EU Data Protection Proposals Worry Tech Giants

The European Commission has recently gained a reputation as the tip of the spear when it comes to evolving data privacy mandates in the digital age. The latest round of proposed reforms have only fueled further debate as legislators attempt to strengthen personal data security without presenting an undue burden on the business community.

Proposed amendments
The saga began in January 2012 as the European Commission unveiled a draft proposal that would represent the region's first large-scale changes to data privacy legislation since 1995 and bring member states into closer administrative alignment. According to The New York Times, one of the most important introductions was a citizen's "right to be forgotten," promoting simple and transparent transfer of private data from one online service to another. What's more, the penalties for data compliance violations could climb as high as 2 percent of the infringing company's annual revenues.

This week, German delegate Jan Phillipp Albrecht attached even stronger recommendations, suggesting that more websites should have default settings which limit data collection and promote privacy from the start.

"The use of default options which the [citizen] is required to modify to object to the processing, such as pre-ticked boxes, does not express free consent," the draft proposal stated.

Critical response
As expected, this motion has ruffled the feathers of ecommerce companies for whom data is power. According to Wired, the data portability provision could be particularly concerning for companies like Facebook and Google, as the time and money they spend establishing interoperable formatting could very well assist a user in taking business to a competitor. Also, the stronger stance on data profiling could directly inhibit vital income streams associated with online advertising.

"Properly advised U.S. tech companies will understand the political landscape here," privacy law expert Stewart Room told the news source. "They will know that we are reaching a very delicate stage in the process and influence over it will not be achieved through shouting down the Albrecht report."

Companies will surely be pushing for greater specificity in the legislative terms, according to the Times, as vague language currently leaves phrases such as "without hindrance" open to commercial interpretation. In any case, it is not an issue companies can afford to ignore. If nothing else, the severity of data compliance fines should be enough to warrant attention and promote more productive conversations on how private data can be protected without curbing business prospects.