process personal data would first have to obtain the freely given, well-informed and explicit consent of the person concerned.
The data protection package consists of a general regulation covering the bulk of personal data processing in the EU, in both the public and private sectors, and a directive covering personal data processed to prevent, investigate or prosecute criminal offences or enforce criminal penalties (law enforcement).
The European Parliament voted on its first reading of the draft legislation, in order to consolidate the work done so far and hand it over to the next Parliament. This ensures that the MEPs newly elected in May can decide not to start from scratch, but instead build on work done during the current term.
To better protect EU citizens against surveillance activities like those unveiled since June 2013, MEPs amended the rules to require any firm (e.g. a search engine, social network or cloud storage service provider) to seek the prior authorisation of a national data protection authority in the EU before disclosing any EU citizen?s personal data to a third country. The firm would also have to inform the person concerned of the request.
Firms that break the rules should face fines of up to €100 million, or up to 5% of their annual worldwide turnover, whichever is greater, say MEPs. The European Commission had proposed penalties of up to €1 million or 2% of worldwide annual turnover.
The new rules should also better protect data on the internet. They include a right to have personal data erased, new limits to "profiling" (attempts to analyse or predict a person's performance at work, economic situation, location, etc.), a requirement to use clear and plain language to explain privacy policies. Any internet service provider wishing to process personal data would first have to obtain the freely given, well-informed and explicit consent of the person concerned.
The data protection package consists of a general regulation covering the bulk of personal data processing in the EU, in both the public and private sectors, and a directive covering personal data processed to prevent, investigate or prosecute criminal offences or enforce criminal penalties (law enforcement).
The European Parliament voted on its first reading of the draft legislation, in order to consolidate the work done so far and hand it over to the next Parliament. This ensures that the MEPs newly elected in May can decide not to start from scratch, but instead build on work done during the current term.