American tech giants could face billions in fines under a new digital privacy law outlined by the European Union this week.
The policy announced by the European Commission on Tuesday would curtail how tech companies can use the data that they compile about European customers.
Violations could result in fines equivalent to 4 percent of companies' global gross revenue. That would amount to $9.3 billion for Apple, $3.7 billion for Microsoft and $2.4 billion for Google parent Alphabet.
Companies would also be required to quickly report data breaches and to remove out-of-date or contested data under a "right to be forgotten" standard. Parental consent would also be needed for children to use certain social networking sites.
Proponents said that the law, which was four years in the making, would resolve widely varying standards throughout the 28-member EU and safeguard the privacy of Europeans.
"The digital future of Europe can only be built on trust," said Commissioner Andrus Ansip of Estonia. "With solid common standards for data protection, people can be sure they are in control of their personal information."
Experts, however, said that tech companies would need to race to get up to speed on the stringent new rules before they take effect.
“This is a sea change with respect to 28 countries that arguably already have among the most onerous data production laws in place — and in a jurisdiction in which virtually every multinational company operates,” Lisa Sotto, who leads the cybersecurity practice at the Hunton & Williams law firm, told USA Today.
The tech industry, meanwhile, criticized the standard.
“Linking sanctions to worldwide turnover makes zero sense,” Alexander Whalen of trade group Digital Europe told The New York Times. “We have to be smarter about this.”
The full European Parliament is widely expected to back the new standards this week. Once the law is published early next year, EU members must adjust their national laws to meet the rules within two years.