Select a region
A draft of new rules on data privacy in Europe that could see companies fined if they don’t report hacks has been approved by the European Union.
The reforms to European data laws have been four years in the making, and also include giving power to member states to raise the age of digital consent from 13 to 16.
The controversial measure was originally part of the pan-European text, but has been devolved to member countries in the final draft after concerns were raised over excluding young web users from social media and other platforms.
The new regulations aim to strengthen the data protection laws for all EU citizens, regulators say, as well as improve police and security cooperation across the 28 member states and enforce firmer punishments upon those who breach the new data rules.
Jan Philipp Albrecht, the European parliament’s chief negotiator, said that under the new rules firms breaching EU data protection laws could be fined “as much as 4% of annual turnover, for global internet companies in particular, this could amount to billions”.
The new regulations will also give EU citizens the right to know when their data has been hacked, as well as easier access to their own data and how it is processed by different companies. Rules would also be in place that would prevent companies sharing customer data without the “explicit consent” of the person concerned.
The draft reforms are expected to be approved in full next year, becoming official within two years.
News that the raising of the digital age of consent would not be enforced at EU level was met with relief in the UK. Conservative MEP Timothy Kirkhope said: “Concerns have been listened to and the UK’s age of consent will not be forced to change.”
Tony Pepper, head of data sharing firm Egress Technologies, said: “This regulation is set to really shake things up forcing companies to scrutinise how they process and handle data.
“In particular, the ruling that they must report breaches ‘that are likely to harm individuals’ has the potential to expose a swathe of breaches that are currently being swept under the carpet – and the corresponding fines are likely to be keeping a few CFOs awake at night.”
In 2015 alone, telecoms firm TalkTalk, adultery site Ashley Madison and parental forum Mumsnet were all the subject of high-profile data hacks.
