EU calls for much bigger fines for data breaches

22/01/2014 20:10

The EU's justice commissioner has called for bigger fines for companies that breach European data privacy laws.

Viviane Reding dismissed recent fines for Google as "pocket money" and said the firm would have had to pay $1bn under her plans for privacy failings.

Ms Reding said such punishments were necessary to ensure firms took the use of personal data seriously.

And she questioned how Google was able to take so long to getting round to changing its policy.

"Is it surprising to anyone that two whole years after the case emerged, it is still unclear whether Google will amend its privacy policy or not?" she said in a speech.

Ms Reding, who is also vice-president of the European Commission, wants far tougher laws that would introduce fines of up to 5% of the global annual turnover of a company for data breaches.

Combining privacy data

The new proposals, currently under debate in the European parliament, aim to create a single EU regulator, which would be able to issue fines on behalf of all national watchdogs.

The continuing row between Google and local data authorities was a case in point for why new laws were needed, she said.

The company changed its privacy policy in March 2012 and began the process of combining the data that people surrendered when they used its many services.

The Spanish data protection agency said that Google had collected information across almost 100 services but had not obtained the consent of people to gather information, or done enough to explain what would be done with the data.

As a result, it imposed a maximum data-breach fine of 90,000 euros ($122,000, £74,000), while in France Google was fined 150,000 euros ($203,000, £124,000).

Under her proposed rules, this would have risen to $1bn (740m euros, £610m ), Ms Reding pointed out - "a sum much harder to brush off".

Trust 'low'

Google remains under investigation in four other countries, and Ms Reding threw down the gauntlet to them.

"Europeans need to get serious," she said.

According to Ms Reding, European trust in the way private companies store data is low.

She claimed 92% of Europeans are concerned about mobile apps collecting their data without consent, while 89% of people said they wanted to know when the data on their smartphone was being shared with a third party.

Not everyone is convinced that the new law is the answer, though.

French consumer group La Quadrature du Net said there were some "big loopholes" that could nullify the effectiveness of the legislation.

The legislation is currently being debated between the European Commission, the European Parliament and the European council, and is expected to be concluded in March.