Businesses face the potential of fines as high as €100m under new amendments put forward by MEPs on Monday night as plans to overhaul the data protection laws in Europe took another step forward
The Committee for Civil Liberties, Justice and Home Affairs backed the proposed Regulation by 49 to one, with three abstentions. The negotiations included a number of new proposals, some in response to recent spying revelations.
Notably, the MEPs agreed to a new ‘right to erasure’ that would entitle anyone to contact an internet firm and have it delete personal data from their services. The firm contacted would also have to ensure third-parties hosting that same data removed it too.
Another amendment would require firms with data hosted in Europe to obtain authorisation from the relevant national data protection organisation before complying with a request to hand over data to a non-EU country. Citizens would also have to be informed the data was being requested.
MEPs also pushed for fines of up to €100m or five percent of annual worldwide turnover, whichever is greater, if a firm breaks any sanctions under the new laws, including losing sensitive data. This is significantly higher than the Commission's proposal of €1m or two percent of worldwide turnover.
Justice commissioner Viviane Reding said that the vote and the new amendments underlined the importance those in the European Parliament place on privacy and civil liberties.
"The vote by the European Parliament's leading committee is a strong signal for Europe. It paves the way for a uniform and strong European data protection law that will cut costs for business and strengthen the protection of our citizens: one continent, one law," she said.
"The European Parliament has proven that excessive lobbying can be counter-productive. It has not only defended but strengthened the right to be forgotten for citizens – one of the central elements of the EU data protection reform.”
Bridget Treacy, managing partner and head of UK Privacy and Cyber Security Practice at law firm Hunton & Williams, said if implemented these changes would prove a headache for UK firms.
“The biggest issue for businesses will be implementing the changes required by the Regulation. The requirements seek to address the challenges of changing technology, and to harmonise data protection across the EU – no mean feat,” she said.
“Businesses in the UK are more likely to be affected by the Regulation; they will have to implement tougher measures than currently enforced, with significant cost implications.”
The new proposals may not be welcomed by the government, which is on record as favouring light-touch regulation, fearing any tougher measures could impact UK business and damage the economy.
Responding to the latest round of amendments Information Commissioner's Office (ICO) said in a statement: "We don’t necessarily embrace all the Parliament’s changes with open arms and there’s still some way to go."
The Parliament will now take on the draft proposals for further debate. The aim is to have the new laws agreed and passed by May 2014.
Some parts of Atacama have not received rainfall for 500 years - but a sudden deluge of water upset the Desert's delicate biological balance
Spitzer Space Telescope could not spot Oumuamua, suggesting that it is actually pretty small
Greenland crater one of the 25 largest impact craters on Earth
This long-sought progenitor star was identified in an image captured by Hubble in 2007