(CN) – The European Commission wants companies to pay dearly if they ignore new rules for online data protection proposed Wednesday.
Europe’s last set of data-protection laws came in 1995, when just 1 percent of its population used the Internet.
The proposed reforms, which now go to the European Parliament and the union’s 27 member states for debate, would create one rule for the protection of personal data, such as email and banking information, across the union. It would place more responsibility on companies for protecting their customers’ privacy.
Companies would be required to inform a national supervisory authority right away of any security problem, and those authorities would be empowered to fine companies that break the rules. Penalties could be as high 1 million euros or up to 2 percent of a company’s global annual turnover.
The plan supports the “right to be forgotten,” which allows people to delete their data if there’s no reason for a company to keep it. And it would strengthen the “right to portability,” making it easier for consumers to move their data from service provider to another.
Having one set of rules for all member states will cut down on administrative costs and save companies about 2.3 billion euros a year, EU Justice Commissioner Viviane Reding said.
“Today, vast amounts of personal data are transferred and exchanged, across continents and around the globe in fractions of seconds,” Reding said in statement. “The protection of personal data is a fundamental right for all Europeans, but citizens do not always feel in full control of their personal data. My proposals will help build trust in online services because people will be better informed about their rights and in more control of their information. The reform will accomplish this while making life easier and less costly for businesses. A strong, clear and uniform legal framework at EU level will help to unleash the potential of the Digital Single Market and foster economic growth, innovation and job creation.”