The Associated Press this afternoon quoted European Commission Vice President Viviane Reding as stating that the E.U. government should not only federalize its approach to granting safe harbor for social networks, but essentially should hold all Internet service providers on the continent, including social networks, responsible for informing Internet users when personal information is being collected from them.

The quote seemed a little fishy, so ReadWriteWeb this morning ran it past Comm. Reding's spokesperson, Matthew Newman. As it turns out, according to Newman's information, the AP quote was indeed taken out of context. Words from the misquote originally appeared in a September 10 interview with the BBC, in response to a speech by Comm. Reding from last March. In its native context, Comm. Reding does not call for a limitation on the European framework for Safe Harbor with respect to social networks - an issue for which Comm. Reding was an outspoken champion.

In the actual speech this morning, what Comm. Reding actually did call for was for the continent's laws regarding how service providers protect personal data, to be streamlined. Rather than a single, federalized approach (which Reding is quoted as having called for, and which in actuality she did not), she spoke on behalf of new guidelines that would hold each European service provider responsible not for 27 member states' laws simultaneously, but only the laws in that provider's native country.

Such a system would not - contrary to the AP headline - replace national laws. Instead, it would decide that service providers are beholden to only one set of national laws - those of its native country.

Here is the text of the actual speech from Comm. Reding, as provided this morning to ReadWriteWeb:

The existing European Union rules on data protection were adopted in 1995, when the full potential of the internet had not yet been realized. In 1993 the Internet carried only 1% of all telecommunicated information. By 2007, the figure was more than 97%. Although the basic principles and objectives of the 1995 Directive remain valid, these rules are not adapted to some new and emerging technologies and applications like social networks. We need to maintain both objectives of the original Directive, to ensure the free movement of personal data across the territory of the Union and to ensure a level of data protection. In a world of ever-increasing connectivity, our fundamental right to data protection is being seriously tested.

To address all of these challenges, the European Commission will propose a comprehensive data protection reform. To help businesses, I want to provide consistency and coherence. We need legal certainty and a level-playing field for all businesses that handle personal data of our citizens.

They need - the same as consumers - to have a "one-stop-shop" when it comes to data protection matters - one law and one single data protection authority for each business; that of the Member State in which they have their main establishment.

The authorities responsible for data protection must be provided with sufficient powers to enforce the law and they must have sufficient resources to exercise their powers.
At the same time, we must strengthen coordination and cooperation between national data protection authorities to make sure that the rules are enforced consistently. As a result, companies will be able to sell goods and services under the same data protection rules to 500 million people - a fantastic business opportunity!

Under the current European Safe Harbor Framework, which was forged in 2000 in an agreement with the United States Dept. of Commerce, service providers in the U.S. that do business with customers in the E.U. must abide by a strict set of principles, including informing users whenever personal information is being collected from them, and for what purpose. Social networks were created since that time, and Comm. Reding is on record as saying that social networks like Facebook have special responsibilities with respect to the safeguarding of personal data. Those statements were not made with respect to a call for a federal European law, trumping member states' laws or the negotiated Framework, describing exclusive provisions for social networks.