Proposed online privacy rules are a ‘missed opportunity’

Lawyers have expressed concern over the European Commission’s overhaul of the EU’s online privacy rules that will see companies facing fines of as much as 2 per cent of annual turnover for breach of code.

Mark Watts
Mark Watts

Expected to come into force at the end of 2013 if passed, the proposals, unveiled today, are aimed at upping the pressure on companies operating in the EU to protect users’ personal data.

“It seems to have been the commission’s focus to write something very much directed at addressing what it thinks are ’evils’ of US technology companies without thinking of all the small European companies,” said Mark Watts, data protection partner at Bristows.

“It’s a missed opportunity in terms of trying to write a piece of legislation that matches the reality of sharing information these days.”

Echoing concerns over the latest blow to small businesses, Jane Finlayson-Brown, a partner in Allen & Overy’s data protection team, said that the latest draft still includes a number of “draconian requirements” for businesses that are at odds with pledges to cut red tape and reduce costs to businesses.

“In an attempt to introduce more flexibility, the commission has blurred some of the original tough but clear requirements. This is bad for everyone and will create uncertainty,” she added. 

However, Eduardo Ustaran, a partner and head of the European data protection team at Field Fisher Waterhouse, said that there may be some positive outcomes of “the most radical global attempt ever to regulate exploitation of personal information”.

“For those providers that are quick enough to demonstrate that they meet European standards this brings real opportunity – they’ll be able to market themselves as ’safe processors’ gaining an advantage over the competition,” he explained.

Among the key changes to the 1995 Data Protection Directive proposed by Viviane Reding, the European commissioner in charge of data privacy, is the ability for users to demand their data be deleted if there are no legitimate grounds for retaining it and for organisations to report data breaches within 24 hours.

Reding believes that the overhaul of the rules, which will be valid across the EU, will reinforce consumer confidence in online services, saving businesses around €2.3bn a year as well as providing economic growth for the EU’s 27 member states.

The proposals will now be passed to the European Parliament and EU member states for discussion.

The key changes in the reform can be accessed here.