The EU will this week propose new, tighter data protection rules which could have big implications for companies like Google and Facebook, as well as companies attacked by hackers.
According to a draft document seen by Reuters, the proposals include a long-discussed ‘right to be forgotten’ that would give individuals the right to ask for their personal information to be erased.
Also included is a ‘right to data portability’, allowing personal data to be easily transferred between companies.
“Internet users must be told which data is collected, for what purposes and how long it will be stored. They need to know how it might be used by third parties. They must know their rights and which authority to address if those rights are violated,” said said EU commissioner Viviane Reding at a conference last week.
“Second, whenever users give their agreement to the processing of their data, it has to be meaningful. In short, people’s consent needs to be specific and given explicitly.”
Penalties for failing to observe the rules could see companies hit with fines of up to five percent of their global turnover.
Another big feature of the proposals is a move to force companies to reveal security breaches within 24 hours. Last year, both Sony and Citigroup were criticized for long delays in revealing to customers that their personal information had been put at risk.
Indeed, a report from insurance underwriter Hiscox two years ago revealed that 38 percent of Fortune 500 companies that experienced a potential data breach failed to mention it in their public filings.
Last October, the US Securities and Exchange Commission ordered companies in the US to disclose security breaches.
Also included in the proposals are measures to cut red tape and simplify data protection, with a single law across the EU. And reding is calling for the creation of new, clearer rules on the transfer of data across international borders.
The new proposals are expected to be published on Wednesday, and will need to be ratified by individual member states over the next three years.