Big tech companies are set to face hefty fines in future if they misuse personal information – up to four percent of their revenues.
The EU has approved sweeping overhaul of fragmented data laws, which date back to the 1990s.
Firms will also be forced to report data breaches.
Negotiations have been going on since June and now politicians are hailing a “breakthrough.”
The agreement is subject to final endorsement by both the European Parliament and EU member states, expected by early next week.
“You can trust that these rights are really enforced everywhere, with strong sanctions. And not that there are some countries in Europe where there is weaker protection, others with stronger protection,” explained Jan Albrecht, a German Green MEP.
“Everywhere you have the same strong rights. And in addition, you will get additional rights, like better information and transparency rights.”
The reform comes amid mounting privacy concerns over where data is stored and how it is used.
They were stoked after former US National Security Agency contractor Edward Snowden revealed how American authorities harvested information directly from tech companies like Apple Inc and Microsoft.