Much stricter privacy laws to be expected in Europe
The European Parliament has passed the EU’s first major change to its data protection legislation since 20 years. Parliamentarians also voted for a resolution calling for the suspension of a key deal affecting U.S. web firms. More information can be read in this article on GIGAOM.
What will this new privacy law/regulation mean for users in 9 points
- EU privacy laws apply to the processing of EU citizens’ data, even if that data is processed in another country.
- A court or tribunal in a country outside the EU may not demand the transfer or disclosure of an EU citizen’s personal data (as with the previous point, enforcing this one would be fun).
- Fines for not following this regulation could be as high as €100 million or up to five percent of an enterprise’s annual turnover, whichever is larger. In other words, the likes of Google would face much higher fines for privacy breaches than the paltry sums they have to pay today, making EU law much harder to ignore.
- People must consent to having their personal data processed, and must be able to withdraw that consent as easily as they give it. This would create a culture of opting in, rather than today’s norm of opting out.
- People have the right to get their personal data from someone who holds it, in a commonly used, interoperable electronic format. This would be a victory for campaigners such as Europe v Facebook.
- Because the regulation harmonizes EU data protection law, EU citizens who want to complain about the violation of their privacy rights in any EU member state can approach the local data protection regulator in a member state of their choice. This makes it a lot easier to bypass the fact that U.S. web firms base their European operations in Ireland, which has relatively light-touch privacy regulation. Again, a win for campaigners.
- Organizations processing people’s data must provide standardized information policies to explain what they’re doing with it and why.
- People have the right to have their personal data erased (with public interest exceptions, so journalists can probably rest easy). This includes data passed on to third parties.
- People can object to being visibly profiled in a way that could discriminate against them on the basis of race, political beliefs, sexual orientation and so on, and the organizations processing their data must make sure this discrimination doesn’t occur.
A reaction of the European Commission summarises it as follows: Progress on EU data protection reform now irreversible following European Parliament vote
More can be read in follow press release
– Mailfence Team
Patrick is the co-founder of Mailfence. He’s been a serial entrepreneur and startup investor since 1994 and launched several pioneering internet companies such as Allmansland, IP Netvertising or Express.be. He is a strong believer and advocate of encryption and privacy. You can follow @pdeschutter on Twitter and LinkedIn.