1. Skip to content
  2. Skip to main menu
  3. Skip to more DW sites

EU overhauls data protection laws

December 16, 2015

The EU has announced a provisional deal on data protection, updating laws that date back to the 1990s. The draft regulation enshrines web users' privacy, the "right to be forgotten" and stiff penalties for breaking it.

Austrian activist Max Schrems awaits verdict of European Court of Justice on Facebook privacy
Image: picture-alliance/dpa/J. Warnand

EU lawmakers agreed on a provision deal that would overhaul fragmented data protection laws dating back to the 1990s.

"Today, everything is digital so we need rules for an enormous amount of issues and those rules have to be applicable, they have to be sensitive, they have to be understandable for every normal user," Luxembourg's Justice Minister Feliz Braz said on Tuesday.

The new law, which must still be approved the European Council and European Parliament, provides EU national authorities with the power to impose fines of up to 4 percent of revenues on companies breaking it, which could amount to billions for tech giants like Alphabet's Google and Facebook.

Under the EU's latest data protection regulations, companies have 72 hours to report data breaches to national authorities that may harm individuals.

It also enshrines the "right to be forgotten," providing EU Internet users the right to have information about them deleted from the Internet, in particular from search engines such as Google and Microsoft's Bing.

A contentious subject was the age in which minors must obtain their parents or legal guardians' permission to sign up for social networks, such as Facebook or Instagram.

EU lawmakers agreed that those under 16 must obtain permission, with the option for member states to lower the threshold to 13.

"The draft regulation aims to give citizens control over their private data, while also creating clarity and legal certainty for businesses to spur competition in the digital market," a statement from the European Commission said.

The move by EU lawmakers comes amid privacy concerns following revelations made by former US National Security Agency contractor Edward Snowden, which illustrated how authorities - particularly in the United States - have harvested personal information of citizens from tech companies.

The impact of the "safe harbor" verdict

00:00

This browser does not support the video element.

ls/sms (Reuters, AFP, AP, dpa)

Skip next section Explore more
Skip next section DW's Top Story

DW's Top Story

Skip next section More stories from DW