The European Commission has voted in favour of a more stringent data protection law post-NSA spying revelations. The policy would strengthen online privacy for EU citizens by outlawing some data transfers currently used in the US and demanding hefty fines – up to five per cent of worldwide annual turnover – from companies that violate the policy.
Lobbyists have been pushing for a new data protection regulation for the past 18 months and last night the legislation passed with a strong majority: MEPs voted in favour of the proposal 49-3 with one abstention. It has a while to go until it becomes EU policy, though – the European Parliament still has to hold a plenary vote in April 2014 and get the agreement of the EU’s member states. It’s likely the bill will be amended by then.
If the data protection proposal becomes practice it will be the first time the EU will have a strong and overarching online privacy law for its citizens, including heavy consequences for rule-breakers.
The amendments for the act were proposed by German Green MEP Jan Phillip Albrecht – a figurehead for data protection in Europe and one of the most vocal opponents to the NSA’s current surveillance scheme.
Included in his suggestions: the right to delete, access and correct personal data on the internet, the ability to agree or disagree to data processing, no tracking of users that have not consented to it, preventing companies from transferring European data to “third country authorities”, using pseudonymised data when information can be directly or indirectly linked to an individual and introducing hefty fines for companies that disobey the policy.
“In the future, only EU law will be applicable when citizens’ data in the EU will be used, independently of where the company using the data is based, be it in Germany, Ireland or the US,” Albrecht said.
EU Justice Commissioner Viviane Reding showed her support for the proposal, stating: “Tonight’s vote also sends a clear signal: as of today, data protection is made in Europe.”
Image credit: jDevaun