EU stands by data protection rulesBRUSSELS - Companies based outside the European Union must meet Europe’s data protection rules, ministers agreed on Friday, although governments remain divided over how to enforce them on companies operating across the bloc.
The agreement to force Internet companies such as Google and Facebook to abide by E.U.-wide rules is a first step in a wider reform package to tighten privacy laws - an issue that has gained prominence following revelations of U.S. spying in Europe.
Vodafone’s disclosure on Friday of the extent of telephone call surveillance in European countries showed the practice is not limited to the United States. The world’s second-largest mobile phone company, Vodafone is headquartered in the U.K.
“All companies operating on European soil have to apply the rules,” E.U. Justice Commissioner Viviane Reding told reporters at a meeting in Luxembourg where ministers agreed on a position also backed by the Court of Justice of the European Union (ECJ).
Non-European companies that operate in Europe currently comply with data protection laws in the country in which they are based, which some say leads to “jurisdiction shopping” whereby businesses set up shop in countries with a more relaxed attitude to privacy.
But under the new rules, all E.U. countries will have the same data protection laws, meaning companies will no longer be able to challenge which laws apply to them in court.
Earlier this year a German court ruled that Facebook was subject to German data protection law even if its headquarters are located in Ireland.
Facebook declined to comment on Friday’s agreement.
Germany and the European Commission, the E.U. executive, have been highly critical of the way the United States accesses data since former U.S. National Security Agency contractor Edward Snowden last year revealed U.S. surveillance programs.
Disclosures that the United States carried out large-scale electronic espionage in Germany, including bugging Chancellor Angela Merkel’s mobile phone, provoked indignation in Europe.
“Now is the day for European ministers to give a positive answer to Edward Snowden’s wake-up call,” Reding said.
Commenting on Vodafone’s disclosure, she said: “All these kind of things show how important it is to have data protection clearly established.”