The newly approved data protection rules by the European Parliament will not only give citizens more control on sharing their personal data, but also allow uniformity on implementing data protection across all EU member states.
The new rules will replace the current EU directive on data protection, which dates back to 1995, when the Internet was still in its early stages. On this day and age when citizens have easier access to mobile devices, social networks, global transfers and Internet banking, it is imperative that citizens are given more control on how they want to share their own private information.
"Citizens will be able to decide for themselves which personal information they want to share," said Jan Philipp Albrecht, a Franco-German politician and Member of the European Parliament from the Alliance '90/The Greens.
Under the new data protection package, service companies such as social networks are expected to ensure that users would not feel obliged to divulge a lot of their personal details as a requirement prior to using the company's products and services. Users should be allowed to easily customize their privacy settings, eliminating the cumbersome method of going through several menus in order to opt out of programs and features they "involuntarily" signed up.
Companies also have the responsibility of processing the user's personal data only after getting the user's "clear and affirmative" consent. Other responsibilities include offering consumers a simple way to pull back that consent; using clear and plain language in stating the purpose of data collection; employing a data protection officer to ensure better handling of large volumes of personal data; and disclosing any breach occurrence within a 72-hour period.
Marju Lauristin, Parliament's lead MEP on the directive, said the law enforcement officials of member states are reluctant to exchange important information that is essential to dealing with the threats of terrorism and other transnational crimes.
"The data protection directive will become a powerful and useful tool which will help authorities transfer personal data easily and efficiently, at the same time respecting the fundamental right to privacy," said Lauristin.
Other provisions found in the new rules include the right to be forgotten; the right to know when the user's data was hacked; the right to transfer one's data to another service provider; and stronger implementation and a fine of up to 4 percent of a company's full annual global turnover.
All EU member states are expected to apply the provisions within their own state rules two years following the approval of the regulation.