The European Commission stated that on January 25, it will propose several changes to the data protection and privacy rules put into place over 15-years ago. The changes, the commission said, focus on reinforcing individuals’ rights, strengthening the EU market, and ensuring a high level of data protection.
The proposed changes will streamline the existing policies and rules currently used by the 27 countries that make up the European Union. While there is plenty of overlap in the EU, there are some gaps, which the proposed changes hope to address.
“Every day within the EU, businesses, public authorities and individuals transfer vast amounts of personal data across borders. Conflicting data protection rules in different countries would disrupt international exchanges,” the commission’s website explains.
There is concern that the proposed changes may go too far. For example, any organization that houses personal information, no matter if it is collected from customers or employees, would be required to disclose a breach of this data to those impacted and authorities within 24-hours. Further, failure to do so could result in the organization being fines up to 2% of their global turnover.
“Companies that suffer a data leak must inform the data protection authorities and the individuals concerned, and they must do so without undue delay. European data protection rules will become a trademark people recognize and trust worldwide,” commented EU Justice Commissioner Viviane Reding, during a conference on Sunday in Munich.
Moreover, the new policy changes will require “specific and explicit” from Internet users when it comes to storage and removal of data. This includes the “right to be forgotten” law. The only exception would be if keeping the stored data has a legally justified interest, such as meeting law enforcement retention standards.
The consent requirements and the “right to be forgotten” provision are troubling to some organizations. They fear that such requirements will stifle innovation. The “right to be forgotten” forces social networks such as Facebook to completely remove everything a person as posted once requested to do so, even if the user consented to it being a public profile.
In a pitch on the provision, the commission said that the “right to be forgotten” is a necessity.
“Every day within the EU, businesses, public authorities and individuals transfer vast amounts of personal data across borders. Conflicting data protection rules in different countries would disrupt international exchanges. Individuals might also be unwilling to transfer personal data abroad if they were uncertain about the level of protection in other countries,” the commission explains.
“70% of EU citizens are worried about the misuse of their personal data. That’s why the EU is developing rules to strengthen your right to access, change, or delete your data. And it’s adding a ‘Right to be Forgotten’ online, letting you remove all your data from a website as soon as you want it gone. Because your personal data, it’s you.”