Facebook, Google Must Obey Stricter EU Data-Protection Rules, Reding Says

Facebook Inc., the most-visited U.S. website, Google Inc. (GOOG) and other U.S.-based companies would have to comply with stricter data-protection rules being planned for the European Union, the region’s justice commissioner said.

Any company active in the 27-nation region or any Internet- based product targeted at European consumers “must comply with EU rules,” Viviane Reding said in a speech in Brussels today.

“Privacy standards for European citizens should apply independently of the area of the world in which their data is being processed,” said Reding. “A U.S.-based social network company that has millions of active users in Europe needs to comply with EU rules.”

Google, based in Mountain View, California, and Palo Alto, California-based Facebook are among several Internet companies under scrutiny in the EU for possible privacy-rule breaches over their use of personal data. Data protection officials from 30 European countries have pushed Google, Microsoft Corp. (MSFT) and Yahoo! Inc. to limit the amount of time they store search records. The same group has criticized Facebook for policy changes that could have harmed users’ privacy rights.

In November, Reding proposed an overhaul of the EU’s nearly 16-year-old data-protection policies to address online advertising and social-networking sites. The law, which the regulator will formally offer up later this year, may include stricter sanctions, such as criminal penalties, and the option for consumer groups to file lawsuits. Reding, 59, hadn’t previously said how the rules would affect U.S.-based firms.

Committed to Privacy

Google spokesman Al Verney declined to comment. Spokespeople for Facebook didn’t immediately respond to an e- mail seeking comment.

Search engine operator Yahoo! Inc. said in an e-mailed statement it’s “deeply committed to privacy.”

“We always welcome the opportunity to sit down with EU stakeholders, regulators, advocates, NGOs and industry to encourage a modern approach to privacy that prevents bad actors, is adaptable to new innovations in online services and protects users,” Yahoo said.

Reding said that “national privacy watchdogs shall be endowed with powers to investigate and engage in legal proceedings against non-EU data controllers whose services target EU consumers.”

Revised EU data-protection rules will give people “the right, and not only the possibility, to withdraw their consent” for companies to collect and use their data to better market their products, said Reding.

It should be up to companies to prove why they need to keep user data, such as search records, rather than Internet users having to prove why collecting their data isn’t justified, the commissioner said.

Jesse Verstraete, a spokesman in Brussels for Redmond, Washington-based Microsoft declined to immediately comment.

To contact the reporter on this story: Stephanie Bodoni in Luxembourg at sbodoni@bloomberg.net

To contact the editor responsible for this story: Anthony Aarons at aaarons@bloomberg.net

Bloomberg reserves the right to remove comments but is under no obligation to do so, or to explain individual moderation decisions.

Please enable JavaScript to view the comments powered by Disqus.