Twenty-two U.S. privacy and consumer groups have written a letter to the European Parliament supporting a strong new European Union data protection law.
The groups, which include the Consumer Federation of America, the Consumers Union, and the Electronic Privacy Information Center, said the new E.U. General Data Protection Regulation would strengthen basic privacy protections and also increase trust in the digital marketplace. The new E.U. regulation would update the E.U. Data Protection Directive, passed in 1995.
Some business and other groups have criticized the proposal, however, saying it would be too prescriptive and anti-business. The proposal would apply to E.U. companies as well as foreign companies and Web sites with E.U. customers.
The regulation expands the definition of personal information collected by companies and strengthens transparency surrounding data collection. It also improves customers’ ability to access their data as well as their ability to have it deleted. A broad new data breach notification requirement is also included.
The letter pointed to a few major initiatives to bolster consumer privacy in the U.S., including the Obama Administration’s publication, earlier this year, of a “Consumer Privacy Bill of Rights.” But the letter noted that the document has not been codified into law.
The groups also made several recommendations on ways to strengthen the E.U. proposal, including narrowing some of the exceptions granted to companies. The letter also recommends restricting the circumstances in which consumers provide “blanket” consent. “Such a mechanism is not meaningful if consumers (and even the businesses) do not know which future acts the consent would enable.”
The proposal needs to be agreed upon by individual states before it is passed, a process some estimate could take a year or longer.