The next version of Europe's data protection laws are set to be formally announced by Viviane Reding, the European Commissioner for Justice, on Wednesday at the World Economic Forum in Switzerland.
The new laws, set to be ratified by member states by 2014---2015, will include harsh new penalties for companies that flout the laws, as well as patching transatlantic flaws between U.S. law and existing European law, including legal overlaps such as those made by FISA and the USA PATRIOT Act.
Though a late-November 2011 draft of the new laws were leaked, and a lot has remained the same, many of the details have been revised. Many Web companies will also feel the heat, even if they are not headquartered in Europe.
ZDNet uncovered last year that the Patriot Act can be invoked on U.S.-headquartered companies, like Microsoft, Google, and Apple, forcing their Europe-based subsidiaries to hand over European data back to U.S. intelligence and law enforcement.
Gordon Frazer, managing director of Microsoft UK, admitted to ZDNet at the Office 365 launch in London that "no company" could guarantee European data will not leave Europe under any circumstances, even under a request by the Patriot Act. This validated over a year's worth of research.
Late last year, ZDNet received a copy of the draft European Union Data Protection Directive, version 56, dated November 29th, 2011. Measures included the "right to be forgotten" allowing the more fluid exporting of data, and increased accountability for cloud-service providers to fall under many of the same obligations as organisations that outsource their data.
Sources in the European Parliament told me that although the document was "close to being finalised", the framework of the new laws were installed in the document, and only "minor revisions would be made". Sources also confirmed that the draft laws would be revealed at the upcoming World Economic Forum.
The document outlined penalties that could enable the European Commission to impose fines of up to 5 percent of a company's global financial turnover. This could amount to billions of euros if major firms, such as Google or Facebook were found to break the new laws. But Reuters report that this figure was brought down in later revisions of the draft laws to two percent, or even lower to one percent.
Currently, the bar is set in Europe's antitrust fines. A company can be fined up to 10 percent of its global annual turnover should it be in breach of Europe's antitrust laws.
Such Web firms, like Google and Facebook, have set up opposition to the new laws which could threaten how they function in the European region. Because they operate within Europe, they are bound by European laws, as well as the laws of their often U.S.-headquartered offices.
In a previous interview with The Register, Reding was notably hostile towards the practices of Facebook, saying that the company "has nowhere to hide".
"EU law should require that consumers give their explicit consent before their data are used. And consumers generally should have the right to delete their data at any time, especially the data they post on the Internet themselves".
Live coverage on the announcement of Europe's new data protection laws will be announced here on Wednesday.
Image source: Flickr.
- ZDNet: European data protection law proposals revealed
- Microsoft admits Patriot Act can access EU-based cloud data
- EU demands answers over Microsoft’s Patriot Act admission
- European Commission stonewalls Parliament over Patriot Act fears
- European companies ‘need confidence’ over Patriot Act concerns
- Europe wants unified privacy approach: One data protection law, one single authority
- Patriot Act affects European cloud adoption
- Facebook rebuked by EU privacy platform; Patriot Act a ‘distraction’?
- How universities got it so wrong over Patriot Act outsourcing
Also read ZDNet’s Patriot Act series:
- Summary: ZDNet’s USA PATRIOT Act series
- Part 1: USA PATRIOT Act and the controversy of Canada
- Part 2: Safe Harbor: Why EU data needs ‘protecting’ from U.S. law
- Part 3: How the USA PATRIOT Act can be used to access EU data
- Part 4: USA PATRIOT Act: The myth of a secure European cloud