European Justice Commissioner Viviane Reding said citizens have the right to proper data protection, and the "right to be forgotten", and deserve national regulators which will enforce the rules.
Legislation will be published in the summer to ensure that all Europeans' personal information is properly protected.
Reding told the European Parliament yesterday that forthcoming legislation would be drafted along four lines:
- Firstly, new rules to give people "the right to be forgotten". These would place the onus on data controllers to prove they need to keep the collected data and would strengthen individuals' right to have information deleted.
- Secondly, any data processing should be transparent and people should be fully informed when and how their data is collected. She singled out social networks, whom she asked to provide greater clarity on their data-processing procedures when people, especially young people, sign up to such services.
- Thirdly, Reding called for "privacy by default". She said: "Privacy settings often require considerable operational effort in order to be put in place. Such settings are not a reliable indication of consumers' consent. This needs to be changed."
- The final principle is "protection regardless of location", which means that European data protection groups will need to have powers to take legal action against data processors outwith the European Union.
All of this depends on proper enforcement of the law and Reding pledged to strengthen and harmonise the powers of regulators in the 27 member states.
Reding said: "For example, a US-based social network company that has millions of active users in Europe needs to comply with EU rules. To enforce the EU law, national privacy watchdogs shall be endowed with powers to investigate and engage in legal proceedings against non-EU data controllers whose services target EU consumers."
Reding also addressed police and other law enforcement groups. She noted that mass collection of flight information, bank transactions, emails, internet use and phone log information could also be covered by data protection laws. The Commission will also consider extending existing laws to cover police data use to ensure it is proportionate and clearly defined.
The Commission also wants better cooperation between national regulators. Reding said that the discrepancies between reactions to Google's Street View in different European countries showed the need for a consistent approach.
MEPs have already expressed their concern about the mass handover of data to US spooks.
The European Commission is already taking the British government to court for failing to protect its subjects' privacy. The Commission believes the green light given for BT's Phorm trial without user consent is illegal.