Data protection was originally not among the summit’s topics, but new revelations about the National Security Agency (NSA) put it on the agenda. According to a report by The Guardian, the phones of 35 world leaders, including German chancellor Angela Merkel, were monitored by the US secret service.
The new data protection EU leaders talk about does not address phone hacking, but one of the NSA’s other disputed activities: the US secret service’s massive spying on EU citizens’ online communication.
The bill passed the Libe committee (civil liberties, justice and home affairs) of the European Parliament on 21 October 2013. In order for it to become law, the EU Council of Ministers and the EU Commission have to approve the regulation.
The proposed legislation would restrict Internet companies’ rights to use EU citizens’ private data without their consent. The firms would therefore have to ask for the users’ explicit consent.
The legislation would also raise the fines for Internet companies if they break any of the laws. The companies could be forced to pay up to five per cent of their annual worldwide turnover.
However, the regulation passed by the European Parliament last week contains several changes made to the original version. Most importantly it replaced the so-called “right to be forgotten” with the “right to erasure”.
This right could significantly strengthen EU citizens’ data protection. The original draft would force Internet companies to guarantee that disputed data could not be found anywhere on the Internet.
The new bill restricts citizens to the right to enquire about their saved data and ask for erasure from companies’ servers (see German magazine Spiegel).
Internet giants opposed the “right to be forgotten”. Peter Fleischer, head of Google’s Global Privacy Counsel, wrote in a blog post: “A hosting platform can and should delete copies of material that they store on behalf of a user upon his or her request, but it cannot be expected to maintain control over other copies of the material published elsewhere online, as these are outside of the control of the hosting platform.”
The current EU regulation on data protection was passed 18 years ago and does not reflect changes in the digital landscape. This has led to differences in the data protection legislation of each EU member state.
International Internet companies, such as Google or Facebook, use the different laws to their advantage by placing their European headquarters in Ireland, the country with the weakest data legislation. The new regulation is aimed at creating EU-wide standards.
The EU citizens’ use of the Internet illustrates the scope the new legislation would have. According to the European Union, around 380.000 of the 500.000 European citizens use the Internet. Almost three quarters of European households have Internet connection. Roughly half of the European Internet users are members of social networks.