Under a proposed update to the European Union's data protection law, companies could be fined as much as 2 percent of their annual sales for losing personal data or processing sensitive information without prior consent from the individual, reports Aoife White at Bloomberg.

The proposal also includes tougher breach notification rules, requiring organizations to inform victims and the appropriate regulatory agency within 24 hours of a breach.

On the bright side, breached companies would have to notify only the regulator in its home base, which could save as much as 2.3 billion euros annually by eliminating redundant reporting requirements, according to E.U. Justice Commissioner Viviane Reding.

A number of U.S. companies that do business in Europe have criticized the proposals. The Business Software Alliance said that the rules could "bog down companies with onerous compliance obligations which could inhibit digital innovation."

For more:
- see Aoife White's article at Bloomberg

Related Articles:
Lawmakers, regulators boost rhetoric around privacy
Europe, United States eye tighter online privacy rules
Cloud providers seek clearer online privacy protections