The proposed law has been discussed since 2012 and when implemented — probably not before 2017 at the current pace of negotiations — will apply to all companies operating within the European Union, no matter where they are based.
The proposal would give authorities the power to impose multimillion-dollar fines on any company that misuses Europeans' data. Under the latest compromise text, even local data protection authorities will have a say on sanctions. If they disagree with a lead authority, they can object and the matter will then be referred to the European Data Protection Board.
Sign up for CIO Asia eNewsletters.