UPDATED to add links to new information:
New York Times reports today that the proposed new data protection framework could have serious implications for Internet companies trading in personal information (registration may be required to access story).
The Financial Times reports that the new framework “worries business.”
The announcement of the proposal for comprehensive reform of EU data protection rules is expected on Wednesday of this week at 12:30 PM CET (6:30 AM EST). You will be able to watch the press conference with Viviane Reding, Vice President of the EU Commission in charge of Justice streamed live.
There are several items of interest that reportedly will be part of the proposed rules. At a conference in Munich yesterday, Commissioner Reding reportedly announced that the proposal will include a requirement for companies to disclose data breaches to customers and authorities within 24 hours of occurrence. Companies that have dealt with data breaches know from experience that it is often impossible to assess the scope of a breach within 24 hours, let alone provide adequate and useful notice. Also, there is a proposal for a monetary penalty of up to 2% of an entity’s worldwide turnover. Although down from the original 5% which was leaked a few weeks ago, this still has the potential to be a substantial monetary penalty, and could have an effect on disclosures by US public companies under the new SEC Guidelines.
We will analyze the proposal after its release on Wednesday. Excerpts from Commissioner Reding’s Munich speech can be found in the Wall Street Journal Tech Europe blog and in Business Week (Bloomberg).