[JURIST] An EU Parliament Committee on Tuesday approved broad legislation aimed at providing greater data protection for Internet users in the wake of the revelation of the US National Security Agency (NSA) [official website] PRISM [JURIST backgrounder] program. If passed, the legislation would empower Internet users to demand [AP report] that companies with access to user data transfer information, like Google and Verizon [corporate websites], fully erase personal data. The law would require that companies seek user consent after fully disclosing the details of their intentions with respect to an individual user’s data. Businesses would also be required to employ data protection officers and technicians in order to ensure company compliance. Violations of certain provisions would reportedly subject companies to fines reaching up to five percent of annual revenue. Reports indicate that, if passed, the law would be the most wide-ranging data protection measured ever implemented in the EU, which has nearly 500 million citizens.
Since Edward Snowden leaked confidential documents [JURIST report] to British newspaper The Guardian in June, people have been asking questions relating to the US government’s surveillance of a wide swath of the population. PRISM, authorized by the US Foreign Intelligence Surveillance Court, is a program which allegedly taps into cell phone records, online activity, and other information to create a database of foreign and domestic persons and their activities. Data protection, especially in the wake of the PRISM scandal, has become an important issue, especially in the EU. In June an advocate general for the European Court of Justice (ECJ) released an advisory opinion [JURIST report] finding that EU data protection law does not require Google and other Internet search companies to withdraw sensitive data from search indices even when found to be harmful. Also in June French and Spanish data protection groups released statements [JURIST report] threatening Google with fines if the company does not change its privacy policies on collecting user data.