The European Commission launches Wednesday a controversial bid to compel Internet giants such as Google or Facebook to give users more control over their personal data or face fines.
The proposal championed by EU Justice Commissioner Viviane Reding would force web companies to get consent from customers to collect their data, explain how it will be used, and allow users to totally erase their information.
Failure to comply could cost a company a fine of up to one million euros ($1.30 million).
“Personal data is the currency of today’s digital market. And like any currency it needs stability and trust,” Reding, who will unveil draft legislation later Wednesday, said in a speech in Munich on Tuesday.
“Only if consumers can trust that their data is well protected, will they continue to entrust businesses and authorities with it, buy online, and accept new services.”
With each country in the 27-state European Union enforcing its owndata protection laws, Reding’s legislation would create a single EU law that would apply to all nations as well as companies offering services in Europe, even if their servers are overseas.
But privately some EU officials say Reding’s legislation is too complex and ambitious to enforce in a world of companies with global reach.
The Luxembourg politician had to modify initial proposals because some provisions were “impossible to put into practice,” said a source close to the matter.
The fines, for instance, would be capped at one million euros instead of being calculated according to a company’s turnover, the source said.
Reding wants national data protection authorities to have the power to deal with complaints, carry out investigations and impose sanctions.
“This will give the legislation the necessary teeth so the rules can be enforced,” she said.
Companies, for their part, would have to appoint a data protection officer, a requirement that already exists in Germany.
But a commission official said the proposed rules would be complicated and costly for some companies.
“You can’t impose the same rules on Facebook and a small company,” the official said.
Reding’s goal is to give people greater control over their information in an era of social networking websites and “cloud” computing, technology allowing people to store pictures, documents and other data online.
Another innovation would allow consumers to take data from one website, say Facebook, and move it to another like Google+.
She also wants to give people “the right to be forgotten” by allowing them to make their data vanish from the web.
“The Internet has an almost unlimited search and memory capacity. So even tiny scraps of personal information can have a huge impact, even years after they were shared or made public,” she said.
“It is therefore important to empower EU citizens, particularly teenagers, to be in control of their own identity online.”