New European data laws to be announced on Wednesday: Facebook, Google face tough times

Summary:Europe's new data protection laws are set to be announced on Wednesday. Despite the details leaking last year, Facebook, Google and other Web companies are still in for a shock.

The next version of Europe's data protection laws are set to be formally announced by Viviane Reding, the European Commissioner for Justice, on Wednesday at the World Economic Forum in Switzerland.

The new laws, set to be ratified by member states by 2014---2015, will include harsh new penalties for companies that flout the laws, as well as patching transatlantic flaws between U.S. law and existing European law, including legal overlaps such as those made by FISA and the USA PATRIOT Act.

Though a late-November 2011 draft of the new laws were leaked, and a lot has remained the same, many of the details have been revised. Many Web companies will also feel the heat, even if they are not headquartered in Europe.

ZDNet uncovered last year that the Patriot Act can be invoked on U.S.-headquartered companies, like Microsoft, Google, and Apple, forcing their Europe-based subsidiaries to hand over European data back to U.S. intelligence and law enforcement.

Gordon Frazer, managing director of Microsoft UK, admitted to ZDNet at the Office 365 launch in London that "no company" could guarantee European data will not leave Europe under any circumstances, even under a request by the Patriot Act. This validated over a year's worth of research.

Late last year, ZDNet received a copy of the draft European Union Data Protection Directive, version 56, dated November 29th, 2011. Measures included the "right to be forgotten" allowing the more fluid exporting of data, and increased accountability for cloud-service providers to fall under many of the same obligations as organisations that outsource their data.

Sources in the European Parliament told me that although the document was "close to being finalised", the framework of the new laws were installed in the document, and only "minor revisions would be made". Sources also confirmed that the draft laws would be revealed at the upcoming World Economic Forum.

The document outlined penalties that could enable the European Commission to impose fines of up to 5 percent of a company's global financial turnover. This could amount to billions of euros if major firms, such as Google or Facebook were found to break the new laws. But Reuters report that this figure was brought down in later revisions of the draft laws to two percent, or even lower to one percent.

Currently, the bar is set in Europe's antitrust fines. A company can be fined up to 10 percent of its global annual turnover should it be in breach of Europe's antitrust laws.

Such Web firms, like Google and Facebook, have set up opposition to the new laws which could threaten how they function in the European region. Because they operate within Europe, they are bound by European laws, as well as the laws of their often U.S.-headquartered offices.

In a previous interview with The Register, Reding was notably hostile towards the practices of Facebook, saying that the company "has nowhere to hide".

"EU law should require that consumers give their explicit consent before their data are used. And consumers generally should have the right to delete their data at any time, especially the data they post on the Internet themselves".

Live coverage on the announcement of Europe's new data protection laws will be announced here on Wednesday.

Image source: Flickr.

Related:

Topics: Storage, Data Centers, Data Management

About

Zack Whittaker writes for ZDNet, CNET, and CBS News. He is based in New York City.

zdnet_core.socialButton.googleLabel Contact Disclosure

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.