Reding Looks To Extend EU Rules On Data Breaches

In light of the damaging Playstation hack, the EC Justice Commissioner Viviane Reding has called for an extension of European laws on data breaches.

Reding made the comments in a speech, and said the extension would apply to all online companies, including social media, retail, online banking, and gaming sites, so that these companies should notify users if their data is at risk.

As it stands in the UK, the European rules on data breaches only apply to telecom providers and Internet Service Providers (ISPs), who are required to immediately notify their users as well as appropriate regulators of data breaches involving personal information.

User Confidence

“I think it is important that users are notified if someone has unlawful access to their data,” Reding said. “It is essential for consumer confidence that they know what happens to their data.”

Reding said she would investigate the extension of the data breach notification regulations in the upcoming review of data protection laws in Europe.

Of course Reding’s comments come at a time when a number of companies and websites are reeling from damaging data breaches. This includes the likes of Epsilon, TripAdvisor, Play.com, and more recently Sony and its Playstation network.

The Playstation hack exposed the personal details of more than 77 million PlayStation Network account holders. To make matters worse security experts also uncovered an earlier hacking attack, that exposed the details of another 24.6 million Sony Online Entertainment (SOE) accounts.

Sony CEO Howard Stringer, along with other Sony executives have publicly apologised for the data breach.

But the Japanese consumer giant has blamed the hacking group Anonymous, as it said the breach took place whilst it was fending off a denial of service attack from them. Anonymous has denied its involvement with the loss of customer details.

Privacy Concerns

“European citizens care deeply about protecting their privacy and data protection rights,” Reding was quoted as saying by the New York Times. “Any company operating in the EU market or in any online product that is targeted at EU consumers should comply with EU rules.”

Reding also took the opportunity to chastise Sony for its slow response in letting customers know of the breach, as the breach reportedly took place between 17 and 19 April, but Sony only informed customers on 26 April.

“Seven days is too late,” Reding was quoted as saying.

Reding also referenced Apple and its controversial location-tracking “bug” in iOS4. Reding said that Apple and Sony had eroded “the trust of our citizens” in technology in the face of these data lapses.

Reding insisted that it is up to these companies to reinstate the trust, and that she would rely on good legislation, independent data protection authorities, and responsible company policies to help.