New EU Web privacy laws would carry high fines

Web companies running afoul of laws proposed in Europe could be fined up to 2% of annual net income

New legislation proposed in Europe would impose stricter privacy regulations on Internet companies, regarding user data. Those companies that find themselves in breach of these laws would face hefty fines, up to 2% of a company's annual net income. To put that in perspective, if the maximum fines were imposed on Google, that would come to $800 million.

If approved by the 27 European member states and the European Parliament,  the proposed legislation would go into effect in late 2013.

Designed to protect choldren from online predators, the legislation still has some executives worried over how it can be enforced, and what the effect could be to their business models. Others are worried that imposing these regulations will hinder European online business practices in competition with sites based in America, where such regulations have not yet been implemented.

"The Commission had the opportunity to write a law that both protects consumers and which recognizes the reality of global data sharing and new technologies, such as social networking and cloud computing," said data protection partner at technology firm Bristows Mark Watts, to Reuters."Setting businesses an unachievable goal, whether they are European or the US technology giants that the Commission unfairly seems to be seeking to curb, is unhelpful in terms of compliance and frankly bad for consumers."

This, of course, sounds familiar in the wake of the recent SOPA/PIPA dust-up. But unlike that US legislation, which was widely decried as being grossly ignorant of how the Web works, this legislation was written after 2 years of investigating online behavior on sites like Yahoo, Facebook, and Google.

"The protection of personal data is a fundamental right for all Europeans, but citizens do not always feel in full control of their personal data," said Viviane Reding, European commissioner in charge of online privacy matters, to Reuters. "A strong, clear and uniform legal framework at EU level will help to unleash the potential of the digital single market and foster economic growth, innovation and job creation."

At the center of this legislation is something Reding calls "the right to be forgotten," or the right for individuals to request that their information be removed from online databases. However, for many online businesses, certain levels of identity tracking are a key part of the way they function. One example of this is the storage of user preferences in Amazon, as used in the tailoring of retail reconmmendations.

Another battlefront in this legislation is whether users should be asked consent to store their information, rather than having settings store user information by default. Most of the protests of this issue have come from large Web companies, which access users' Web histories.

Interestingly, one large Web company, Google, made a statement somewhat supportive of these new legislative measures. "We support simplifying privacy rules in Europe to both protect consumers online and stimulate economic growth," said Google's spokesman in Brussels, Al Verney, to Retuers. "It is possible to have simple rules that do both. We look forward to debating the proposals over the coming months."

We'll have to watch this story carefully as more details emerge, but right now the new European legislation seems to have some significant differences from SOPA/PIPA, in regards to claims of its debilitating effects on how the Web functions.

[Image Credit: Engadget]