Privacy - you play by our rules
Jinfo Blog

By Tim Buckley Owen

Item

Long anticipated, the European Commission has released its proposals for restructuring its data protection laws. They’re tough – but recent actions by a couple of major American information companies suggest that they'll need to be.

To be sure, elements of the proposals are billed as pro-business. There will be a single set of rules across the whole of the European Union (EU), which should save businesses some €2.3 billion a year, the Commission claims.

But in return European citizens will be able to demand easier access to their own data, the right to transfer it from one service provider to another more easily – and the right to have it deleted if they wish. Companies that offer services to EU citizens yet handle their data abroad must abide by EU rules – and if they don’t, the penalties could amount to €1 million or up to two per cent of their global annual turnover.

One data protection legal expert, Marc Dautlich of the law firm Pinsent Masons, gives the proposals a mixed reception. Consistency across the whole of the EU will at least bring some business certainty, and the threatened two per cent fine is a climb-down from the five per cent leaked previously, he acknowledges.

But the requirement to notify breaches within 24 hours – and particularly the “right to be forgotten” – will be a headache for all sorts of publishing businesses and other sectors too. Britain’s official privacy watchdog the Information Commissioner has already said that it’s probably unenforceable (see LiveWire coverage) – but if they really want to try and stop it, some major American players are scarcely helping their own cause.

Take the Safe Harbor arrangement, whereby some United States organisations are allowed to process European personal data (more LiveWire background) subject to Federal Trade Commission oversight. Microsoft’s EU affairs chief Ron Zink trusts that the system will continue (according to a report in the Register newsletter) and in any case regards the Commission’s new proposals as merely “aspirational”.

But Zink’s remarks provoked a retort from Walter Van Holst of the European Digital Rights group that Safe Harbor was dead – they’d just forgotten to bury it. And meanwhile, Google has scarcely endeared itself to privacy activists either.

In an interesting piece of timing, Google announced plans to consolidate its privacy policies just a day before Commissioner Viviane Reding set out her proposed new data protection rules. But Google seems to have blown it by emailing Virgin Media customers about its plans when it had no right of access to their email addresses.

American organisations sometimes seem bemused at the European obsession with privacy. Perhaps they should take a look at a recent Economist article about chilling abuse of data during the Nazi era to understand just why.

« Blog