Beginning Next Week: InsideCounsel will become part of Corporate Counsel. Bringing these two industry-leading websites together will now give you comprehensive coverage of the full spectrum of issues affecting today's General Counsel at companies of all sizes. You will continue to receive expert analysis on key issues including corporate litigation, labor developments, tech initiatives and intellectual property, as well as Women, Influence & Power in Law (WIPL) professional development content. Plus we'll be serving all ALM legal publications from one interconnected platform, powered by, giving you easy access to additional relevant content from other InsideCounsel sister publications.

To prevent a disruption in service, you will be automatically redirected to the new site next week. Thank you for being a valued InsideCounsel reader!


EU proposes new privacy law with stiff penalties for companies

The overhaul would put companies at risk of losing 2 percent of their yearly sales for a violation

The European Commission proposed today an overhaul of European Union privacy law, which would fine companies as much as 2 percent of their yearly global sales for losing customers’ personal data, Bloomberg reports. Under this update to the EU’s 17-year-old data protection policies, the power to punish these companies for mishandling personal information would rest with data protection agencies in each country.

The EU historically has had much more broadly defined privacy laws than the U.S., so the harsh sanctions this law proposes should come as no surprise. “The protection of personal data is a fundamental right for all Europeans,” EU Justice Commissioner Viviane Reding said in a statement. On this side of the pond, the Securities and Exchange Commission has recently released a guidance on cybersecurity disclosure, but it makes no real requirements of companies.

Violations of the new law, such as processing an individual’s sensitive data without their consent, would be punished with fines of as much as €1 million ($1.3 million), or 2 percent of a company’s yearly sales. The idea is that a tougher policy would help prevent such serious data breaches as Sony’s in April 2011.

Richard Thomas, the global strategy adviser to Hunton & Williams’Centre for Information Policy Leadership and the former U.K. information commissioner, says he thinks the policy is far from perfect, and may be difficult for companies to comply with. “The Commission’s wish to shift the focus is brave and welcome – away from paper-based, bureaucratic requirements and towards compliance in practice, genuine harmonization and individual empowerment,” Thomas says. “But there are real risks that new bureaucratic burdens will be created and that some proposals will be very difficult to implement in practice. The detail will require close scrutiny and more innovative solutions may be needed on some aspects.”

Join the Conversation

Advertisement. Closing in 15 seconds.