On Tuesday, the European Commission, the European Parliament, and the European Council came to a consensus on the language of the text, which has not yet been released in its entirety. (The most recent previous draft Ars was able to locate was dated November 27, 2015.)
Notably, the agreement sets the maximum corporate fine for violating user privacy to four percent of a company’s worldwide revenue—significantly more than the marginal sums that companies like Facebook and Google have paid in the past. For a company like Facebook, the new agreement would mean a potential maximum fine in the neighborhood of $500 million. For Google’s parent company, Alphabet, it would be about $2.5 billion.
Among other changes, the new law would require companies to more clearly explain to users what data is being collected and how it is used.
At present, each member country of the 28-member bloc has its own data protection and privacy laws; Germany’s are seen as the strictest. Assuming the text is approved by the European Parliament and each of the member countries in 2016, companies would have until…