EU's data protection proposals likely to include 24-hour breach notification

The proposed new law is to be revealed on Wednesday, despite delays and criticism

After weeks of controversy, lobbying and concessions, the European Commission looks set to unveil its new data-protection proposals on Wednesday.

The reform of the 1995 Data Protection Directive is one of 2012's key pieces of legislation and has been dogged by more criticism than usual for a directive reform proposal. But over the weekend the commissioner responsible, Viviane Reding, gave more hints about its content during a speech in Munich.

Companies will be required to disclose data security breaches within 24 hours under normal circumstances, Reding said. This new rule is widely seen as a reaction to the Sony PlayStation breach last April when Sony took more than a week to inform its 77 million customers that their data may have been at risk.

However the U.S. Department of Commerce has weighed into the debate, saying that 24 hours is "simply too short," that it could lead to "massive fines" for companies and to confusing "false alarms" for consumers. Such strong criticism from a third country before the proposals have even been issued is seen as a breach of etiquette by many in Brussels.

But the draft proposals have also faced criticism from within the Commission. As a result some of the early plans have been watered down. According to leaked reports, not all identification numbers, location data, or online identifiers need to be considered as personal data. But Reding says that Internet outfits that collect and retain data about their customers will be required to explain why it is necessary to hold such information on their databases and that explicit consent must be given by the user.

The "right to be forgotten," allowing customers to request that their information be erased, and a "right to data portability," allowing customers to transfer their personal data among companies are also expected to be included in the legislative proposals.

The maximum fine for Internet companies breaching the new rules is likely to be revised, with media reports suggesting changes to the current 5 percent of global turnover, to between 1 percent and 4 percent.

The unusually high number of negative internal opinions to the draft legislation is partly a result of a significant lobbying campaign, including high-level phone calls to top level staff in the European Commission according to digital rights group EDRi. And the next couple of days are not likely to see any let-up in lobbying.

However, Wednesday's announcement will be just the first step in a long process that could last up to two years. Once the Commission puts forward its compromise proposal, it must still be approved by European Union member states and the European Parliament.

Follow Jennifer on Twitter at @BrusselsGeek or email tips and comments to

Join the newsletter!


Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.
Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Jennifer Baker

IDG News Service
Show Comments

Brand Post

Most Popular Reviews

Latest Articles


PCW Evaluation Team

Tom Pope

Dynabook Portégé X30L-G

Ultimately this laptop has achieved everything I would hope for in a laptop for work, while fitting that into a form factor and weight that is remarkable.

Tom Sellers


This smart laptop was enjoyable to use and great to work on – creating content was super simple.

Lolita Wang


It really doesn’t get more “gaming laptop” than this.

Jack Jeffries


As the Maserati or BMW of laptops, it would fit perfectly in the hands of a professional needing firepower under the hood, sophistication and class on the surface, and gaming prowess (sports mode if you will) in between.

Taylor Carr


The MSI PS63 is an amazing laptop and I would definitely consider buying one in the future.

Christopher Low

Brother RJ-4230B

This small mobile printer is exactly what I need for invoicing and other jobs such as sending fellow tradesman details or step-by-step instructions that I can easily print off from my phone or the Web.

Featured Content

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?