In what could be a major breakthrough for all those worried about how much of their private information is stored online without their knowledge, a new EU law could provide internet users the “right to be forgotten” by internet giants like Facebook and Google, the BBC reports.This overhaul of the European Commission’s 1995 Data Protection Directive will be proposed by the commission on Wednesday.
The new law, unveiled by the Justice Commissioner Viviane Reding at the Digital Life Design (DLD) conference in Munich, says people will have the right to ask for personal data to be deleted from internet servers, and firms will have to comply unless there are “legitimate” grounds to retain it. Firms will also be obligated to inform users and the authorities about any data lost through hacking or other breaches “within 24 hours”.
Other provisions of the bill involve ensuring companies do not use any user data without explicitly seeking permission to do so, and also inform users when and why their data is being collected, according to The Financial Times.
If approved, the law would create the first pan-EU data privacy rules, which would also be applicable to overseas companies active in the EU, even if they handled the data on non-EU servers.
While a spokesman for Reding said the law was aimed at helping young adults protect their online reputations, Microsoft and Facebook have called the bill too “prescriptive”.
Firms failing to follow the new rules could be fined as much as one per cent of their global revenue, Reuters reports.
Reding said the new law would streamline regulations and save firms around 2.3 billion euros ($3 billion) a year.
The bad news for privacy activists — as the bill will need to be approved by national governments, it could be a few years before it comes into effect.