The European Commission has laid out a series of key reforms to 1995’s data protection rules in an effort to increase online privacy rights and make companies more accountable for users’ information.
Key proposals include a “right to be forgotten”, a demand that organisations report any data breaches within 24 hours, and an increase in the fines that companies may pay for breaching data protection rules.
Although industry welcomed the proposals, they have been criticised for an over-reliance on fines and punishment, as opposed to encouraging security improvements.
The proposed ‘right to be forgotten’, would give individuals greater freedom over personal information, allowing them to request any data about them to be deleted if there are no “legitimate grounds” to keep it.
Organisations will be required to report data breaches to the authorities as soon as possible, “if feasible within 24 hours”, and data protection authorities will be able to impose fines of up to two per cent of a company’s global annual turnover for any breaches of data laws.
The new rules are intended to come into effect in late 2013 and would not only target organisations within the EU, but any that offer services to EU citizens and handle their data.
Though the Commission’s proposals are presented as a way to make organisations more accountable and consumers more trustworthy of those that handle their information, critics of the new measures are concerned that the law will not properly target the main concerns of data security.
“Since it mainly proposes fines, it [the proposals] will not help keep EU citizen data safe from hackers or insiders,” says Rob Rachwald, Director of Security Strategy at Imperva.
“Rather, the EU should put in place fines coupled with a more prescriptive approach, identifying specific actions firms should take to protect data. The payment card industry, PCI, adopted this approach and has managed to lock down data better than any regulation in existence today.”
Others welcomed the tough stance that the EU will be taking, and warned that the consequences for companies could be serious. Steve Shelton, Head of Data at BAE Systems Detica, hoped that tougher penalties might get companies into line.
“Too many businesses lack a coordinated approach to managing their data,” he said. “They don’t know which customer data they’re storing, where it is being stored or who else in the business may be using it. In the future, this could mean they risk substantial fines for non-compliance with customers’ ‘right to be forgotten’”.
Though many commentators commended the European Commission for taking a step forward for consumer privacy, some said the proposed reforms are not tackling the core concerns of data privacy. More worryingly, the proposals seem to be catching up with technology rather than preparing for the future challenges of data security.
“The bigger concern is how the adoption of new technologies such as cloud and virtualisation will impact the longevity of the latest data protection directive proposals,” says Francois Zimmermann, Chief Technology Officer at Hitachi Data Systems UK.
“If it is a further two years before internet companies are legally obliged to comply with the latest changes, will they still be relevant? To implement effective data management policies, the rules and policies should be updated as part of an evolutionary process, with changes being introduced as and when they are needed, rather than in a raft every few years or so.”
Suspended prison sentence for Craig Wright for “flagrant breach” of court order, after his false…
Cash-strapped south American country agrees to sell or discontinue its national Bitcoin wallet after signing…
Google's change will allow advertisers to track customers' digital “fingerprints”, but UK data protection watchdog…
Welcome to Silicon In Focus Podcast: Tech in 2025! Join Steven Webb, UK Chief Technology…
European Commission publishes preliminary instructions to Apple on how to open up iOS to rivals,…
San Francisco jury finds Nima Momeni guilty of second-degree murder of Cash App founder Bob…