On March 12th, in the wake of the NSA spying scandal and amidst a rising tide of public concern over digital privacy, the European Parliament approved a landmark bill designed to radically reform data protection laws.
Strict Regulations for Businesses
Passed with an overwhelming majority of 621-For/10-Against, the bill outlines strict regulations for how businesses can collect and use consumer information. Crucially, it also proposes steep penalties for companies that violate these new safeguards of digital privacy.
One of the most important measures included in the bill – and one that many feel is long overdue – requires companies to obtain explicit consent before using any of the data they collect for marketing purposes.
The bill also establishes a “Right to be Forgotten,” which would compel businesses to purge all data about any person who requests to be cleared from their system (except when that information has become public record; as it would if published in a newspaper, for example).
Reporting on Breaches within 24 Hours or Risk Penalisation
Furthermore, the bill mandates that companies must inform all relevant parties “without undue delay” whenever a security breach occurs—a time period the MPs suggest is about 24-hours, depending on the scale of the breach.
In order to meet a 24-hour time frame it is important the regulated organisation have technologies in place which allows real-time reporting and top of the range searching to protect against breaching the new regulations. The Cryoserver Email Archiving Technology builds records of who has searched and for what they searched in real time and informs independent personnel of the search immediately after the search has happened. A breach can be spotted in real time and any relevant notifications can happen well within the recommended 24 hours.
Yet even the most stringent regulations are impotent without harsh enforcement to back them up. So the bill also imposes a fine of 5% global revenue (with a minimum of €100 million) on any violating organization.
Having amended the bill’s original proposal of a 2% fine, the EU Parliament is sending a clear message that they stand behind the public’s right to privacy at a time when the increasingly pervasive web of digital technology is making it ever-harder for ordinary citizens to keep track of their online footprints.
But although many hail the move as progress in the uphill battle to regulate the rapidly evolving tech landscape, not everyone has received the bill warmly.
Adapting to the proposed laws will be expensive for those currently violating them, and the regulations will force many marketers to drastically restructure their current strategies. So a few organizations, including the Direct Marketing Association, have already been quick to decry the bill.
Welcome News for a Level Playing Field
Yet others in the business world see the legislation as a welcome change – one that levels the playing field between massive international corporations and SMEs. Cryoserver, for example – whose software helps companies safeguard data and rapidly notify customers when breaches happen – points out that increased regulation would create many new jobs in the data protection sector.
So despite the voices of dissent, the bill seems poised to benefit the public by extending our basic rights to privacy into the digital realm. But it still has a long way to go before being cemented into law.
When they meet in June, the Council of the European Union will review and probably request further amendments to the bill. The law can only go into effect after a final version is approved by both the EU Council and Parliament, which could happen as soon as 2015. In any case, if policy-makers do succeed in passing the bill, it will mark a historic development in the sphere of digital privacy. If not, the future of our online data will remain uncertain.