Reding Unveils EU Data Protection Law Update
Non-EU companies such as Google and Facebook could face legal action of they violate EU privacy regulations
Viviane Reding, European Commissioner for Justice, Fundamental Rights and Citizenship, has warned that the EU will not hesitate to take legal action against websites and services that fail to uphold data privacy rules, as the European Commission prepares to update the laws covering online privacy.
“To enforce the EU law, national privacy watchdogs shall be endowed with powers to investigate and engage in legal proceedings against non-EU data controllers whose services target EU consumers,” Reding stated on Wednesday. “Any company operating in the EU market or any online product that is targeted at EU consumers must comply with EU rules.”
Reding said the proposed update will be based on four principles, one of which is the enforceability of EU regulations on non-EU companies. Another is that users have “the right to be forgotten”, and thus to opt out of data collection and storage.
Websites “must prove that they need to keep the data, rather than individuals having to prove that collecting their data is not necessary”, she stated. “I am a firm believer in the necessity of enhancing individuals’ control over their own data.”
‘Privacy by default’
A third principle is transparency: websites must also provide more clarity on what data they are collecting and what it is to be used for, she said.
Reding said data collection should also be based on “privacy by default”, rather than on requiring users to opt out of data collection efforts.
“Privacy settings often require considerable operational effort in order to be put in place,” she stated. “Such settings are not a reliable indication of consumers’ consent. This needs to be changed.”
The Commission’s proposals on the data protection rules will be released by July, Reding said.