BRUSSELS (Reuters) - Businesses operating in the European Union could be fined up to 4 percent of their annual global turnover for breaching data protection rules under a proposal agreed on Wednesday.
The EU is negotiating a data protection law to replace a patchwork of national laws dating back to 1995, aiming to set clearer limits on how companies can use EU citizens’ private data and beef up regulators’ enforcement powers.
Under the current system, not all national regulators have the power to levy fines, and when they do the amounts are often paltry compared with the revenues of some of the companies affected, particularly big U.S. tech companies such as Google and Facebook.
Members of the European Parliament are pushing for fines running up to 5 percent of a company’s global annual turnover, but member states have been more cautious, initially proposing a 2 percent ceiling.
The two sides are in talks to try to a find a compromise before year end and member states on Wednesday accepted a proposal from Luxembourg, which holds the rotating presidency of the EU, to raise the sanctions ceiling to 4 percent of revenue, according to two EU diplomats.
However, the ceiling may still change in negotiations with the European Parliament.
Businesses have pushed back against higher fines, arguing they would deter investment in data-based services in Europe.
“It will move innovative solutions to other regions and EU will be left behind,” Rene Summer, spokesman for the European Data Coalition, whose members include Ericsson, SAP and Nokia, said in a statement on Tuesday.
Editing by David Holmes