What’s $138,050,000 or 5% of Annual Global Turnover? The Fine Companies Face if the European Parliament Passes Data Protection Measure.
So, how did the EU arrive at an odd fine of $138,050,000? In Euros the amount rounds off nicely to €100 million. Okay, not so nicely for companies that could fall afoul of the proposed law debated by the European Parliament.
Actually the way the law is structured, the penalty is either €100 million or 5 percent of annual global turnover – depending which one is the greater. Even for companies like Apple, Google and Facebook that’s a big “ouch.”
Writing on the Irishtimes.com, Elaine Edwards laid out what the proposed legislation would mean:
Companies such as Google, Facebook and Apple – which have their European headquarters in Ireland – may be forced to seek clearance from data protection authorities before handing over the personal data of their users to security agencies outside Europe. Gee, wonder what agencies they could possibly be referring to.
The civil liberties (LIBE) committee of the European Parliament…backed the measure as part of a draft new data protection regulation, which has been the subject of intensive negotiations and lobbying since it was first proposed last year.
The committee said the major overhaul of current EU data protection rules aimed to put people in control of their personal data while at the same time making it easier for companies to move across Europe.
MEP (Member of European Parliament) Jan Philipp Albrecht, who is responsible for steering the regulation through the European Parliament, said stronger safeguards for transfers of personal data to non-EU countries had been inserted into the draft regulation as a response to mass surveillance cases.
Facebook and Yahoo last month joined Google and Microsoft – which also have major operations here – in asking the US Foreign Intelligence Surveillance Court to legally allow them to make public the data requests received from the National Security Agency as part of the Prism (program). The existence of the (program) and the vast scope of surveillance carried out by the agency on private citizens was disclosed by fugitive whistleblower and former NSA contractor Edward Snowden.
MEPs also inserted a requirement that explicit consent must be obtained from individuals before their data is processed, a right to have their data erased (previously framed as a “right to be forgotten”), and proposed bigger fines for firms that break the law.
A mandate to enter negotiations on the draft with the European Council was passed by 54 votes to 1 with 3 abstentions. “This…vote is a breakthrough for data protection rules in Europe, ensuring that they are up to the challenges of the digital age,” Mr Albrecht said.
“This legislation introduces overarching EU rules on data protection, replacing the current patchwork of national laws” the German Green MEP added.
“Parliament now has a clear mandate to start negotiations with EU governments. The ball is now in the court of member state governments to agree a position and start negotiations, so we can respond to citizens’ interests and deliver an urgently-needed update of EU data protection rules without delay. EU leaders should give a clear signal to this end at this week’s (European Council) summit.”
Mr. Albrecht said the protection of European citizens’ personal data remained a key issue. “Member states and the council must move fast now. It is their turn to act. The EU’s heads of state and government will have an excellent opportunity to show their decisiveness at the next meeting of the European Council in a few days. We are all waiting for this.”
Under the adopted text, if a third country requested a company (such as a search engine, a social network or a cloud provider) to disclose personal information processed in the EU, the firm would have to seek authorization from the national data protection authority before transferring any data.
Mr. Albrecht said the committee had “voted to make clear that it is exclusively EU law that applies to EU citizens’ private data online regardless of where the business processing their data has its seat”.
After the vote, groups representing the technology industry pressed European leaders to oppose some of the measures.
John Higgins, director general of DigitalEurope, which represents companies including Apple, Microsoft and IBM, urged member states to look critically at it. “Rushing through a half-baked law risks throwing away a vital and much needed opportunity to stimulate economic growth,” he said.
(The committee also) approved a draft directive on processing data in relation to crime. It would replace a 2008 framework decision on cross-border processing of data in police and judicial cooperation.
European leaders…(will) … focus their discussions on using technologies to drive economic growth and create jobs. They also plan to acknowledge a need “to foster the trust of consumers and businesses in the digital economy”.
MEPs hope to reach final agreement on the data protection regulation before the European Parliament elections in May next year.
ThreatMetrix secures Web transactions against account takeover, payment fraud, identity spoofing, malware, and data breaches. The ThreatMetrix Global Trust Intelligence Network, which analyzes 500 million monthly transactions, provides context-based authentication and Web fraud prevention to help companies accelerate revenue, reduce costs and eliminate friction. ThreatMetrix protects more than 1,900 customers and 9,000 websites across a variety of industries, including financial services, enterprise, e-commerce, payments, social networks, government, and insurance. For more information, visit www.threatmetrix.com or call 1-408-200-5755.