EC must adopt breach notification legislation, says watchdog

Law should be stronger on data breach notification and data retention

The EU is amending its privacy directive

The EU privacy watchdog has joined calls for a data breach notification law in Europe.

The watchdog wants European countries to follow 35 US states in introducing a law that would force companies to inform consumers when they have lost their information.

Peter Hustinx, of the European data protection supervisor, said the European Commission's proposal to amend its e-Privacy Directive didn't go far enough in recommending a law.

"The proposed amendments to the directive are not as ambitious as they should be," he said.

Hustinx believes the Commission must look more widely at data breach issues.

"In dealing with new issues, such as the setting up of a mandatory security breach notification system, the proposal remains too restrictive in its scope."

The Watchdog also said a new rule to give authorities more power to take action against those who break spam laws should be extended to cover any infringement of the e-Privacy Directive - including information loss and unnecessary retention of information.