The European Commission proposed today an overhaul of European Union privacy law, which would fine companies as much as 2 percent of their yearly global sales for losing customers’ personal data, Bloomberg reports. Under this update to the EU’s 17-year-old data protection policies, the power to punish these companies for mishandling personal information would rest with data protection agencies in each country.
The EU historically has had much more broadly defined privacy laws than the U.S., so the harsh sanctions this law proposes should come as no surprise. “The protection of personal data is a fundamental right for all Europeans,” EU Justice Commissioner Viviane Reding said in a statement. On this side of the pond, the Securities and Exchange Commission has recently released a guidance on cybersecurity disclosure, but it makes no real requirements of companies.