Web users to get ‘right to be forgotten’
Companies could face huge fines for not complying.
Ireland will be at the centre of the EU-wide rules because some major players — such as Google, Facebook, LinkedIn, Microsoft and Apple — are based in the country. However, it will present Ireland with an opportunity to hold on to such multinationals, according to deputy data commissioner Gary Davis.
The “right to be forgotten” rule will be important, especially for young people who may have put information about themselves on social networking sites that could later prove embarrassing during a job interview.
As well as people being able to delete their data if there is no good reason for retaining it, users will have to give explicit consent for their data to be processed.
The public will also be able to transfer personal data from one service provider to another more easily.
If data is stolen or lost, those affected and the national authority must be advised as soon as possible, preferably within 24 hours.
Up to now, it has taken weeks for people to be told that their medical or other personal records have gone missing.
The rules will apply to any data involving the EU’s 500m citizens, irrespective of where it is processed.
Serious breaches, such as processing data without a person’s consent, could cost companies up to €1m, or a maximum 2% of their global annual turnover.
Fines for offences such as charging for requests from a user seeking their own data begins at €250,000, while there will be a minimum penalty of €500,000 or 1% of turnover for not providing the information.
The single set of data protection rules across the EU will cut the cost of doing business for companies by an estimated €2.3bn a year. Bypassing red tape will save a further €130m a year.
Companies will have to deal only with the data protection authority of the state in which they have their main base, rather than 27 states as at present.
EU justice commissioner Viviane Reding cited a case involving Ireland where Austrian students wanted to see all the data Facebook had stored about them. Such cases, she said, could be dealt with more easily under the new regulations.
Facebook agreed to make changes after the Irish commissioner completed an audit last month and said users should have much greater control over how their information was used. Facebook Ireland has responsibility for all countries except the US and Canada.
Draft legislation on the use of data by police and judicial authorities has also been proposed to ensure the same rules and data protection laws are applied by all EU countries.
CONNECT WITH US TODAY
Be the first to know the latest news and updates
