Tougher European Union rules concerning data privacy and security, long in the works, have now been officially announced. If confirmed by the European Parliament, the new regulations will replace a set of rules dating back to the early days of the Internet in 1995.

Among the key elements of the new regulations are allowing consumers to permanently delete their personal data, so long as there is no "legitimate reason" for companies to retain it. Changes in privacy settings must be on an opt-in basis, requiring explicit consumer agreement, rather than by default (opt-out).

Firms will be required to report data breaches, "if feasible, within 24 hours." And violations of the new regulations will be subject to fines up to two percent of annual sales. On the other hand, as noted by European Commission privacy chief Viviane Reding, the new framework will simplify and standardize data privacy compliance throughout Europe.