Companies face fines as high as 2 percent of yearly global salesfor losing personal data under an overhaul of European Unionprivacy rules.

Data protection agencies in the EU's 27 countries would gain thepower to sanction companies that violate requirements for handlingpersonal information proposed by the European Commission today. Themeasures, which also target online- advertising and socialnetworking sites, update the EU's 17-year-old data protectionpolicies.

The EU overhaul would also clamp down on data lapses such asSony Corp.'s six-day delay in warning customers about a cyberattack that exposed more than 100 million customer accounts, thesecond-largest online data breach in U.S. history. Industry groupswith members including Microsoft Corp. and Google Inc. have warnedagainst overly strict data-privacy rules that may stifleinnovation.

“The protection of personal data is a fundamental right for allEuropeans,” said EU Justice Commissioner Viviane Reding in astatement today. “My proposals will help build trust in onlineservices because people will be better informed about their rightsand in more control of their information.”

Under the draft rules, serious violations such as processingsensitive data without an individual's consent or without any legaljustification, may be punished with penalties as high as 1 millioneuros ($1.3 million) or as much as 2 percent of a company's yearlysales, the commission said. Less serious offences would be punishedwith smaller fines.

Bloomberg News

Copyright 2018 Bloomberg. All rightsreserved. This material may not be published, broadcast, rewritten,or redistributed.