EU expected to approve sweeping privacy law

EU expected to approve sweeping privacy law
© Getty Images

The European Union is expected Tuesday to approve a sweeping new privacy law to replace a patchwork of 28 different national standards, according to Monday reports.

The new data protection law would give regulators greater enforcement powers and would levy a fine of 4 percent to 5 percent of global revenues for noncompliance.

The exact percentage will depend on the outcome of Tuesday’s negotiations.

“We’re quite happy with what’s on the table,” a European Commission official told The Wall Street Journal. “Our line has always been that we cannot accept lower protection of users’ data [from the current rules].”

Privacy activists say the stiff new penalties will make large corporations more mindful of how they handle personal data.

Opponents say that the new law will introduce such a high level of risk that companies will be hesitant to innovate in Europe, especially large firms that will be fined as an organization even if the breach only occurs in a small part of the company.

The new law is also intended to simplify compliance by requiring companies to answer only to the regulator in the country in which they have their European headquarters.

Under the current system, companies like Facebook and Google that operate across Europe have struggled to meet the standards of different regulators. Facebook has argued that it should be policed by the regulatory body in Ireland, where it keeps its European headquarters.

The new law will also require companies to alert national authorities of a data breach within 72 hours. Concerns over tardy disclosure came to the forefront after the recent breach of the British telecom provider TalkTalk failed to immediately alert law enforcement.

Security experts say that many European companies are likely not reporting breaches thanks to outdated legislation, leading to a widespread public disregard for basic cybersecurity best practices.

The new law will also enshrine the controversial “right to be forgotten,” which allows people to request that firms like Facebook and Google delete their personal data.