Europe to introduce tough data protection laws for tech companies

The European Union recently agreed strict new rules on data protection which could boost the Digital Single Market but could carry a number of major fines for companies that break privacy rules.

More than 90% of Europeans want the same data protection rights across the EU and this is soon going to become a reality with the EU Data Protection Reform finally being put forward. This means businesses could face sanctions of up to 4 per cent of global turnover under the agreement. Larger internet companies could also be hit with fines for major breaches of the new laws and regulations.

The General Data Protection Regulations enables individuals to have better control over their personal data and also modernises the rules to allow businesses to benefit from reinforced consumer trust. The Data Protection Directive ensures that the data of victims and suspects of crimes are duly protected in the context of a criminal investigation.

"Today's agreement is a major step towards a Digital Single Market. It will remove barriers and unlock opportunities. The digital future of Europe can only be built on trust. With solid common standards for data protection, people can be sure they are in control of their personal information. And they can enjoy all the services and opportunities of a Digital Single Market. We should not see privacy and data protection as holding back economic activities. They are, in fact, an essential competitive advantage. Today's agreement builds a strong basis to help Europe develop innovative digital services." said Andrus Ansip, Vice-President for the Digital Single Market.

Some of the key details being put forward are:

  • Giving people access to their own data so it's available in an understandable way and are given information on how their data is processed
  • A right to data portability so it's easier to transfer personal data between providers
  • A 'Right to be Forgotten' if you no longer want your data to be processed and to have it deleted with no ways to retain it
  • A right to know when your data has been compromised or stolen. Companies and organisations must notify the national supervisory authority of serious data breaches as soon as possible so users can take appropriate measures.
  • The regulation will establish one single set of rules to make it simpler and cheaper for companies to do business in the EU and only have to deal with one single supervisory authority which could save 2.3 billion per year.
  • Companies based outside of Europe will need to apply the same rules when offering services to the EU.

Another big change is the digital age of consent being raised to 16, meaning anyone under the age of 15 will require the consent of their parent or guardian to sign up for apps and websites. popular websites such as Facebook, Twitter and Google are reported to be against the decision due to having a large customer base under the age of 16.

More information and a full list of changes of the EU data protection reform can be found here.