Websites including Google and Facebook that operate from the US but which target consumers in Europe will be bound to follow tighter EU privacy and data protection rules being drawn up by the European Union, its justice commissioner has said.
Viviane Reding told a seminar in Brussels that European citizens’ rights in regard to data collection needed to apply regardless of where the data were collected.
“A US-based social network company that has millions of active users in Europe needs to comply with EU rules. There should be no exceptions for third countries’ service providers controlling our citizens’ data.”
Internet companies have previously faced criticism from data protection watchdogs in Europe for the way that they retain and use private data that they collect from web users.
The application of the rules to US-based companies was one of four principles that Ms Reding outlined for governing privacy rights, which are currently under scrutiny in Brussels.
She also said there should be a “right to be forgotten”.
The commission is reviewing Europe’s data protection laws, and could come forward with proposals this summer.
In the process of updating the laws, Ms Reding said she wanted to “explicitly clarify that people shall have the right – and not only the “possibility” – to withdraw their consent to data processing”.
She also said that transparency was critical, and that individuals should be informed about which data were being collected and for what purposes.
Finally, she said that there should be “privacy by default”. The use of data for purposes other than those specified should only be allowed with the explicit consent of users.
Facebook said it was “fully engaged in the debates around the review of the European Union’s Data Protection Directive. We work closely with data protection authorities across the EU and with the European Commission and Parliament.”