Skip to main content

New EU data privacy rules could hit US businesses hard

A new European privacy directive is about to be signed, one which could see U.S. tech firms fined millions of dollars if they don't comply.

The directive regulates how tech companies obtain and use user data. According to USA Today, companies must get a clear consent from the user and have to explain just what their data will be used for. Companies must also explain to the user how the data was obtained, and in case the user wants that data changed or completely deleted, the company must do so.

example, if they choose to delete their Facebook account, Facebook would have to also delete all the information it had collected about them.The directive has been in the works for several years and will replace a patchwork of laws from the 1990s.

“A lot of the language in this regulation has been sharpened in response to U.S. companies walking very close to the line as far as complying with E.U. data protection regulations,” said Danny O’Brien, the international director of the Electronic Frontier Foundation, a San Francisco-based cyber rights group for USA Today.

The age of data consent will also be raised from 13 to 16 years old, meaning all younger than 16 will have to get their parents' approval before giving their data to companies.

The European Commission and the European Parliament could not agree on the size of the penalty in case a company fails to comply, but it seems as 4 per cent of the company's global revenue could be the sweet spot.

For companies the size of Google or Facebook, that's a lot of money.