Neelie Kroes wants to force companies in the EU to disclose data breaches

EU digital chief Neelie Kroes is drafting a proposal that requires all companies that store data on the Internet to report loss or theft of personal information in the EU. Companies that don’t report data loss risk fines and sanctions.

According to the NYT:

The proposal, which is being drafted by Neelie Kroes, the European Union’s commissioner for the digital agenda, aims to impose, for the first time, E.U.-wide reporting requirements on companies that run large databases, those used for Internet searches, social networks, e-commerce or cloud services.

Not everybody is happy with the plan because the wording includes not only the traditional compilers of huge CRM databases (telco’s and utilities) but just about any cloud service.

The tech industry says it supports the idea, but it says the proposed regulation needs to make clear that breaches only need to be reported “when necessary and useful to consumers”:

“Harmonization of the notification requirements for security breaches is important and should be addressed,” said Thomas Boué, the government affairs director in Brussels for the Business Software Alliance, whose members include Microsoft, I.B.M., Apple, Oracle and Intel. “More precise guidelines in the directive on the trigger and threshold procedures would make the system more workable.”

Read more: NYT

Powered by Facebook Comments

About the author

Raf Weverbergh

Editor of whiteboard. Raf Weverbergh was a magazine journalist whose work appeared in magazines like Rolling Stone, Playboy, Mail on Sunday, Publico and South China Morning Post. He is the co-founder of FINN, a corporate communications agency where he advises startups and multinationals on their PR and Mustr, the easiest media database for PR professionals. You can contact him on Twitter, Linkedin or Skype (rafweverbergh).

Related Posts