The European Parliament voted yesterday (Monday 21 October) to strengthen Europe’s data protection laws, including plans to impose fines of up to £84.7m on companies if they break the rules.
The decision will open the way for further negotiations with EU member states and the European Commission on the plans – the first revision to Europe’s data laws since 1995.
Since that time, enormous changes have taken place in how data is generated, stored, shared and viewed, leaving lawmakers determined to draft rules that they say will better protect individuals.
Earlier last year, the Commission suggested sanctions of up to 2 per cent of global turnover on companies that violate the rules, and said consumers should have the “right to be forgotten”, meaning that they should be able to remove their entire digital traces from the Internet. In the interim, the parliament’s civil liberties committee came up with nearly 4,000 amendments to the original plan
The changes will also mean the replacement of the “right to be forgotten” with “the right of erasure”, which is seen as a lesser obligation. Officials said the change in language was necessary, as consultations with technology companies had made clear that it would impossible to entirely remove someone’s traces from the Internet and individuals should not be promised something that could not be achieved.
There will also be strict rules on how data is shared or transferred to non-EU countries. For example, if the US wants access to information held by Google about a European citizen based in Europe, the firm would have to seek authorisation from a European data authority first.
Commenting on the vote, EU Justice Commissioner, Viviane Reding, said that it means a strong and uniform European data protection law that will cut costs for business, adding that it will herald “one continent, one law”.