It has long been clear that member countries of the European Union would act aggressively where social platforms were found to be intruding on individual privacy. Arguably, they've shown more mettle than the States, although the FTC recently flexed its muscles in a settlement imposed on Facebook.
Not compared with what the EU has in store for the Internet, judging by the draft directive released this week, especially the threatened penalties for infringements. The directive, which would rewrite the Data Protection Directive of 1995, requires the approval of the member counties, which would then need to pass it into law. What it contemplates, however, must be sending chills down some social media spines.
Here are the main measures:
- Consumers must be told when and why their data is being collected.
- There would be time limits on retention of data.
- Regulators would need to be notified of data theft within 24 hours.
- Companies with more than 250 employees would be required to appoint a data protection officer.
- Consumers would have the right to transfer their information from one Web platform to another platform.
- Consumers would also have the right to compel companies to erase their data.
The fines that would be imposed in the event of infringement are meant to hurt -- up to 2 percent of annual turnover, which, in the case of giants like Google and Amazon, could run to hundreds of millions of dollars.
The impetus toward more openness about data collection practices mirrors the developing attitude toward Internet privacy in the States, as reflected by the FTC's dealings with Facebook. What is novel about the European approach is the apparent presumption that users continue to own their personal data, even after it has been posted. The concept of a Facebook user being able to pack posts, photos, and videos and transfer them to Google+ ought to give Mark Zuckerberg cold sweats.
Even though imposing a single standard for data management across the European market should in some respects simplify compliance, some are already protesting that the directive would create an unnecessary burden on the enterprise. Thomas Boue of the Business Software Alliance, for example:
The risk in the proposal's current design is that it will bog down companies with onerous compliance obligations, which could inhibit digital innovation at the expense of job creation and growth.
Passing the directive is not going to be a slam dunk. The Internet giants, perhaps buoyed by their success against SOPA/PIPA, are not going to come quietly. Microsoft and Google are arguing that the proposals are unworkable as drafted, and the UK has yet to get on board with the process.
In a statement, the UK's Information Commissioner's Office welcomed many elements of the proposal but warned that "in a number of areas the proposal is unnecessarily and unhelpfully over prescriptive," failing "to properly recognise the reality of international transfers of personal data in today's globalised world."
It would surely be a miracle if lawmakers were to draft an Internet proposal that made complete technical sense the first time around, but if Google, Facebook, and the rest of the crowd think that consumers -- especially Europeans -- are going to believe that this one will "break the Internet," they should wake up and smell the cafe.
— Kim Davis , Community Editor, Internet Evolution