Data-protection authorities in the European Union must have greater powers to better enforce privacy rules across the 27-nation region, the EU’s justice commissioner said.
“The authorities responsible for data protection must be provided with sufficient powers to enforce the law and they must have sufficient resources to exercise their powers,” Viviane Reding said in prepared remarks of a speech in Brussels today. “We need legal certainty and a level-playing field for all businesses that handle personal data of our citizens.”
Reding last year proposed an overhaul of the EU’s 16-year-old data-protection policies to address online advertising and social-networking sites. The law, which the regulator intends to formally publish by February, may include stricter sanctions, such as criminal penalties, and the option for consumer groups to file lawsuits.
Companies, like consumers, need “a one-stop-shop when it comes to data-protection matters, one law and one single data protection authority for each business; that of the member state in which they have their main establishment,” said Reding.
Current rules mean any company operating in the EU has to abide by 27 different interpretations of the region’s rules on privacy.
“The administrative burden associated with this fragmentation costs businesses an estimated 2.3 billion euros ($3.08 billion) per year,” said Reding.
The reformed privacy law in the EU will strengthen the coordination and cooperation between national data protection authorities to ensure the rules are enforced consistently, said Reding.
The commissioner also reiterated her plans to introduce a general obligation for anyone controlling data to notify regulators and individuals when a data breach is discovered.
The new rules should ensure that “individuals are sufficiently informed when their personal data is lost, stolen or breached,” she said. Reding cited the incident of a security breach at Sony Corp. that exposed 77 million online accounts on the company’s PlayStation Network and Qriocity online services video-and music-streaming services.
“This incident highlighted why companies need to reinforce the security of the information they hold,” she said. “Frequent data security breaches risk undermining consumers’ trust in the digital economy.”