The European Commission has vowed to simplify rules on data protection and eyes possible voluntary register for third countries. The European Commission has vowed to simplify rules on data protection and is considering establishing a voluntary register for companies in non-E.U. countries that agree to abide by the region’s data protection standards.“The current lack of harmonization on data protection at European Union level comes at a huge cost and is detrimental to everyone, companies and citizens alike,” said Justice Commissioner Viviane Reding on Wednesday, adding that she plans to harmonize rules across the E.U. and clarify which law applies to a company active in several member states. This is good news for businesses. She also vowed to cut “excessively bureaucratic, unnecessary and ineffective” notification requirements, while at the same time saying she wants to introduce a mandatory data breach notification requirement, for all sectors: banking data, data collected by social networks or by providers of online video games. Echoing an opinion taken by the Article 29 Working Group (an independent data watchdog) earlier this week, the Commissioner also agreed to designate geolocation information as private data. “Movements of citizens should not be tracked without their explicit consent. Storing location data may lead to betraying the location of users,” said Reding. Movement of European citizens’ data outside the E.U. has also come under scrutiny. Currently, data transfers outside the European Union are allowed only to countries that ensure an adequate level of protection or if there is a standard contract between two companies on data safeguards. “The key principle of E.U. data protection rules is that users have to give consent before their data is used. This information cannot be passed on without the user’s approval and companies cannot use it for purposes other than what was agreed. I am thinking about the creation of an E.U. mechanism for third country providers to voluntarily adhere to E.U. data protection rules. Such a mechanism would be possibly linked to certification and with guarantees for auditing and enforcement,” explained Reding. Follow Jennifer on Twitter at @BrusselsGeek or email tips and comments to jennifer_baker@idg.com. Related content news Okta launches Cybersecurity Workforce Development Initiative New philanthropic and educational grants aim to advance inclusive pathways into cybersecurity and technology careers. By Michael Hill Oct 04, 2023 3 mins IT Skills Careers Security news New critical AI vulnerabilities in TorchServe put thousands of AI models at risk The vulnerabilities can completely compromise the AI infrastructure of the world’s biggest businesses, Oligo Security said. By Shweta Sharma Oct 04, 2023 4 mins Vulnerabilities news ChatGPT “not a reliable” tool for detecting vulnerabilities in developed code NCC Group report claims machine learning models show strong promise in detecting novel zero-day attacks. By Michael Hill Oct 04, 2023 3 mins DevSecOps Generative AI Vulnerabilities news Google Chrome zero-day jumps onto CISA's known vulnerability list A serious security flaw in Google Chrome, which was discovered under active exploitation in the wild, is a new addition to the Cybersecurity and Infrastructure Agency’s Known Exploited vulnerabilities catalog. By Jon Gold Oct 03, 2023 3 mins Zero-day vulnerability Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe