BRUSSELS – The European Union late Tuesday took a major step toward approving sweeping new data protection rules that would strengthen online privacy, streamline legislation between the 28 member states and boost police and security co-operation.
The rules would for the first time create a strong data protection law for Europe’s 500 million citizens, replacing an outdated patchwork of national rules that only allowed for tiny fines in cases of violation.
Instead, the parliament’s chief negotiator Jan Philipp Albrecht said that “firms breaching EU data protection rules could be fined as much as 4 per cent of annual turnover — for global Internet companies in particular, this could amount to billions.”
After four years of fierce political battles between industry and privacy groups, representatives of the European Parliament, the member states and the European Commission reached a provisional agreement at the last legislative session of the year. Even though it still needs to be officially approved by the full plenary and member states, there is a consensus that a full deal will be sealed, officials said.
Once approved, the rules would become official within a two-year span.
Under the rules of the tentative agreement, Albrecht said, “companies will not be allowed to divulge information that they have received for a particular purpose without the permission of the person concerned. Consumers will have to give their explicit consent to the use of their data.”
Over the past two years, protection provisions were beefed up to strengthen online privacy and outlaw the kind of data transfers that was brought to light by Edward Snowden’s leaks about allegedly widespread U.S. online snooping.
“This reform is a big leap forward,” said Sophie In’t Veld of the ALDE liberal group in parliament. “The EU will now have the most extensive data protection laws in the world and will set global standards.”