The European Commission (EC) wants all companies that store data on European citizens, whether based in the EU or not, to be subject to an updated version of the Data Protection Directive due to be unveiled in January.
Businesses without offices or equipment in the EU can currently circumvent European law, as the original directive created in 1995 does not include provisions that could have foreseen the growth of the internet and cloud services.
EU justice commissioner Viviane Reding and EC vice president Ilse Aigner met in Brussels on Monday to discuss the new directive, and outlined their desire for the law to compel any firm interacting with EU citizens to adhere to EU regulations.
"We both believe that companies who direct their services to European consumers should be subject to EU data protection laws. Otherwise, they should not be able to do business in our internal market," they said.
"This also applies to social networks with users in the EU. We have to make sure that they comply with EU law and that EU law is enforced, even if it is based in a third country and even if its data is stored in a 'cloud'."
Furthermore, the politicians said that consumers should have more rights to protect their data, such as being able to provide explicit consent before any data is used by businesses and having the right to delete their data at any point.
"Consumers in Europe should see their data strongly protected, regardless of the EU country they live in and regardless of the country in which companies that process their personal data are established," they said.
Small Texas cable firm alleges foul play
Facebook will join fores with UK NGOs to tackle hate speech on the social network
A survey of local authorities has found that they face challenges in the areas of data, compliance and mobility.
More than 800,000 home users could be affected