EU commissioner calls for larger data breach fines

Filed Under: Featured, Law & order, Privacy

Euros. Image courtesy of Shutterstock.The European Union commissioner for justice, Viviane Reding, has called for bigger fines for companies who breach data privacy laws within the union.

Her comment came after data protection authorities in Spain and France ruled that Google's new consolidated privacy policy violated the existing data protection rules yet yielded small fines for the company.

In December, the Richmond company was fined 900,000 euros by the Spanish privacy watchdog who said that its consolidation of over seventy privacy policies into one broke the nation's laws.

Then, this month, the Commission Nationale de l'informatique et des Libertes (CNIL) fined Google after claiming that its new all-encompassing privacy policy does not inform users just how their personal data is used or collected, does not obtain user consent prior to storing cookies, fails to define data retention periods, and combines data across its services without any legal basis.

The fine levied by CNIL was much smaller at just 150,000 euros, the largest penalty that the independent commission is allowed to apply. Reding commented:

In Spain, Google was fined the maximum amount of EUR 900,000, while in France – whose data protection authority is one of the most respected and feared in Europe – the fine levied was EUR 150,000, also the highest possible sum. Taking Google's 2012 performance figures, the fine in France represents 0.0003% of its global turnover. Pocket money.

Reding questioned whether such a small fine actually served as a deterrent:

Is it surprising to anyone that two whole years after the case emerged, it is still unclear whether Google will amend its privacy policy or not?

Two years ago Reding put forward new data protection plans that have yet to be adopted by the Commission.

In the original draft of the legislation an offender could have been hit with a fine equal to two percent of its annual turnover a proposal that would, in the Google case, have led to a financial penalty of around 731 million euros ($1 billion).

More recently, the European Parliament considered going even further after voting in favour of fines of up to 5% of a company's global revenue.

On Monday, Reding stated that "Europeans need to get serious", adding that larger fines for data protection breaches would act as a more significant deterrent, being a "sum much harder to brush off."

But the proposals are unlikely to be realised any time soon. Reding's own reforms have been amended over 4,000 times so far and Germany has raised concerns that a single European data protection authority may compromise its own existing data protection legislation. Reding commented:

Member States, however, have been stalling. Even after the shocking revelations of mass spying and surveillance which continue to dominate the headlines, they have so far mainly reacted with words. EU Heads of State and Government have committed to a "timely" adoption of the new framework. But in real terms there has been little action.

, ,

You might like

2 Responses to EU commissioner calls for larger data breach fines

  1. Anon · 623 days ago

    I love how governments choose to charge these big fines from companies when people are wronged by them and never give the money to the people who were actually affected. Case in point in the US, the financial meltdown. How many fee's have been paid to the government by corporations that stole billions from the people. And how are those people doing now? Any better? No. Its time that 'fines' go to the people who were hurt and not the people who put in place laws that allow it to happen.

  2. Not only does the money from fines not go to the people who were hurt by the wrongdoing of these corporation, but the same people will end up paying those fines when the corporation raises the price of its products or services to get back the profits it lost in fines!

    Oh, and DO NOT try to tell me that having to raise their prices will make them less competitive ....... we al know that when one company raises its prices so do its competitors; windfall profits for everyone!

    Decisions to cheat or break the law are NOT made by a "company". Those decisions are made by CORPORATE EXECUTIVES! Let's start fining or jailing such executives for their wrongdoing - just as you and I get penalized for ours - and you'll soon see a different behaviour on their part!

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

About the author

Lee Munson is the founder of Security FAQs, a social media manager with BH Consulting and a blogger with a huge passion for information security.