Blanket EU Privacy Regs Could Make Facebook Break a Sweat
The European Union may soon update its Data Protection Directive to cover all member nations with a uniform policy regarding online data privacy. EU Justice Commissioner Viviane Reding's planned draft legislation will require businesses to inform customers when and why they're collecting customer data and how it's stored.
Nov 28, 2011 11:38 AM PT
The European Union may begin an overhaul of its 1995 Data Protection Directive next year to provide one single unified body of legislation on this issue.
EU Justice Commissioner Viviane Reding will propose the reform in January, her spokesperson, Matthew Newman, told TechNewsWorld.
The legislation will be tabled at the end of January with the European Parliament and the Council of Ministers, which represents all 27 EU member states, Newman said.
There is "a great deal of fragmentation" in the way the Data Protection Directive is implemented because the EU's member states "have transposed [it] in 27 different ways," Newman stated.
In addition to unifying data protection legislation, Reding's proposal will govern how social networking sites and other companies use customer information.
What's Coming Down the EU Privacy Pipeline
Reding's planned draft legislation will require businesses to inform customers when and why they're collecting customer data and how it's stored.
It will also require businesses to notify customers of a breach as soon as it occurs.
"Customers must know when, why and for how long their data is being collected and stored," said Reding's spokesperson Newman.
"A major principle in the reform is that users must be in control of their data. This means that users must give consent explicitly before their data is processed," Newman added.
The proposed legislation will also suggest additional enforcement powers for privacy regulators, but "you will have to wait until the end of January for these details," Newman said.
Facebook and the EU Law
There's been speculation that the legislation is aimed at social networking sites such as Facebook, which has had a series of run-ins with EU privacy regulators. Newman denied that the proposal was meant to target Facebook specifically.
"The rules will be technologically neutral," Newman averred. "They will apply to all data processors."
For its part, Facebook "understands and respects European sensitivities around data protection," company spokesperson Stefano Hesse told TechNewsWorld.
"This single-market approach can both protect privacy and support innovation in digital services and economic growth," Hesse added.
Facebook is "already compliant with the European data protection law established in one country," the company's Hesse said.
However, the social networking site has been repeatedly criticized by Europeans for its data collection and usage practices.
The Office of the Data Protection Commissioner of Ireland is auditing Facebook Ireland. Complaints from Austrian law student Max Schrems, through his organization Europe-v-Facebook, are believed to have been a major factor in triggering the audit, although the DPC has denied this.
Facebook is creating shadow profiles of both its members and others by collecting excessive information on them without giving them notice or getting their consent, according to Schrems.
Impact of the Reforms
Individual national privacy regulators in the EU will be impacted by the proposed new legislation, but until that bill is tabled, it's not clear what the effect will be.
"This office looks forward to a new data protection legal framework which will create certainty for both individuals and business in terms of their rights and responsibilities across the EU and the legal framework for enforcing those rights and responsibilities," Ciara O'Sullivan, spokesperson for the Office of the Irish Data Protection Commissioner, told TechNewsWorld.
Harking Back to the Olde Countrye
Perhaps the United States, where data privacy laws are a mishmash of state and federal regulations and are sometimes in conflict, can benefit from following Europe's example.
"Given that much of this technology originates [in the U.S.], we should lead in laws and enforcement rather than follow, so the products can be designed to better anticipate and comply with laws like this, or they are likely to be replaced by European offerings which are more compliant," Rob Enderle, principal analyst at the Enderle Group, told TechNewsWorld.
Being Good Is Not Doing Good
Whether or not the new EU proposal will be workable is uncertain.
"The proposal sounds intriguing, but it remains to be seen if it will be implemented and how well it will work," Charles King, principal analyst at Pund-IT, told TechNewsWorld.
"That said, IT has become such a staple of life and business that acting in a more concerted way to secure data privacy seems a wise approach," King added.