Among the new policies approved on Tuesday:
■ Allowing national watchdogs to issue fines, potentially totaling the equivalent of hundreds of millions of dollars, if companies misuse people’s online data, including obtaining information without people’s consent.
■ Enshrining the so-called right to be forgotten into European law, giving people in the region the right to ask that companies remove data about them that is either no longer relevant or out of date.
■ Requiring companies to inform national regulators within three days of any reported data breach, a proposal that goes significantly further than what is demanded by American authorities.
■ Obliging anyone under 16 to obtain parental consent before using popular services like Facebook, Snapchat and Instagram, unless any national government lowers the age limit to 13.
■ Extending the new rules to any company that has customers in the region, even if the company is based outside the European Union.”
Europe Approves Tough New Data Protection Rules - NYTimes.com