Social media sites like Facebook and Google that are based in the United States but have a presence in Europe must comply with stricter online privacy and data-protection rules being planned for the European Union, the region’s justice commissioner, Viviane Reding, has announced.
Declaring that all companies targeting European consumers “must comply with EU rules,” Commissioner Reding said, more specifically, that, “Privacy standards for European citizens should apply independently of the area of the world in which their data is being processed.”
In other words, companies like Facebook and Google outside the 27-nation strong European wall must begin changing their own privacy practices now to continue working from within Europe.
And, although she did not mention Facebook or any other popular U.S. social network sites by name, it was clear where her targets lie.
“A U.S.-based social network company that has millions of active users in Europe needs to comply with EU rules,” she said. “To enforce the EU law, national privacy watchdogs shall be endowed with powers to investigate and engage in legal proceedings against non-EU data controllers whose services target EU consumers.”
Reding’s shot at some of American Internet user’s favorite sites builds on the overhaul of the EU’s 16-year-old data-protection policies she first proposed last November to address online advertising practices and social networking sites.
The proposal addresses the type of online advertising practices that have also been a target of U.S. legislation, calling for stricter sanctions, including criminal penalties, and giving consumer groups the option to file lawsuits.
The revised rules will force online advertisers to offer Europe’s Internet users an ‘opt-in’ policy for targeted advertising, rather than forcing consumers to take extra measures to ‘opt-out.’
It should be up to companies to prove why they need to keep user data, such as search records, rather than Internet users having to prove why collecting their data isn’t justified, the commissioner noted.
Reding also wants to give users the right to delete personal data they no longer want accessible or public on websites like Google and Facebook.
The speech marked the first time Reding has addressed how the new rules would affect U.S.-based firms.
The U. S. has lagged far behind the European Union when it comes to online privacy standards since 1998 when the EU’s strict data protection rules were first applied across all European countries.
But, the strong comments from Redding came in the same week that both the White House and Congress made their most bold comments yet calling for tougher online privacy regulations in the United States.
The Obama administration for the first time formally announced its support for a data privacy bill of rights that would bring America closer in line with how Canada and Europe protect their citizens’ rights to privacy.
The announcement came from the White House’s point person on communications policy, Commerce Department Assistant Secretary Lawrence Strickling, at a hearing before the Senate Commerce Committee.
Strickling said the White House wants Congress to enact legislation offering “baseline consumer data privacy protections,” which he said are needed to protect personal data in situations not covered under current law. He and FTC Chairman Jon Leibowitz both also called for a Do-Not-Track system to be implemented to protect consumers from unknowingly having their data released to online advertisers.
In Congress, no fewer than seven bills have been introduced or proposed as related to online privacy, including a bi-partisan measure in the Senate that would create the nation’s first comprehensive privacy law and a measure in the House that would mandate a Do-Not-Track system to be overseen by the FTC.
For social networks like Facebook, and for social media users, the result is a waiting game to see both what action Congress takes and how exactly the proposed European Union regulations will be enforced.
Reding has so far not offered any specifics on how the EU would impose its regulations on U.S.-based sites, saying only that the Commission would give greater enforcement powers to national regulators to make the change work.