Euro net users may get “right to be forgotten”
If European officials have their way, “fuhgeddaboutit” could become a legally binding order. New rules would mean net users across the continent would have the right to force a company to delete all personal data about them in most circumstances.
The changes would come via European Union law, which would have to be adopted into national law by all EU countries. That means that even if politicians give the thumbs up to the new plans, it’s likely to be a few years before they take effect.
The main aim of the changes is to bring about a single set of data protection laws across the continent, covering both online and offline information. It’s being billed as helping businesses deal with less red tape and have more certainty about the rules.
There are four main elements to the proposals, which follow a 2010 consultation:
- companies would be legally required to tell customers if data had been stolen or accidentally made public;
- in cases where companies already have to get consent to reuse data, they must now get that consent explicitly rather than just assume its fine unless the customer says otherwise;
- customers will have the right to transfer their personal data from one service provider to another;
- customers will have the “right to be forgotten” and have their personal data deleted on request unless the organization has a legitimate reason to keep hold of it.
The EU also wants the new rules to apply to any data that is held about EU nationals by companies based outside of Europe, and for the customers in such cases to be able to have breaches investigated by their national regulator. That may be trickier to enforce.
Under the current proposals, firms violating the rules could be fined up to one percent of their global revenues. It had previously been reported that officials were considering setting that level as high as five percent.
That apparent climbdown hasn’t been enough to satisfy all online businesses and neither has the EU’s claim that switching to a single set of rules could save businesses a total of €2.3 billion (approx US$3 billion) a year in administration. Several companies, both on and offline, have said any savings will be wiped out by the need to completely overhaul their data management systems to satisfy the delete-on-demand rule.
Related Posts:
