Members of the European Parliament will meet at the White House on Wednesday to discuss ways to rebuild trust on intelligence gathering, including ways the U.S. can beef up its data protection laws.
European Justice Commissioner Viviane Reding says Internet data collection by the National Security Agency has "shaken and damaged the relationship with the U.S.," and calls for stronger data privacy laws in the U.S. to regulate tech companies similar to rules that are proposed in Europe.
"Once a single and coherent set of data protection rules is in place in Europe, we will expect the same from the U.S.," Reding says.
Those rules could prove expensive for the tech industry. Concerns about mass surveillance by the NSA hastened the passage of draft data privacy protections in the European Union on Oct. 21. The proposed rules allow users to demand that a company like Google erase all of their personal data, and restrict unauthorized data transfers to non-EU countries. Companies that violate those rules could be fined a maximum of 5 percent of their global annual sales. The final amount of the fine will always depend on the severity of the breach in question, Reding says of the proposed regulations.
"This is a necessity to create a stable basis for personal data flows between the EU and the U.S.," Reding says. "A system of self-regulation is not enough."
British Prime Minister David Cameron led an effort to have the wording in the proposed EU rules call for "a timely adoption" by 2015. The proposed rules will be discussed again during the next meeting of EU justice ministers on Dec. 5.
Tech companies including Google depend on user content for advertising revenue and search engine operations, so it could be expensive for them to comply with such data privacy rules in the EU, says James Lewis, a technology analyst at the Center for Strategic and International Studies.
"This is a fundamental challenge to Google's business model," Lewis says.
Google declined to comment for this article.
Even if the U.S. does not implement similar rules, the regulations in the EU would effectively affect all businesses and user experiences, Lewis says.
"On the surface they sound good but there is a real concern that will have a damaging effect on the economy," Lewis says. "The U.S. could use stronger privacy policies but the way to do that is in cooperation with the EU, not with unilateral regulation by Europe."
It might not even possible for a company like Google to comply with the EU and delete all personal information from the ever-expanding Internet cloud, Lewis says. "Sometimes the company who sent you data does not know where your data is stored," Lewis says. "This could be a recipe for lots of expensive measures that won't come to a good result."