Facebook Inc., Google Inc. and Microsoft Corp. may face stricter privacy rules requiring them to let users shift data to competitors in the European Union under proposed changes to a draft law.
People need control over their personal data, according to a report published yesterday recommending amendments to the rules proposed by the Brussels-based European Commission.
Social networks should let users move information “from one platform to another” and obtain details of what data companies hold on them, free of charge, said Jan Philipp Albrecht, a German Green Party politician leading the effort in the European Parliament.
EU data-protection watchdogs for the first time would be empowered to fine companies as much as 2 percent of yearly global sales for “intentionally or negligently” violating the rules under the commission proposal. Google, Facebook and other Internet companies have faced investigations by regulators around the world as authorities grapple with how to better police corporate use of personal data.
Data protection “is a fundamental right” that needs to be protected, so “if you want my data, ask me for consent,” Albrecht told journalists at a press conference in Brussels today. His proposal would create “more transparency” on data handling, individual rights and the duties of companies that process personal information.
“What was already a very complex piece of draft legislation has become by far the strictest, most wide-ranging and potentially most difficult to navigate data-protection law ever to be proposed,” Eduardo Ustaran, the head of the privacy and information group at law firm Field Fisher Waterhouse LLP in London, said in a blog posting today. Albrecht’s plans represent a “significant toughening” of the commission’s proposal.
To date, the heaviest penalty levied by an EU privacy regulator was a 100,000-euro ($131,000) fine by French authorities in 2011 for Google’s unauthorized collection of personal data for its Street View mapping service.
Facebook, which has its European base in Ireland, was subject to an audit by the Irish data-protection authority into privacy issues with its facial-recognition feature last year. That review pushed the owner of the biggest social-networking site to delete data identifying faces in users’ photos. Norway’s data-protection regulator said in August it was reviewing how the feature worked and what information Facebook was storing.
“We are concerned that some aspects of the report do not support a flourishing European digital single market and the reality of innovation on the Internet -- which is inescapably global in nature,” said Erika Mann, Palo Alto, California-based Facebook’s head of EU policy in Brussels.
The Industry Coalition for Data Protection, which consists of 15 industry associations with members including Google and Microsoft, also criticized the report.
Albrecht’s proposals “missed an opportunity to reconcile effective privacy safeguards with rules protecting the conduct of business -- both fundamental rights under the EU charter,” the industry group said in an e-mailed statement.
The rules, if adopted, “will undeniably reduce innovation in the market and lead more entrepreneurs to escape Europe’s hostile regulatory environment,” said one of the coalition groups, the Association for Competitive Technology, which represents 5,000 small and medium-size application developers and technology companies.
Microsoft declined to comment on Albrecht’s proposals, as did Al Verney, a spokesman for Google in Brussels.
Under the commission draft, companies will have to contact fewer regulators for data-protection issues across the region as the authority in the country where it’s based will become a “one-stop shop.”
Among Albrecht’s 350 proposed amendments, “lead” watchdogs, such as the Irish agency that oversees Facebook, would work in close cooperation with other national data-protection regulators and consult involved authorities before adopting a decision.
Albrecht’s plans will be examined by fellow lawmakers ahead of discussions on the measures with EU governments. Talks may start by the end of June, he said. The draft law needs the backing of EU lawmakers and EU governments before it can take effect.
EU Justice Commissioner Viviane Reding, who put forward the overhaul of the rules in January 2012, in a statement hailed Albrecht’s report as “supporting the commission’s aim to strengthen Europe’s data-protection rules.”