Under EU data privacy laws under consideration, companies like Google and Microsoft will be hit with fines that could top $1 billion USD.
The proposed laws follow a series of negligible fines received by both companies that Viviane Reding, the EU’s justice commissioner, dismissed as “pocket money.”
Indeed I have said as much in this space.
Earlier this month, Google was fined $204,000 USD for data-privacy violations (see A $204,000 data-privacy violation fine against a company worth $381 billion!) and in March of 2013, Microsoft was slapped with a $731 million fine (see EU Commission fines Microsoft $731 million, but does it really matter?).
For both tech outfits, sums like that are considered the cost of doing business. The fines needed to be such that they have an impact.
The goal of the proposed laws?:
- To create a strong data protection laws for Europe’s 500 million citizens
- Includes a clause to prevent European data being shared with another country in response to Edward Snowden’s allegations
- Sets out ways that citizens can erase their personal data – the so-called right to be forgotten
- Seeks to limit user profiling, requiring companies to explain their use of personal data and seek prior consent
- In order to comply, most businesses would need to have designated data-protection officers
According to a BBC News report, the “new proposals, currently under debate in the European parliament, aim to create a single EU regulator, which would be able to issue fines on behalf of all national watchdogs” and “would introduce fines of up to 5% of the global annual turnover of a company for data breaches.”
Those sound like good ideas to me. You may read the complete report here.
Much too little, by far too late.
Those 5% should apply for each datapoint leaked,
and they should be mandatory.