Companies will have just 24 hours to report a data breach to their customers and the authorities under the new European data laws, due to be unveiled on Wednesday at the World Economic Forum in Switzerland.
Despite a threat of delay, and last minute deal-making, EU Justice Commissioner Viviane Reding will press ahead this week with the bill to reform the regulations.
She claims the revamp will eliminate red tape and save €2.3bn in costs, although it is likely to cost business billions to implement.
Reding has also claimed the overhaul will give European companies a competitive advantage in the world. “Personal data is the currency of today’s digital market,” she told delegates at the DLD conference in Munich. “And like any currency, it needs stability and trust. Only if consumers can ‘trust’ that their data is well protected, will they continue to entrust businesses and authorities with it, buy online, and accept new services.”
It is understood that the right “to be forgotten” is still included, although Reding stressed that it was not about deleting content from archives.
“The right to be forgotten is of course not an absolute right,” she said. “There are cases where there is a legitimate and legally justified interest to keep data in a database. The archives of a newspaper are a good example. It is clear that the right to be forgotten cannot amount to a right of the total erasure of history. Neither must the right to be forgotten take precedence over freedom of expression or freedom of the media.”
And in a clear swipe at the likes of Sony, which took weeks to inform customers about its data breach, Reding said firms must report any problems without undue delay. “As a general rule, without undue delay means for me within 24 hours,” she said.
Brussels ‘at war’ over new data laws
ICO: ‘Don’t jump gun on EU laws’
EU data law to balloon email costs
EU data row grows as ICO wades in
Vaizey: EU plans ‘unenforceable’
New laws threaten online ‘havoc’