13 Mar 2014

New European Data Protection Law Concerns Tech Industry

The European parliament has approved a new Data Protection Regulation to protect citizens’ right to privacy, according to cio.com.

The regulation sets higher fines for companies involved in data breaches in the EU. The fines, up to 5% of an organization’s revenue, or $100 million, are established by the data protection authority of each member state. In case of security breaches, businesses have 24 hours to inform affected users.

Citizens will also have the right to have their data erased, unless legitimate reasons demand it be kept. They can also ask to see all their stored data. Organizations processing people's data will require users’ explicit consent and provide information policies explaining how they handle the data.

The new law applies to all companies storing EU citizens' information, despite their location.

"Strong data protection rules must be Europe's trademark,” said Viviane Reding, Justice Commissioner. “Following the U.S. data spying scandals, data protection is more than ever a competitive advantage."

The decision was welcomed by consumer groups but tech industry representatives are concerned it will be in their disadvantage. "[The text] will hamper Europe's ability to take advantage of new ways of using data,” a DigitalEurope spokesperson said in a statement. “This will put Europe at a disadvantage to other parts of the world that are embracing the new technologies."

In a separate vote, the European Parliament approved a resolution to stop data sharing with the US, unless it respects fundamental EU rights.