Europe pushes ahead with stricter data privacy rules

BRUSSELS (Reuters) – The European Parliament will vote on proposals to strengthen Europe’s data protection laws on Monday, including plans to impose fines of up to 100 million euros on companies such as Yahoo!, Facebook or Google if they break the rules.

If approved as expected, the vote in parliament’s civil liberties committee will open the way for further negotiations with EU member states and the European Commission on the plans, the first revision to Europe’s data laws since 1995.

In the nearly two decades since then, vast changes have taken place in how data is generated, stored, shared and viewed, leaving lawmakers determined to get ahead of the game and draft rules that they say will better protect individuals.

In its legislative proposal unveiled in early 2012, the Commission suggested sanctions of up to 2 percent of global turnover on companies that violate the rules, and said consumers should have the “right to be forgotten” – that they should be able to remove their entire digital traces from the Internet.

The parliament’s civil liberties committee has come up with nearly 4,000 amendments to the original plan, including increasing the fine to 5 percent of annual worldwide turnover or 100 million euros, whichever is greater.

The changes, which parliamentary officials said they expected to be approved by the committee in a vote at 2030 GMT, would also mean the replacement of the “right to be forgotten” with “the right of erasure”, seen as a lesser obligation.

Officials said the change in language was necessary as consultations with technology companies had made clear that it would impossible to entirely remove someone’s traces from the Internet. Individuals should not be promised something that could not be achieved, the officials said.

Parliament, in line with the Commission’s proposals, also wants to impose strict rules on how data is shared or transferred to non-EU countries. For example, if the United States wants access to information held by Google or Yahoo! about a European citizen based in Europe, the firm would have to seek authorisation from a European data authority first.

That would establish an extra, EU-controlled gateway that might go some way to assuaging the profound concerns raised in Europe about U.S. data spying activities revealed via the leaks from former U.S. data analyst Edward Snowden.

Facebook, Yahoo!, Google and other Internet-based firms, the vast majority of them American, have lobbied against the Commission’s proposal, concerned it will damage their business model by imposing an extra, costly burden on how they handle data, and limit their ability to target goods at consumers.

U.S. authorities are also worried that if Europe establishes strict new data rules, countries in Latin America, the Middle East, Africa and Asia will tend towards the European model, setting a higher global data-protection threshold.

That would leave the United States either having to offer the same protections or lobbying to get countries to adopt its less rigid code of protection, creating an uneven playing field that could dent the competitiveness of U.S. firms.

If Monday’s committee vote passes, negotiations with EU member states and the European Commission are expected to start later this year or early in 2014. EU leaders will discuss the issue at a summit in Brussels on October 24-25 and could give some indication then of how quickly they want to proceed.

The aim is to have the legislation agreed before May, when the assembly breaks up and new European Parliament elections are held. However, EU officials are not convinced this is feasible.