The European Commission (EC) has drafted new rules designed to prevent private data on the internet from being accessed by unauthorised third parties. Companies that break the rules risk a fine. Although this is seen by some as a positive step, the rules appear to have been weakened as a result of pressure from lobbyists in the US.

By Johan van der Tol and Erik Klooster

The organization Bits of Freedom (BOF), which campaigns for freedom and privacy on the internet, believes that the new European rules are a step in the right direction. BOF director Ot van Daalen told RNW:

"There are good things, such as stiff fines for violations, more tools for users to control their own data and the requirement to receive a notification of data leakage as things go wrong. So we're happy."

Leaks
Nevertheless, BOF thinks the rules can be improved. In a previous leaked version of the draft, the EC rules were much stricter. The fines were higher and more protection was provided against the retrieval of information by the United States or other foreign powers. "It has been weakened by American lobbyists," says Mr Van Daalen.

"It would be an improvement if the penalties were increased. It should be stated more clearly that user data cannot so easily be requested, for example, by the United States. Furthermore, the conditions under which permission to use your data can or cannot be requested should be more clearly stated. So there's still much to criticise. There's a lot to improve, but it's a good step."

The new rules will give European citizens the right to remove personal information from the internet. Users may, for example, remove pictures from social networking sites if they are too frivolous. The European Commissioner for Justice, Fundamental Rights and Citizenship, Viviane Reding, calls this "the right to be forgotten."

Patchwork
One of the advocates of greater protection of privacy is Sophie in't Veld, who sits in the European Parliament on behalf of the Dutch progressive liberal party D66. She sees a great advantage in the new legislation because it will mean an end to the patchwork of different laws that currently apply in the 27 EU Member States.

"If I as a citizen of the Netherlands, for example, use Facebook - a company located in Ireland - I have to obey the rules proscribed by the Irish regulator, so that's very complicated. This will be replaced by one system, one standard, one law that applies to everyone."

The new law places a series of obligations on companies. They can only store data when absolutely necessary, with the consent of the user, who always has the right to inspect and correct the data, or to delete it. Companies must have called a so-called privacy officer, who oversees compliance with privacy rules, and they are required to notify users promptly if something goes wrong, for example if the data has been hacked.

Deleted
Like BOF director Ot van Daalen, Ms In 't Veld is concerned about the fact that the United States and other countries outside the EU can still get information about European citizens too easily. She, too, sees this as the result of a powerful US lobby.

Along with the draft rules for companies. Ms Reding also announced privacy rules with which public services such as the police and judiciary will have to comply, but these are far less stringent, which concerns Ms In 't Veld. According to her, citizens should be much better protected against malpractice and errors by the authorities, which will otherwise become ever more powerful:

"For example, if police information is leaked, why shouldn't they also be required to report this very promptly? Why shouldn't they also be required to have a privacy officer to oversee compliance with privacy rules?"

According to the European Commission, almost three quarters of Europeans are concerned about internet security. There is still a (digital) world to win.

(/as/rk)