Will the E.U.'s new data laws impact U.S. tech?

Dec 16, 2015, 3:25 PM EST
The EU Flag and Castor and Pollux. (Source: bob/flickr)
The EU Flag and Castor and Pollux. (Source: bob/flickr)

On Tuesday, the European Union agreed to an overhaul of data protection laws, marking a culmination of sorts of a multi-year long debate (expressed notably by legal messes resulting from varied data laws across Europe).

Officials hail the new laws as an improved way for users to know how their digital information is being collected and managed; a method for pursuing and fining companies that misuse personal data; legal recourse for companies to report data breaches; and a way for holding companies accountable for properly using Europeans’ data.

The European Commission’s report says that the latest package will “put an end to the patchwork of data protection rules that currently exists in the E.U.” And quotes Věra Jourová, Commissioner for Justice, Consumers and Gender Equality:

“These new pan-European rules are good for citizens and good for businesses. Citizens and businesses will profit from clear rules that are fit for the digital age, that give strong protection and at the same time create opportunities and encourage innovation in a European Digital Single Market. And harmonised data protection rules for police and criminal justice authorities will ease law enforcement cooperation between Member States based on mutual trust, contributing to the European Agenda for Security.”

The Commission says that this reformation will enable users to better control their personal data, and will provide directives for law enforcement to "ensure that the data of victims, witnesses, and suspects of crimes, are duly protected in the context of a criminal investigation or a law enforcement action.”

The measures also call upon the E.U.’s famed “right to be forgotten” ruling against Google, noting that users will be able to have their data deleted "when you no longer want your data to be processed, and provided that there are no legitimate grounds for retaining it.”

While these new reforms are significant for obvious reasons, they also set Europe apart from the US. in a distinct way. The E.U. is clearly making specific moves to differentiate its data protection practices from those in the U.S., and the new laws will have an effect on U.S.-based technology companies doing business in Europe. 

Since the Snowden leaks in 2013, Europe has been trying to figure out a way out of the clutches of U.S. cyber surveillance, which it fears is occurring through U.S.-based companies such as Facebook and Microsoft. Various steps such as the European Court of Justice revoking the Safe Harbor decision earlier this year have been widening the gap between the E.U.’s data policies and those in the U.S. 

And the commission has butted heads with Facebook and companies on other issues — most of which have to do with user privacy — only to run aground because of fractured policies like the ones the Commission just reformed. It is likely that U.S. tech companies will be facing a different challenge as these latest measures unify data protection rules across Europe. As Business Insider points out: “Businesses can be fined up to 4% of global turnover for failing to comply. For a company like Apple — which had revenues of $234 billion in FY2015 – that would amount to nearly $10 billion in fines.” While the rules are designed to make it easier for companies in Europe to do business, it remains to be seen how easy it will be for Silicon Valley.