The European Union Is Pushing New Data Protection Laws

The continent-wide agreement enshrines the “right to be forgotten” and allows regulators to fine U.S. tech companies that misuse consumer data.

In a bid to protect consumers in an age of unprecedented data collection, European officials moved Tuesday to update a 20-year old privacy law, granting EU citizens greater control over how tech companies collect their personal information.

The new data protection rules will cover Europeans throughout the continent’s 28 member states, replacing a patchwork of national laws. The agreement compels companies like Google and Netflix to share with consumers how their data is collected and processed. The regulations also codify the “right to be forgotten,” which allows consumers to petition firms to delete outdated or irrelevant data stored about them.

“Citizens and businesses will profit from clear rules that are fit for the digital age,” said Vera Jourová, the Justice Commissioner for the European Union’s executive arm.

In the event of a serious data breach, the law would force companies to swiftly notify national authorities. It also requires that consumers aged 13–16 receive a parent’s permission before registering for social sharing services like Instagram and Snapchat.

For companies that violate the rules, which do extend to Silicon Valley heavyweights doing business in Europe, penalties are high: fines of up to 4% of a firm’s global revenue.

According to European policymakers, the new data protection rules signal not only a commitment to consumer protection, but an effort at keeping European tech companies globally competitive. They are intended to help strengthen the EU economy for digital goods and services, they say. Known as the digital single market, the initiative was announced earlier this year.

“We should not see privacy and data protection as holding back economic activities,” said Andrus Ansip, the commission’s vice president for the digital single market. “They are, in fact, an essential competitive advantage.”

The American tech industry, however, may not share this vision. Europe’s privacy protections, along with the single market, are part of what some U.S. business leaders believe is a harsh regulatory environment — protectionism disguised as consumer welfare. Facebook currently faces several privacy probes launched by authorities in Germany, France, and Belgium. And the European Commission leveled antitrust charges against Google in April.

The European parliament and national governments are expected to adopt the final text of the law at the beginning of 2016. The rules will then take effect within two years.

Skip to footer