European Commission set to consult on data breach rules

The European Commission (EC) is looking for input from telecoms operators, ISPs, Member States and national data protection authorities on whether additional rules are needed to ensure data breaches are reported in a consistent way across the EU.

This comes shortly after the revised ePiracy Directive came into force on 25 May, which requires operators and ISPs to immediately inform national authorities and their customers about breaches of personal data.

The EC now wants additional information on both existing practice and initial experience since the new rules came into force. New proposed rules will aim to make clear when breaches should be reported, the procedures for doing so, and the formats that should be used.

"The duty to notify data breaches is an important part of the new EU telecoms rules. But we need consistency across the EU so businesses don't have to deal with a complicated range of different national schemes," said Neelie Kroes (pictured), Commission VP for the Digital Agenda.

"I want to provide a level playing field, with certainty for consumers and practical solutions for businesses," she added.

The Commission also wants to learn more about cross-border breaches and compliance with other EU obligations relating to security breaches.

Contributions to the consultation will be considered up until 9 September 2011.