Vote pending: Revelations by US whistleblower Edward Snowden have provoked moves to protect the data of 500 million EU citizens. Photo: Reuters
A European Parliament committee has approved sweeping new data protection rules that would outlaw the kind of data transfers that the US used for its spying program.
The draft rules were beefed up after American defence contractor Edward Snowden's leaks about US online snooping.
Parliament still needs to hold a plenary vote and seek agreement with the European Union's 28 member states - which is likely to result in some changes.
The rules would for the first time create a strong data protection law for Europe's 500 million citizens, replacing a patchwork of national rules that only allow for tiny fines.
Supporters have hailed the legislation as a milestone towards genuine online privacy rights.
''In the future, only EU law will be applicable when citizens' data in the EU will be used, independently of where the company using the data is based, be it in Germany, Ireland or the USA,'' said Jan Philipp Albrecht, a member of the European Parliament who led negotiations on the legislation.
The legislation aims to enable users to ask companies to erase personal data, handing them a so-called ''right to be forgotten''.
Compliance failures could be subject to a fine worth up to 5 per cent of a company's annual revenue - which could be hundreds of millions of dollars, or even a few billion for internet giants such as Google.
''Those companies are making billions from European citizens' data. So if you want them to comply, you have to give them the right incentives,'' said Giacomo Luchetta of the Centre for European Policy Studies.