Login Register Subscribe
Current Issue

Firms to face stiffer fines for breaking E.U. 'right to be forgotten' rules

Reprints

(Reuters) — Firms such as Google Inc. and Microsoft Corp. will face stiffer fines if they violate Europe’s “right to be forgotten” online rules, according to a draft text agreed by European Union ambassadors on Wednesday, diplomatic sources said.

E.U. member states are negotiating an overhaul of the bloc’s outdated privacy laws in a bid to make them more harmonized and relevant for the rise of the Internet.

A draft proposal from Latvia, which holds the E.U.’s rotating presidency, suggests three levels of fines for companies breaching the rules, ranging from 0.5% to 2% of a firm’s annual worldwide turnover, depending on the gravity of the data breach.

Failure to “erase personal data in violation of the right to erasure and ‘to be forgotten’ ” falls under the second category which foresees maximum fines of 1% of a firm’s annual global turnover, according to the draft.

E.U. ambassadors endorsed the fines on Wednesday, three diplomatic sources said.

Once all parts of the reform proposal have been agreed, E.U. ministers should endorse the whole text in mid-June. Following that, member states representatives can begin discussions with the European Parliament — which wants fines of up to 5% of global turnover — to find a final compromise.

The fines would give data protection authorities a much bigger stick in ensuring that E.U. data privacy rules are respected.

Under the current regime not all privacy watchdogs have the power to levy fines, and where they do, the amount is often negligible for big firms.

Google, for example, has refused to bow to E.U. regulators’ demands that it implement the “right to be forgotten” across all its websites, including Google.com.

Last year the European Union’s supreme court ordered it to remove outdated or irrelevant information from its name-search results but it is only applying the ruling across its European domains, such as Google.de in Germany, arguing that it automatically redirects users to their local website anyway.

Social network Facebook has also come under fire from several E.U. regulators for its new privacy policy, although it maintains that only the Irish data protection commissioner can police it since it has its European headquarters in Dublin.