Internet survey
“Any company operating in the EU market or any online product that is targeted at EU consumers must comply with EU rules,” Viviane Reding, the European commissioner in charge of justice issues, said in a speech this week. - File Photo

BRUSSELS: When it comes to privacy, the Internet has long been something of a Wild West but that that is starting to change, with regulators in Europe and the United States beginning to pull in the reins.

On both sides of the Atlantic, officials are scrutinizing how companies such as Facebook and Google handle users' personal data, as they draw up plans to protect surfers while ensuring the growth of rapidly expanding social media, search engine and other Web-based businesses.

In the first sign of where Europe may be headed with its privacy regulations, the European Union announced this week that social networking sites and search engines could face court action if they fail to obey new EU data privacy rules.

Under proposals to be fleshed out in the coming months and that will update 16-year-old data-protection laws, the European Commission wants to force companies holding data to allow users to withdraw it from websites, calling it the “right to be forgotten”.

Companies would also have to provide more information on what data they have collected from people and why.

“Any company operating in the EU market or any online product that is targeted at EU consumers must comply with EU rules,” Viviane Reding, the European commissioner in charge of justice issues, said in a speech this week.

“To enforce EU law, national privacy watchdogs will be endowed with powers to investigate and engage in legal proceedings against non-EU data controllers,” she added.

Reding said that EU-based privacy watchdogs should even be given powers to enforce compliance outside Europe, which could include access to US-based servers and other data sources.

While privacy campaigners and Internet users may be pleased to hear what Reding has to say, her words will cause concern in parts of the United States, where many of the biggest and most successful search engines and social media companies are based.

Europe and the United States have traditionally differed on privacy issues, with the EU taking a stronger regulatory approach and US officials more mindful of the need to balance entrepreneurship and business demands with data protection.

But in recent weeks, as US privacy experts have visited Brussels to try to close the gaps between the two regulatory frameworks, officials have emphasised how closely they are working together to come up with a common set of standards.

“I think our baseline understanding of the rules is very similar,” said Fiona Alexander of the US Department of Commerce, who was in Brussels this month to meet EU regulators.

“The implementation in the past may have been different.”

LEVEL PLAYING FIELD

The EU and US already agree on some general concepts, such as the idea that privacy safeguards need to be designed into Web products from the start. They also both want to require Web browsers to offer a “do not track” option to users.

But differences remain on specifics and philosophy.

EU officials are adamant that companies should obtain explicit permission from users before every use of their data -- such as through a pop-up consent box -- while that is not something US regulators are pushing for, EU officials say.

The right to be forgotten is also a concept that goes against the grain for US regulators, who favour a broader definition of freedom of information.

In a sign of where Europe is going and how complex applying the law could become, Spanish data protection authorities ordered Google in January to remove links to more than 80 news articles mentioning people by name, saying it violated privacy.

The case has been referred to Europe's highest court.

Some companies, such as Microsoft, support the effort by the European Union and the United States to align their policies, saying it will result in clearer, more uniform rules.

“Companies need solid, clear rules to be able to continue to invest and to be competitive,” said John Vassallo, Microsoft's vice president of EU affairs. “Now, there are too many competing rules.”

But even within individual EU countries, privacy rules vary so much that lawyers say it would be almost impossible for a multinational company to be compliant in all 27 EU countries.

That suggests that Reding and her EU regulatory team will have their work cut out if they are to draw up a clear and workable policy in the months ahead, and one that fits well with the rules US regulators are also drawing up.

Opinion

Editorial

‘Source of terror’
Updated 29 Mar, 2024

‘Source of terror’

It is clear that going after militant groups inside Afghanistan unilaterally presents its own set of difficulties.
Chipping in
29 Mar, 2024

Chipping in

FEDERAL infrastructure development schemes are located in the provinces. Most such projects — for instance,...
Toxic emitters
29 Mar, 2024

Toxic emitters

IT is concerning to note that dozens of industries have been violating environmental laws in and around Islamabad....
Judiciary’s SOS
Updated 28 Mar, 2024

Judiciary’s SOS

The ball is now in CJP Isa’s court, and he will feel pressure to take action.
Data protection
28 Mar, 2024

Data protection

WHAT do we want? Data protection laws. When do we want them? Immediately. Without delay, if we are to prevent ...
Selling humans
28 Mar, 2024

Selling humans

HUMAN traders feed off economic distress; they peddle promises of a better life to the impoverished who, mired in...