In the wake of recent high-profile data breaches, the EU justice commissioner is calling for rules to make banks, e-commerce sites, social networks and others tell their customers immediately when their information has been compromised.
In a speech on online privacy, Viviane Reding says that trust in an "information society" has been damaged by the recent Sony data breach and revelations about Apple's logging of customer location details.
To help combat this, Reding is considering extending data protection regulations that already cover the telecommunications industry to other areas, forcing firm such as banks to notify customers and regulators as soon as breaches occur.
The commissioner is also floating the possibility of a establishing an operational data protection office to ensure compliance with legislation.
The proposals came in a speech outlining the EU's plans to deal with a rapidly changing digital world and its privacy implications. The protection of personal data is enshrined in the EU Charter of Fundamental Rights but the current rules date back to 1995 and do not meet the new digital world, says Reding.
The speech outlines five cornerstones for data protection; the right to have data forgotten, transparency, 'privacy by design', making firms and authorities responsible for how they handle data and independent monitoring.
"Our goal must be to apply a high level of protection for citizens. Europe's fundamental right to privacy must apply to all, both in data use by public and by private entities," says Reding.