European Commission Enacts Data Protection Regulations

The European Commission, the EU’s executive arm; the European Parliament and member states just approved stringent data protection regulations, considered there to be of equal importance to freedom of expression. The rules, slated to go into effect by early 2017, will give individuals more power over how their information is collected and managed, as well as make data protection regulations consistent across the EU. Officials have been meeting since summer 2015 to hammer out rules that all 28 members could agree to.

According to The New York Times, in order to arrive at a consensus, the members focused on how far privacy rules should go in preventing companies’ access to online information. Before the rules go into effect, Europe’s national governments and the European Parliament will be asked to back the proposal, which they are widely expected to do.

European_Commission_Exterior

“These new Pan-European rules are good for citizens and good for businesses,” says European justice commissioner Vera Jourova, who notes they “will profit from clear rules that are fit for the digital age.”

This puts American tech companies, such as Google and Facebook, on notice; with the new regulations, they are likely to “face intensifying scrutiny by European regulators, with pressure that could potentially curb their sizable profits in the region and affect how they operate around the world.”

The new rules allow national watchdogs to issue fines that could total hundreds of millions of dollars, “if companies misuse people’s online data, including obtaining information without people’s consent.” The rules also codify the “right to be forgotten” into European law, and require companies to inform national regulators within three days of any reported data breach.

Anyone under 16 must obtain parental consent before using Facebook, Snapchat and Instagram among other popular services — unless any national government lowers the age limit to 13. The rules are also extended to any company that has customers in the region, even if it is based outside the EU.

Related:
EU Data-Privacy Law Raises Daunting Prospects for U.S. Companies, The Wall Street Journal, 12/16/15