Photo Source: Recent developments in European Consumer Law
Data protection is becoming more important as people are finding more ways to steal financial data, hack into webcams on computers, and even stealing images and use them for porn sites as discussed in Peter LaGreca’s article. The EU is responding to this by trying to pass legislation that would force global technology companies to obey European data protection standards, regardless of where the service comes.
Only last year the European Commission, the EU’s executive arm, proposed to set common data protection and privacy rules across the entire union. This new proposal intends to set even higher protection standards with violators risking a fine of up to 2 per cent of their global annual revenues.
U.S. companies, such as Google and Facebook, have been lobbying the European Parliament to grant them an exemption to the legislation. Erika Mann, Facebook’s head of EU policy said, [w]e are concerned that some aspects of the report do not support a flourishing European digital single market.” Eduardo Ustaran, the London-based head of the privacy and information group at law firm Field Fisher Waterhouse, said, “[w]hat was already a very complex piece of draft legislation has become by far the strictest, most wide-ranging and potentially most difficult to navigate data protection law ever to be proposed.”
However, the EU is unconvinced by these arguments. Viviane Reding, EU commissioner for justice, said, “[e]xempting non-EU companies from our data protection regulation is not on the table… [d]ata protection is a fundamental right in Europe…”
Peter Olson, a member of the Industry Coalition for Data Protection, points out that the negotiations between U.S. companies and the European legislator should be focused on creating “fair, balanced but yet progressive legislation” and that the proposal “should not be obstructed by politics or attempts to antagonize regions of the world and pit corporations against one another, as this would be a sure path to regulatory failure and economic contraction.”
After seeing the various opinions on the proposal, what is your opinion on the appropriate amount of protection for personal data? At what point do the protection policies become so extensive as to constrict the growth of business? What is the minimum amount of protection that should be guaranteed so as to allow consumers to have confidence in their use of the Internet? Should these data policies be enforceable regardless of the location of the business or should it be up to the country in which the business is located to provide for the protection of users?