- Poll says 72% of Europeans are concerned about how companies use personal data
- Viviane Reding: The current data protection rules in Europe are badly outdated
- Reding: I propose new online privacy rules that will help both consumers and businesses
- Reding: Our confidence in a digital future will depend on how well we protect personal data
Today, we live in a world of breathtaking possibilities. We can send instant messages to our loved ones on the other side of the world at the tap of a finger. We can share vacation photos with friends in real time. We can entrust our private data to a cloud service provider without having to worry about storage space.
All this technological advancement helps drive innovation, growth and job creation. In Europe, we are embracing these changes. But alongside progress, we are faced with new regulatory challenges.
In a recent poll, 72% of Europeans said they are concerned about how companies use their personal data
. Worries about online privacy are one of the most frequent reasons for why people don't buy goods and services on the Web. Our confidence in a digital future will depend on whether we know that our data will be safely protected.
Consumers are not the only ones concerned; businesses are, too. Companies have to navigate 27 sometimes contradictory data protection rules across the 27 European Union countries. The current rules are antiquated; they were drawn up in 1995 and predate the widespread use of the Internet.
That is why, last month, I proposed reforming the data protection rules
. Our goal is to make the common market for European goods and services more accessible to businesses and consumers, boost our economy and set an international standard for online privacy.
In Europe, the protection of personal data is a fundamental right. This right is clearly stated in the European Union Treaty
. To make this right effective, people need to be in control of their own data.
So, what will the new rules do?
First of all, people need to be informed about how their data will be used in clear and simple language: what data are collected, for what purposes and for how long they will be stored. People need to be able to make an informed decision about what to disclose, when and to whom.
Second, people have to give explicit consent before their personal data -- contact lists, photos or e-mails -- are used. Companies cannot use it for purposes other than what was agreed upon.
Third, people will have better control over their own data. They need to be able to access their own data, to easily take them to another provider or have them deleted if they no longer want them to be used. This is what I call the right to be forgotten. We want to clarify that people shall have the right -- and not only the "possibility" -- to withdraw their consent.
Finally, individuals must be swiftly informed when their personal data are lost, stolen or hacked. Online security breaches affect millions of people around the world. Companies must inform the data protection authorities and the people affected right away, preferably within 24 hours.
But the new European Union rules are not only about helping consumers. They will also help businesses in three key ways. First, they create legal certainty by replacing the current patchwork of laws in Europe with a single set of rules for all 27 European Union countries.
Second, the regulatory environment will be simplified by cutting out red tape when we introduce a one-stop shop for businesses to deal with regulators. In the future, companies will have to deal only with the data protection authorities in the European Union country in which they are based. This will reduce administrative burdens and will save businesses about €2.3 billion a year.
Finally, the new rules will provide clarity for international data transfers. Personal data can be collected in Berlin and processed in Bangalore. We should improve the current system of binding corporate rules to make these types of exchanges less burdensome and more secure.
The end result is that companies will be able to sell goods and services under the same data protection rules to the entire European Union, a market of 500 million people
. What a great business opportunity.
These new rules are designed to stand the test of time. They will give people control of their own personal data while making life easier for companies as well.
Online privacy and personal data protection is a global challenge. As Europe tackles reform, I hope these proposed rules will inspire other countries that are grappling with privacy issues, like the United States.