Online gambling operators could face massive fines if they violate the European Union’s new data protection and privacy law.
On Tuesday, the European Commission announced that its member states had finally reached agreement on the final draft of the EU Data Protection Reform. The agreement will ensure a uniform data protection and privacy system across the continent but also contains harsh penalties for companies who fail to observe its rules.
The Reform consists of two instruments. The General Data Protection Regulation will require companies to (among other things) better explain to individuals how their data is being used as well as notifying consumers when their data has been hacked (and not waiting six years to do so). The Data Protection Directive will give law enforcement better cross-border cooperation in combatting crime.
Among the Reform’s most significant provisions are the potential penalties for companies who fail to abide by the new rules. The maximum corporate fine for violating user privacy is 4% of a company’s worldwide revenue, which could total tens of millions of dollars for some online gambling companies – particularly the new behemoths – while a technology giant like Google could theoretically be looking at fines in the billions.
The new rules will apply to all companies doing business with EU customers, whether or not these companies are based in Europe. Assuming they honor the Reform’s rules, the EC believes companies that do business in multiple EU countries will ultimately benefit via the expected reduction in red tape.
The final draft of the Reform has yet to be published but a draft dated Nov. 27 is 185 pages of choice legalese while the EC press release offers some broad strokes. The final text will be formally adopted by the European Parliament and Council in early 2016 and will take effect two years later. The EC plans to educate consumers and companies regarding their new rights and responsibilities during this two year break.