EU says firms like Google and Facebook must meet privacy rules

BRUSSELS Fri Jun 6, 2014 10:45pm IST

A computer user poses in front of a Google search page in this photo illustration taken in Brussels May 30, 2014. REUTERS/Francois Lenoir

A computer user poses in front of a Google search page in this photo illustration taken in Brussels May 30, 2014.

Credit: Reuters/Francois Lenoir

Related Topics

Stocks

   
Rajalakshmi (C), 28, smiles after winning the Miss Wheelchair India beauty pageant in Mumbai November 26, 2014. REUTERS/Danish Siddiqui

Miss Wheelchair India

Seven women from across India participated in the country's second wheelchair beauty pageant, which aims to open doors for the wheelchair-bound in modelling, film and television, according to organisers  Slideshow 

BRUSSELS (Reuters) - Companies based outside the European Union must meet Europe's data protection rules, ministers agreed on Friday, although governments remain divided over how to enforce them on companies operating across the bloc.

The agreement to force Internet companies such as Google and Facebook to abide by EU-wide rules is a first step in a wider reform package to tighten privacy laws - an issue that has gained prominence following revelations of U.S. spying in Europe.

Vodafone's disclosure on Friday of the extent of telephone call surveillance in European countries showed the practice is not limited to the United States. The world's second-largest mobile phone company, Vodafone is headquartered in the United Kingdom.

"All companies operating on European soil have to apply the rules," EU Justice Commissioner Viviane Reding told reporters at a meeting in Luxembourg where ministers agreed on a position also been backed by the Court of Justice of the European Union (ECJ).

Non-European companies with operations in Europe currently comply with data protection laws in the country in which they are based, which some say leads to "jurisdiction shopping" whereby businesses set up shop in countries with a more relaxed attitude to privacy.

But under the new rules all EU countries will have the same data protection laws, meaning companies will no longer be able to challenge which laws apply to them in court.

Earlier this year a German court ruled that Facebook was subject to German data protection law even if its European headquarters are located in Ireland.

Facebook declined to comment on Friday's agreement.

Germany and the European Commission, the EU executive, have been highly critical of the way the United States accesses data since former U.S. National Security Agency contractor Edward Snowden last year revealed U.S. surveillance programmes.

Disclosures that the United States carried out large-scale electronic espionage in Germany, including bugging Chancellor Angela Merkel's mobile phone, provoked indignation in Europe.

"Now is the day for European ministers to give a positive answer to Edward Snowden's wake-up call," Reding said.

Commenting on Vodafone's disclosure, she said: "All these kind of things show how important it is to have data protection clearly established."

DISAGREEMENT REMAINS

The reform package, which was approved by the European Parliament in March, has divided EU governments and still needs work to become law despite Friday's progress.

While ministers also agreed on provisions allowing companies to transfer data to countries outside the European Union, there was no decision on how to help companies avoid having to deal separately with the bloc's 28 different data protection authorities.

That issue was thrown into stark relief by a ruling from Europe's top court requiring Google to remove links to a 16-year-old newspaper article about a Spanish man's bankruptcy.

The search engine has since received tens of thousands of requests across Europe, and under current rules has to deal with each national authority.

A "one-stop-shop" arrangement would allow companies to deal exclusively with the data protection authority in the country where it has its main establishment. But governments are concerned about a foreign data protection authority making binding decisions that they would then have to enforce.

For example, if a complaint originated in Denmark against a company based in Ireland, the Danish authorities would have to implement a decision by the Irish data protection body, something that is both legally and politically difficult.

(Additional reporting by Francesco Guarascio in Luxembourg; Editing by Andrew Roche)

FILED UNDER:

Restricting Monopoly

Tech Showcase

"App Graph"

"App Graph"

Twitter to start tracking users' mobile apps  Full Article 

Internet Devices

Internet Devices

Internet-connected device sector deals accelerating, report finds  Full Article 

Google in Europe

Google in Europe

Insight - Behind Google's Europe woes, American accents  Full Article 

Uber Lawsuit

Uber Lawsuit

Uber CEO must turn over emails in gratuity lawsuit, U.S. judge rules  Full Article 

Wikileaks Hacker

Wikileaks Hacker

Icelandic hacker says guilty of stealing money from Wikileaks  Full Article 

Motorola Case

Motorola Case

U.S. court rejects Motorola Mobility price-fixing appeal  Full Article 

E-Commerce Boom

E-Commerce Boom

Online grocers come up trumps in India's e-commerce boom   Full Article 

Reuters India Mobile

Reuters India Mobile

Get the latest news on the go. Visit Reuters India on your mobile device.  Full Coverage