Artenauta - Fotolia

Deal on EU data protection is close

A deal to standardise data protection rules across the EU could be imminent after compromises were made

The European parliament and negotiators have made what they describe as a “strong compromise” on EU-wide data protection and member states will now be given the opportunity to approve a deal.

The potential legislation would give EU citizens control over their own private data and clarify rules on how digital businesses use data. If it is agreed, companies will not be allowed to divulge information they have received for a particular purpose without the permission of the person concerned.

If the rules are broken, large internet companies could face fines worth billions of euros.

The proposed regulation and directive will be voted on by the European parliament’s civil liberties committee tomorrow. If approved, it will be put to a vote by the whole parliament.

“Today’s negotiations have hopefully cleared the way for a final agreement,” said MEP Jan Philipp Albrecht, parliament’s lead on the regulation. “In future, firms breaching EU data protection rules could be fined as much as 4% of their annual turnover – for global internet companies in particular, this could amount to billions.

“In addition, companies will have to appoint a data protection officer if they process sensitive data on a large scale or collect information on many consumers.”

Albrecht added: “The regulation returns control over citizens’ personal data to citizens. Consumers will have to give their explicit consent to the use of their data.”

Member states could not agree to set an EU-wide 13-year age limit for parental consent for children to use social media, but they will now be free to set their own limits between 13 and 16 years.

There is also a draft directive on data transfers for policing and judicial purposes to allow law enforcement bodies in the EU to exchange information more quickly and effectively, while protecting citizens’ freedom.

Read more about EU data protection

MEP Marju Lauristin said: “It is of the utmost importance, especially after the Paris attacks, to enhance police co-operation and exchange of law enforcement data. I am very confident that this law will offer the right balance between safeguarding citizens’ fundamental rights and increasing the effectiveness of police co-operation throughout the EU.”

If agreed, this will be the first regulation to harmonise 28 different law enforcement systems relating to exchanging data.

According to a recent survey by Ovum, two-thirds of global companies will review their business strategies in European countries in view of the coming regulations. This move is prompted by costs and practicality, with 68% of respondents claiming the new regulations will dramatically increase the costs of doing business in Europe, and more than 50% feeling they will not be able to fulfil the requirements set out by the EU.

Matthew Fell, interim chief policy director at the Confederation of British Industy, said business supports a digital single market in Europe which works for both consumers and business. “Data is fundamental to delivering this and while the protection of that data is absolutely essential, these measures miss the mark for both businesses and consumers,” he said.

“From driving research and development in healthcare to powering our free social media and search platforms, data analytics is a vital part of modern business. This new legislation could hamper that with unnecessary administrative burdens and costs, such as mandatory data protection officers, placed on firms of all sectors and sizes.”

Read more on Data breach incident management and recovery