The European Union's Justice Commissioner Viviane Reding has said that data-protection authorities in the EU must have greater powers to enforce privacy rules across the 27 member states.
In a speech given at the American Chamber of Commerce to the European Union, Reding said that companies that operate in several member states are currently forced to abide by 27 different interpretations of the region’s rules on privacy. She added that the administrative burden associated with this fragmentation costs businesses an estimated €2.3 billion (£2bn) per year.
“They need... a 'one- stop-shop' when it comes to data protection matters – one law and one single data protection authority for each business; that of the member state in which they have their main establishment,” she said.
Reding's comments come as the European Commission prepares to reform the 1995 Data Protection Directive, in order to address new issues raised by online advertising, social-networking and cloud computing. This will have a major effect on how data privacy issues are treated in the European Union and beyond.
For example, the Directive will include measures to prevent social networks such as Facebook “eavesdropping” on its users to gather information about their tastes, interests, political opinions and religious beliefs, in order to deliver targeted advertising. Businesses will have to inform users of exactly what data about them is being collected, for what purpose, and how it is stored.
Reding's comments also follow calls from the recently formed Industry Coalition for Data Protection (ICDP) to establish a coherent and harmonised framework for data protection in the EU.
The ICDP, which brings together eleven industry associations including the Business Software Alliance and DigitalEurope, said that this approach will preserve the fundamental right of citizens to privacy.
“The revision of data protection rules in the EU should enhance harmonisation and provide the legal certainty which will help deliver a fully functioning Single Market”, said John Higgins, Director General of DigitalEurope, speaking on behalf of the ICDP.
“In its effort to stimulate innovation and enable the EU to deliver on the promises of growth and jobs, Europe must encourage and enable companies to compete on the global stage by streamlining and simplifying the EUs international data transfer rules,” he added.
The new Data Protection Directive is expected to be formally published in February. As well as new measures, it may also include stricter sanctions, such as criminal penalties, and the option for consumer groups to file lawsuits.