The new privacy rules which the European Commission works, go much further than the current one. That was revealed in a leaked concept. Users get more rights and companies can be high fines if they infringe on privacy.
If the measures from the leaked draft of the new privacy rules definitively turn out to be, consumers have significantly more rights. So they get the ‘right’ to be forgotten, which means that companies data of consumers should be removed when that ask for it. That measure goes far: companies must then make sure that this information throughout the internet is removed, what is almost impossible in some cases, for example when third-party information somewhere else have uploaded.
Also, consumers have the right to access their data with a service provider, ask them with another provider to use them. That would mean that users information from one social network to transfer to the other. If companies information of users want to process, they should be according to the concept of pre-permission; opt-in is in many cases mandatory. That may mean that web sites advance permission to ask for gedragsprofilering to apply. That often happens to personalized ads to view.
Companies get according to the proposed new rules, more obligations. They can be high fines, up to 5 percent of the annual turnover, which is considerably more than is now possible. There will also be a reporting requirement for security where personal data are leaked. Both the regulator, in the Netherlands the Dutch dpa, as the users who are affected must within 24 hours be notified.
The rules require foreign companies in addition to the European privacy rules. A foreign power may be a company that in the European Union is active, not to force information which, in Europe are processed. That means, for example, that Microsoft and Gmail no data of European users are allowed to give it to the American government without a European court of justice or investigation about bows. Some time ago caused a lot of statements from a Microsoft employee, a lot of fuss, when that stated that it could not be excluded that that happened.
Need companies in several European countries are active, but the privacy laws of one member state. The country where the head office of the company, is the determining factor. That means that companies are not 27 different privacy laws need to keep, as is now the case. Finally, companies in the public sector or with more than 250 employees are required to privacycommissarisen.
According to ZDnet, the rules in January, was officially presented. If the new privacy rules be approved, void the old one. However, it is unclear when the privacy rules are valid; a part is included in EU-regulation, which from above can be imposed, but another part in a new EU directive by each member state in national legislation should be included.