Lawsuits against companies such as Google (s goog) and Facebook for breaching privacy rules would become even more likely under new rules being considered by European regulators, including the threat of criminal sanctions and fines. According to a report by Bloomberg, which says it obtained a copy of the proposed regulatory changes, the European Commission is recommending that there be expanded criminal penalties for companies that breach their users’ privacy, and that users should have the right to remove their personal data, lists of friends, photos and other information from various services.
The recommendations were made in a paper presented by the European Union’s executive body, which is responsible for proposing legislation and enacting standards for the EU, and consists of a cabinet with 27 commissioners, one from every member state. The European community has been fairly hard-nosed on privacy as it applies to services like Facebook and Google’s Street View, which has been criticized for a number of reasons, and faced potential restrictions from European states even before the company admitted that its Street View cars were inadvertently capturing personal data.transmission of personal details via some of the apps
Meanwhile, Google has avoided potential prosecution in Canada, where the country’s national privacy commissioner has been investigating the breach of personal privacy that occurred when the company’s Street View cars collected personal data from open wireless networks. On Tuesday, commissioner Jennifer Stoddart said that while the case involved a “serious violation of Canadians’ privacy rights,” Canada will not be pursuing criminal penalties against the company. The commission’s file on the incident will not be closed, however, until Google can show that it has taken steps to improve its internal data protection policies as outlined by the commission.
Are fines and other criminal proceedings really the best way to achieve protection for privacy online? The Canadian government’s decision suggests it sees negotiating with companies as a preferable strategy, rather than lawsuits or criminal penalties, while the EU seems determined to pursue the legal route (although the expanded penalties and sanctions are still just a recommendation from the European Commission). What kind of effect the EU’s “big stick” approach might actually have on privacy practices remains to be seen.
Related content from GigaOM Pro (sub req’d):