Get All Access for $5/mo

Companies to Face Tighter EU Data Restrictions Laws will force firms to report data breaches and face huge fines for misusing personal data.

By Reuters

This story originally appeared on Reuters

The European Union agreed on a sweeping overhaul of fragmented data protection laws on Tuesday that will force companies to report data breaches and face huge fines for misusing personal data.

The new law enables EU national authorities to levy fines of up to 4 percent of revenues on firms breaking the law, which could mean billions of dollars for big tech companies like Alphabet Inc.'s Google, Microsoft Corp. and Facebook Inc.

Member states and EU lawmakers have been negotiating since June to reach a compromise on the reform, which was proposed by the executive European Commission almost four years ago to replace a patchwork of national laws dating back to the 1990s.

Politicians hailed what they called a "breakthrough."

"Today everything is digital so we need rules for an enormous amount of issues and those rules have to be applicable, they have to be sensitive, they have to understandable for every normal user," said Felix Braz, minister of justice of Luxembourg, which holds the rotating EU presidency and therefore led the negotiations on behalf of member states.

Under the new data protection regulation, companies will face tighter restrictions on how they reuse Europeans' data, something that will be of concern particularly to tech companies that hold swathes of personal information and use it for advertising.

Privacy concerns over where data is stored and how it is used are rife in Europe, especially after former U.S. National Security Agency contractor Edward Snowden revealed how U.S. authorities harvested information directly from tech companies like Apple Inc and Microsoft.

Companies will have to report breaches that are likely to harm individuals to national authorities within 72 hours, something legal experts expect will reveal the true scale of data breaches in Europe.

Seeking to make operating across the 28-country EU easier for companies, the new law establishes a single regulator for multi-nationals in the country where they have their European headquarters, the so-called "one-stop shop."

However, uncertainty over how national data protection authorities will be able to cooperate will lead to years of litigation, lawyers say.

"This will come, it cannot be avoided," said Jörg Hladjk, a lawyer at Hunton & Williams.

Right to be forgotten

Businesses will have to get people's "explicit" consent to use their data -- something they have said is unwieldy when dealing with huge sets of data -- and appoint a data-protection officer to oversee privacy issues.

The regulation also enshrines the "right to be forgotten" giving EU citizens the right to have obsolete information about them deleted from the web, an issue that generated heated debate last year when Google was ordered to scrub search results appearing under a person's name.

Teenagers under 16 wishing to sign up for social networks like Facebook and Twitter Inc. will be able to do so only with their parents' permission, unless individual countries opt out and lower the threshold to 13.

Tuesday's agreement also includes a law protecting personal data shared between law enforcement authorities.

The agreement is subject to final endorsement by both the European Parliament and EU member states, expected by early next week.

(Additional reporting by Alissa de Carbonnel in Strasbourg, France; Editing by Barbara Lewis, Susan Thomas, Larry King and Lisa Shumaker)

Want to be an Entrepreneur Leadership Network contributor? Apply now to join.

Editor's Pick

Growing a Business

He Immigrated to the U.S. and Got a Job at McDonald's — Then His Aversion to Being 'Too Comfortable' Led to a Fast-Growing Company That's Hard to Miss

Voyo Popovic launched his moving and storage company in 2018 — and he's been innovating in the industry ever since.

Branding

ChatGPT is Becoming More Human-Like. Here's How The Tool is Getting Smarter at Replicating Your Voice, Brand and Personality.

AI can be instrumental in building your brand and boosting awareness, but the right approach is critical. A custom GPT delivers tailored collateral based on your ethos, personality and unique positioning factors.

Business Ideas

63 Small Business Ideas to Start in 2024

We put together a list of the best, most profitable small business ideas for entrepreneurs to pursue in 2024.

Business News

Is the AI Industry Consolidating? Hugging Face CEO Says More AI Entrepreneurs Are Looking to Be Acquired

Clément Delangue, the CEO of Hugging Face, a $4.5 billion startup, says he gets at least 10 acquisition requests a week and it's "increased quite a lot."

Business News

Apple Reportedly Isn't Paying OpenAI to Use ChatGPT in iPhones

The next big iPhone update brings ChatGPT directly to Apple devices.

Business News

You Can Now Apply to Renew Your U.S. Passport Online — But There's a Catch

The U.S. State Department officially launched the beta program this week.