In a bid to strengthen the European data privacy rules it is most likely that non-European companies will be held to the same standards as European companies in a bid to further protect EU consumer privacy.
The EU Justice Minister, Viviane Reding, and the German Consumer Protection Minister, Ilse Aigner, released a joint statement saying that the proposed reforms to the Data Protection Directive due at the end of January 2012 will be changed so that consumers’ privacy is protected regardless of a company’s country of origin. “We both believe that companies that direct their services to European consumers should be subject to EU data protection laws. Otherwise they should not be able to do business on our internal market.”
Reding and Aigner focused their statement not just on social networks but also on data that is stored in a ‘cloud’. They stressed that consumers should have more control over their data and stated “EU law should require that consumers give explicit consent before their data are used. And consumers generally should have the right to delete their data at any time, especially the data they post on the internet themselves.”
The joint statement leads us to conclude that both a new principle of accountability and a ‘right to be forgotten’ will be included in the revised EU data protection law. The statements are also consistent with the increased pressure for social networks, like Google and Facebook, who operate outside the European Union but target EU based consumers, to fully comply with the EU data protection laws. The pressure on such companies can also be seen as a natural progression from the investigations into their handling of personal data that have emanated from France, Germany, the UK and Ireland. To prepare for the new horizon, organisations should start by thinking about compliance.