The owners of Internet search-engines risk fines as high as 100 million euros ($136.8 million) for data-protection violations under a European Union privacy law approved by a European Parliament committee.
The privacy overhaul would target companies that handle information about EU citizens, even when data processing takes place outside the 28-nation bloc, according to the draft law that won the backing of the European Parliament’s civil liberties and justice committee in Strasbourg, France, today.
Jan Phillipp Albrecht, a German Green Party politician sponsoring the bill in the EU assembly, also won permission to negotiate a fast-track agreement with national governments. To become law, the draft rules need the backing of the full European Parliament and EU governments.
Google Inc., based in Mountain View, California, and Facebook Inc. are among several U.S. Internet companies that have faced scrutiny in the EU for possible privacy-rule violations over their use of personal data. EU data-protection officials have pushed Google, Microsoft Corp. and Yahoo! Inc. to limit the amount of time they store search records. The same group criticized Menlo Park, California-based Facebook for policy changes that may have harmed users’ privacy rights.
In a bid to harmonize fining powers across the EU, data-protection watchdogs across the bloc for the first time would be empowered to fine companies as much as 5 percent of yearly global sales or 100 million euros -- whichever is greater, according to the draft.
To date, the heaviest penalty levied by an EU privacy regulator was a 100,000-euro fine by French authorities in 2011 for Google’s unauthorized collection of personal data for its Street View mapping service.
EU Justice Commissioner Viviane Reding in January 2012 presented plans to reform the bloc’s current rules dating back to 1995. Google and Microsoft Corp. were among companies to warn the EU in 2011 against “overly strict” data-privacy curbs that may harm technology development in the region.
“Tonight’s vote also sends a clear signal: as of today, data protection is made in Europe,” Reding said in a statement.