New technologies and uneven application of privacy laws hurt users...

rights and boost Europe’s internal market by allowing the free flow of data, the EC said. Those goals are still valid, but the directive can’t cope with the online environment, where people share and companies collect huge amounts of personal information, it said. The legislation doesn’t fully address the challenges of cloud computing, social networking sites, Web-connected mobile devices, user-generated content and other things, it said. Those technologies have “pushed individuals to the forefront” in managing their own personal data, requiring policy makers to shift focus, it said. Online data protection policies are often unclear and non-compliant with existing rules, it said. Under the proposed strategy, collection and use of personal data for such things as online behavioral ads will have to be kept to a minimum and users given clear information about how and for how long their data is gathered and used, it said. People should be able to give informed consent to the processing of their data when surfing on the Internet and should have the “right to be forgotten” when the information is no longer needed or they want it deleted, the EC said. And users should be informed when their personal information is accessed and used illegally, it said. Current law requires telecom providers to notify users and regulators of data breaches, but the EC said it’s considering extending that obligation to other sectors as well. Businesses need relief from the administrative red tape caused by divergent application of data protection rules across Europe, national privacy authorities must be strengthened and the directive must be better enforced, the EC said. Harmonizing the rules -- or limiting the extent to which a particular country can diverge from them -- will provide better guidance in cases such as Google Street View, which has met with differing responses in Europe, it said. “We're not trying to race against technology,” a spokesman said at a news briefing when asked how the EC can keep up with the pace of change. The updated directive will set general principles that will, like the current measure, be technology neutral, he said. The lack of harmonization creates enormous challenges for small- and mid-sized technology companies who can’t develop cutting-edge applications for cloud computing because of complex and sometimes conflicting data protection provisions, said Association for Competitive Technology President Jonathan Zuck. Internet business practices don’t always respect the current requirements and such breaches fuel a lack of consumer confidence, said the European Consumers’ Organization. It praised the EC for pushing for more transparency and data collection minimization. Comments on the strategy are due Jan. 15 -- http://xrl.us/bh6t2z. The EC said it will propose legislation next year.