Steelie Neelie: 'Help us form Brussels data breach policy'
'Please be proportionate' begs UK ICO
The European Commission is asking for feedback on practical rules to ensure that anyone in Europe who has their private data breached will be told.
New rules across Europe mean that telcos are meant to tell you if they lose your data. But what is needed now is feedback on how the rules are working and how, in practical terms, they should work.
The Commission seeking the views of telcos, ISPs, and anyone else who's interested.
Neelie Kroes, VP for the Digital Agenda, said: "The duty to notify data breaches is an important part of the new EU telecoms rules. But we need consistency across the EU so businesses don't have to deal with a complicated range of different national schemes. I want to provide a level playing field, with certainty for consumers and practical solutions for businesses."
Eurocrats want information on the circumstances in which the rules should be enforced, and which types of breach should force notification.
The Commission is also seeking feedback on what procedures are followed and what format notifications should take and whether a European standard is feasible or useful.
A spokesman for the UK regulator the Information Commissioner's Office said: "We would welcome an expansion of mandatory notification requirements to cover serious data breaches in all sectors. However, any new requirements must be proportionate, setting out clear criteria and thresholds for reporting a breach."
The ICO was pushing for compulsory notification of all breaches to be enshrined in UK law.
Separately, the European Commission is continuing legal action against the UK government for failing to properly protect its citizens' data.
The UK is also being sued over its failure to take action over Phorm, which was accused of illegal wire-tapping before such activity was even popular. ®