The Wall Street Journal reports on proposals for data privacy protection in the European Union:
BRUSSELS—The European Commission Wednesday spelled out some of its proposed privacy rights for citizens sharing personal data on the Internet, saying there should be a strict “right to be forgotten” that would allow users to tell websites to permanently delete data. In a speech in Brussels, Justice Commissioner Viviane Reding said the first pillar of the European Union’s proposition would be “a comprehensive set of existing and new rules to better cope with privacy risks online.” […]
She said the “burden of proof” should be on data controllers who process data. “They must prove that they need to keep the data rather than individuals having to prove that collecting their data is not necessary,” she added.
The proposed rules, which were announced last November, could heighten tensions between European regulators on the one hand, and U.S. technology companies and a fast-growing online advertising industry on the other. […]
In her speech, Ms. Reding said the new EU rules should apply regardless of data location, protecting EU citizens even when the data is stored on a U.S. website.
In a clear reference to Facebook, she said: “For example, a U.S.-based social network company that has millions of active users in Europe needs to comply with EU rules.” […]
The commission is expected to finalize its proposal in the summer. However, any new rules are likely to be some way off. They would need to be approved by the European Parliament and member states by the European Council. That could well take more than a year.