The EU Commission announced sweeping Internet privacy recommendations Wednesday, in the first step toward a single policy for Europe regulating the amount and types of data that can be collected and held by Facebook, Google (GOOG) and any Internet company.
Observers say it's unclear if the recommendations could be a financial burden to companies that rely on selling user information or user-specific advertising. There is an upside for Internet firms.
"The good news for business is that there would be one law, one clear set of expectations," said Christopher Wolf, co-chair of the Future of Privacy Forum, an industry-funded think tank.
It's also unclear what impact this might have on the U.S., where Internet privacy remains a contentious issue. In general, Europe's privacy policies are stricter than those in the U.S.
The recommendations aim to replace a 17-year-old European statute, under which each country can set its own standards. That 1995 regulation is outdated, because it was instituted when "less than 1% of Europeans used the Internet," European Union Commissioner Viviane Reding said in a video released Wednesday.
"The protection of personal data is a fundamental right for all Europeans, but citizens do not always feel in full control of their personal data," Reding said.
At Least Two Years Away
The recommendations include allowing users access to their personal data, creating a single international protection agency for complaints from Internet users and establishing rules for prosecuting crimes involving data. The rules require approval by the European Parliament, and wouldn't go into effect until two years after passage.
Some recommendations could be "onerous" for firms, Wolf says.
"There's the so-called 'right to be forgotten,' which would allow users to have data deleted. … The cost and burden of having to remove data, which is present in so many locations, could be enormous," Wolf said.
The cost of implementing the recommendations in terms of slowing innovation might outweigh their impact on privacy, Wolf says.
Facebook, which updated its European privacy policies in December, says it views the recommendations as positive overall.
"We welcome the move toward more harmonization of data protection laws in the EU, which will help create legal certainty and confidence for companies to operate," a Facebook representative told IBD via email.
A pro-privacy group, Consumer Watchdog, says the "landmark" recommendations are a boon for anyone concerned about keeping personal information private.
Consumer Watchdog, a longtime Google critic, pointed to Google's decision to integrateGoogle+ information into search results as a sign that new regulations are necessary to protect consumers.
"Google has eliminated its last pretense that it protects consumer privacy — the walls are torn down," John Simpson, the group's director, wrote in a statement Wednesday.
Google's new terms are set to go into effect in March. They will take the place of more than 60 such policies that Google has across all its products. (The company has more than 70 different such policies, but had to keep a few other old policies "for legal reasons," it says.)
Google is allowing its many applications to see all the information it has about a user. So, for example, YouTube might know what music you did a Google search for, so that it can direct you to similar videos. If you use Google's mobile apps, the company collects location information about you and might be able to tell you when you're going to be late for a meeting, if the meeting was logged into your Google calender.
"In short, we'll treat you as a single user across all our products, which will mean a simpler, more intuitive Google experience," Alma Whitten, director of privacy, product and engineering, wrote in a blog post.