How Europe is dealing with online privacy

[Commentary] In Europe, the protection of personal data is a fundamental right. This right is clearly stated in the European Union Treaty and legislation. To make this right effective, people need to be in control of their own data. So, what will Europe’s proposed rules do?

• First of all, people need to be informed about how their data will be used in clear and simple language: what data are collected, for what purposes and for how long they will be stored. People need to be able to make an informed decision about what to disclose, when and to whom.
• Second, people have to give explicit consent before their personal data -- contact lists, photos or e-mails -- are used. Companies cannot use it for purposes other than what was agreed upon.
• Third, people will have better control over their own data. They need to be able to access their own data, to easily take them to another provider or have them deleted if they no longer want them to be used. This is what I call the right to be forgotten. We want to clarify that people shall have the right -- and not only the "possibility" -- to withdraw their consent.
• Finally, individuals must be swiftly informed when their personal data are lost, stolen or hacked. Online security breaches affect millions of people around the world. Companies must inform the data protection authorities and the people affected right away, preferably within 24 hours.