The European Commission is currently drafting a plan that will standardize reporting requirements for companies that store data online in the event of lost or stolen personal data. As The New York Times reports, EC VP Nellie Kroes is writing the bill and hopes it will replace the current disparate laws that exist across the European Union with standardized procedures that would increase accountability when it comes to storing data online — in addition to standardizing laws across the 27 EU nations, more companies would be responsible for disclosing when a data breach is suffered.
The new law would call for any company with a large database stored online — for things like search, social networks, or cloud services — to disclose data breaches. This would open up companies like Apple, Microsoft, Facebook, Google, and even smaller ones like Dropbox to greater scrutiny. Those who don't follow the new directives will open themselves up to fines and sanctions. It's quite a change from the current, loosely-defined requirements that are typically only followed by those with more traditional customer databases, like telephone or utility companies.
While this new bill could represent a major change, it's not a huge surprise — Kroes and the EC have long shown interest in internet privacy concerns, with Google being a particular target of recent concern. That said, there are concerns that the proposed new system would overwhelm the national regulators responsible for following up on the data disclosures. There's also a sentiment that the proposal needs more strict and defined guidelines as to what specifically would trigger the need for a report and what companies specifically would be bound by the new plan. Kroes plans to publicly share details of the new plan Friday, and we expect that will be followed by a long back-and-forth period of hammering out such details.