The European Union takes privacy very seriously — and it’s trying to force companies doing business on European soil to meet its standards. But it’s not yet clear how Europe’s leaders will wrangle foreign companies into following them.
EU ministers today agreed that companies operating in Europe, including global Internet giants like Facebook and Google, must comply with Europe’s data protection rules, reports Reuters.
European regulators have been debating stricter online privacy and data protection rules since 2012, prior to former NSA contractor Edward Snowden’s mass surveillance revelations. But those disclosures sparked outrage in Europe — particularly in Germany, where the U.S. carried out broad electronic espionage — fueling and informing the lawmaking process.
“Now is the day for European ministers to give a positive answer to Edward Snowden’s wake-up call,” EU Justice Commissioner Viviane Reding told reporters in Luxembourg.
The European Parliament approved a reform package in March, though European governments have a lot to work out before the new data protection rules become law. It remains unclear when and where each of the EU’s 28 data protection authorities monitors and regulates online privacy. Some consumer groups are lobbying for Ireland, which tends to have less stringent privacy regulations than Germany and France, to become the final arbiter on privacy matters — but the final authority may not rest with a single regulator.
Whatever happens, the final policies will almost certainly be stricter than the EU’s current rules — as well as privacy rules in the U.S. They would restrict what information could be shipped overseas and would impose multimillion-dollar fines on companies that abuse Europeans’ data.