PARIS — A top lawmaker on Tuesday proposed harmonizing European Union privacy rules so that an Internet company could operate across the 27-country bloc as long as its data protection policies had been approved by a single member state.
Viviane Reding, vice president of the European Commission, said unnecessary hurdles created by privacy rules that date to 1995, when the Internet was in its infancy, were costing companies €2.3 billion, or $3.1 billion, a year as regulators in 27 different nations applied their own rules.
Ms. Reding acknowledged the apparent incongruity of discussing the harmonization of E.U. rules at a time of extreme discord within the bloc over economic policy, with debt woes straining the ties that bind together the euro zone. But she said an overhaul of the privacy regulations was crucial to increasing the competitiveness of the European economy to help it surmount the crisis.
“I think I am persuaded that while bringing member states out of their debt crises, we have to do everything we can to help our companies grow,” Ms. Reding said during a speech to privacy lawyers and other data protection professionals in Paris.
Ms. Reding said she planned to detail her plans in January in what is expected to be a sweeping overhaul of the 16-year-old Data Protection Directive. Internet companies, which would be most immediately affected by the new rules, have been urging E.U. lawmakers to simplify the existing practice, and mostly welcomed her proposals Tuesday.
“Even more important than the specific regulations is that they need to be the same across the E.U.,” said Peter Fleischer, global privacy counsel at Google.
While praising this aspect of Ms. Reding’s approach, U.S. Internet companies are worried about some of the specifics.
During a separate speech, Ms. Reding said Tuesday that she wanted to give users of social networks and other Web services greater control by, for example, letting them delete personal data or move it to other sites more easily. Companies like Facebook have generally resisted such proposals, fearing this could undermine the development of services like targeted advertising, which relies on the mining of consumer data.
“Individuals should be well informed about privacy policies and their consent needs to be specific and given explicitly,” Ms. Reding said.
Ms. Reding said that under her proposal for uniform, E.U.-wide privacy rules, the data protection officials in individual countries would have to be granted greater power to enforce these laws and to impose penalties on violators. Under the existing system, privacy officials in some countries can only make recommendations.
Jacob Kohnstamm, chairman of a panel that advises the commission on privacy issues, said the Union needed data protection authorities that were “able to bark and bite.”
Mr. Kohnstamm urged the commission to draft the new privacy rules through regulation, a measure that would give E.U. member states little wiggle room in their implementation of the law, rather than via a directive, like the current law, which creates more latitude.
Ms. Reding did not address this issue, but she did reiterate that the new rules would apply to any company operating in the Union, even if it were based outside the bloc. This could create conflicts between the rules in the Union and other jurisdictions, like the United States, where data protection regulations are also under review.
“It does not seem logical to say that data held by a European company is adequately protected while it is inside the borders of the European Union, but not when it is transferred to a different part of that same company in Asia or South America, even if safeguards are put in place,” Ms. Reding said.
Ronald Zink, chief operating officer for E.U. affairs at Microsoft, said that harmonizing policies internationally might be just as important as doing it within the Union, but added: “I think the E.U. data protection laws can be a beacon for the U.S. and around the world. They do a lot of things right.”
Article source: http://feeds.nytimes.com/click.phdo?i=259dbd493d2bed8b5bed7891ae7f834e