Lawsuits against companies such as Google and Facebook for breaching privacy rules would become even more likely under new rules being considered by European regulators, including the threat of criminal sanctions and fines. According to a report by Bloomberg, which says it obtained a copy of the proposed regulatory changes, the European Commission is recommending that there be expanded criminal penalties for companies that breach their users’ privacy, and that users should have the right to remove their personal data, lists of friends, photos and other information from various services.
The recommendations were made in a paper presented by the European Union’s executive body, which is responsible for proposing legislation and enacting standards for the EU, and consists of a cabinet with 27 commissioners, one from every member state. The European community has been fairly hard-nosed on privacy as it applies to services like Facebook and Google’s Street View, which has been criticized for a number of reasons, and faced potential restrictions from European states even before the company admitted that its Street View cars were inadvertently capturing personal data.
Facebook — which is facing a potential government inquiry in the U.S. related to the transmission of personal details via some of the apps that run on the network — has also faced scrutiny from a number of
EU states both EU and non-EU countries, including Switzerland and Germany. The European Commission has made it clear on a number of occasions that it wants to put the strength of criminal penalties behind its privacy rules: EU Justice Commission Vivian Reding has said the EU needs to “strengthen enforcement [and] incorporate the fundamental principles of data protection to cover all areas of EU competence, including police and judicial cooperation in criminal matters.”
Meanwhile, Google has avoided potential prosecution in Canada, where the country’s national privacy commissioner has been investigating the breach of personal privacy that occurred when the company’s Street View cars collected personal data from open wireless networks. On Tuesday, commissioner Jennifer Stoddart said that while the case involved a “serious violation of Canadians’ privacy rights,” Canada will not be pursuing criminal penalties against the company. The commission’s file on the incident will not be closed, however, until Google can show that it has taken steps to improve its internal data protection policies as outlined by the commission.
Are fines and other criminal proceedings really the best way to achieve protection for privacy online? The Canadian government’s decision suggests it sees negotiating with companies as a preferable strategy, rather than lawsuits or criminal penalties, while the EU seems determined to pursue the legal route (although the expanded penalties and sanctions are still just a recommendation from the European Commission). What kind of effect the EU’s “big stick” approach might actually have on privacy practices remains to be seen.
Related content from GigaOM Pro (sub req’d):