Businesses found in breach of the new European Union data laws could face fines of up to 10% of their global turnover, according to reports, potentially running into billions of pounds for large multinationals.
The threat, revealed in yet another leak of the proposals for a revamp of the EU Data Protection Act, would bolster the EU’s powers on combating data protection breaches. For Google, which this year recorded an annual turnover of $9.4bn, any fine could top $950m for each breach.
The rules would give the EU similar powers in policing privacy to those it wields in competition matters, where it can levy fines of up to 10% of turnover for antitrust violations. Brussels’ competition powers have resulted in fines of €1.1bn ($1.5bn) and €899m for Intel and Microsoft.
Companies would have 24 hours to notify data protection authorities and the effected parties in cases where private data is compromised. By ensuring the rules also apply to foreign groups’ European subsidiaries, the new rules will force global companies to strengthen their data policies.
The proposals have triggered intense speculation within the EU, even though they are unlikely to be unveiled until January and will take at least two years to implement. The most contentious issue – the right to be forgotten – has already come under fire for being unenforceable. Meanwhile, the UK data watchdog, the Information Commissioner’s Office, has urged caution over the issue, claiming it is not too late for business groups to lobby the EU.
Related stories
ICO: ‘Don’t jump gun on EU laws’
EU data law to balloon email costs
EU data row grows as ICO wades in
Vaizey: EU plans ‘unenforceable’
New laws threaten online ‘havoc’
