U.S.-based technology firms Google Inc. (GOOG), Facebook Inc. (FB), Apple Inc. (AAPL) and other non-European companies that offer services in the European Union must abide by its overhauled data-protection rules, according to the bloc’s justice chief.
The same limits have to apply to all companies that do business in the 27-nation area, EU Justice Commissioner Viviane Reding said in a speech in Brussels today. Consumers in Europe need to know that their data is processed in line with European rules “that reflect the fact that data protection is a fundamental right,” Reding said.
Reding presented plans in January 2012 to entirely reform the data-protection rules that apply to the bloc’s 27 member nations. She has insisted from the start that the rules, once they received the backing by EU lawmakers and ministers and can be enforced, would also apply to U.S. companies such as Facebook and Google. The new protections would “refresh” an existing EU data-protection law which dates back to 1995, Reding said today.
“The reasoning is simple: if companies outside Europe want to take advantage of the European market with its potential 500 million customers then they have to play by the European rules,” Reding said in the speech.
Google, based in Mountain View, California, and Facebook are among several U.S. Internet companies that have faced scrutiny in the EU for possible privacy-rule violations over their use of personal data. Data-protection officials from 30 European countries have pushed Google, Microsoft and Yahoo! Inc. to limit the amount of time they store search records. The same group criticized Menlo Park, California-based Facebook for policy changes that may have harmed users’ privacy rights.
Google and Microsoft Corp. (MSFT) were among companies to warn the EU in 2011 against “overly strict” data-privacy curbs that may harm technology development in the region. Reding said today she won’t accept any attempts to water down the proposed rules.
“Those who want to maintain a high level of protection in Europe have recognized the need to move fast,” said Reding. “Those who want to lower the level of protection in Europe have tried to slow the file down. I will not let this happen.”
The plan is to give people more control over their personal data and allow for the first time all EU data protection watchdogs to fine companies as much as 2 percent of yearly global sales for “intentionally or negligently” violating the rules. Included are also plans to create a harmonized approach by the separate watchdogs in the EU to avoid lengthy proceedings by the end of which companies are faced with varying decisions from regulators.
To contact the reporter on this story: Stephanie Bodoni in Luxembourg at firstname.lastname@example.org
To contact the editor responsible for this story: Anthony Aarons at email@example.com