- European Union officials appeared likely to agree on a strict new privacy law Tuesday.
- The bloc’s executive body have been negotiating on an EU-wide data-protection law for four years.
- The new law would replace a patchwork of 28 different sets of national laws.
The new law is expected to tighten privacy protections for online users, but tech companies say it won’t help reduce risk and it will cost them.
“The risk is that it pushes companies to say it isn’t worth the risk to innovate in Europe,” said Alexander Whalen, a senior policy manager for Digital Europe, which represents Microsoft and Google, among others.
Over the weekend, EU officials were negotiating on the fines that would be imposed on companies that violate the new law, but were expected to come to an agreement soon. A commission official said negotiators were likely to settle at a cap of 4% of global revenues.
Rene Summer, director of Government and Industry Relations at Ericsson, said large, multinational companies would be disproportionately affected by sanctions calculated on the basis of global revenue.
“Even if something goes wrong only in a small part of the company that operates in the EU, the entire organization is fined,” Summer said.
The new EU-wide rule will likely extend responsibility for privacy breaches to data-center and cloud-computing firms used by those companies as well.