EU Might Raise Fines for Data Breaches
This makes a lot of sense.
Viviane Reding dismissed recent fines for Google as “pocket money” and said the firm would have had to pay $1bn under her plans for privacy failings.
Ms Reding said such punishments were necessary to ensure firms took the use of personal data seriously.
And she questioned how Google was able to take so long to getting round to changing its policy.
“Is it surprising to anyone that two whole years after the case emerged, it is still unclear whether Google will amend its privacy policy or not?” she said in a speech.
Ms Reding, who is also vice-president of the European Commission, wants far tougher laws that would introduce fines of up to 5% of the global annual turnover of a company for data breaches.
If fines are intended to change corporate behavior, they need to be large enough so that avoiding them is a smarter business strategy than simply paying them.
Wayne • January 28, 2014 7:03 AM
The problem with the EU regulations, I’m familar with both EU95/46 EC and most of the individual states implementation of it, is that they are very much open to interruptation, so rather than company X paying the $billion dollar fine it’s far cheaper for them to pay $10m to a smart lawyer who is going to argue that in the eyes of their client they were doing the right thing.
Unless they go the way of the often loathed and ridiculed PCI DSS and actually perscribe the exact conditions that in the eyes of the EU make the data safe then it’s not going to make a once of difference.