European watchdog backs big penalties for data violations

Europe’s privacy watchdog is backing severe penalties for companies that violate new rules governing how companies handle customer data.

Some in the E.U., including member states, believe that the maximum penalty for violating the law should be two percent of global revenue or 1 million Euros. The European Parliament has proposed a more severe penalty of five percent of global revenue or 100 million Euros.

{mosads}In an interview with the Wall Street Journal, European Data Protection Supervisor Giovanni Buttarelli said that the five percent penalty would be appropriate in some cases.

“In a limited number of cases [that are] so serious, the five percent sanction is more appropriate,” he said, though he said there should be fewer possible cases where sanctions would be used and said the higher punishment should be saved for major cases.

He said that the higher potential fines were necessary because the companies stood to earn significant revenue from customer data.

“You should also consider… the money [companies] get in exchange — big data is a big market and it’s a very profitable market,” he said.

Buttarelli’s recomendations are nonbinding.

The rules would create a uniform code for handling data within the European Union. Currently, disputes over data privacy are governed by the rules in the country in which a company operates. A change could have significant implications for American companies operating in Europe, including giants like Google and Facebook.

In recent years, European privacy regulators have shown a wariness about the way that American tech companies gather and use their customer data.