The European Parliament has signalled to member states that in a revision of data-protection rules it will insist on greater protection for European Union citizens than the European Commission has proposed.

In a vote on Monday (21 October), the Parliament’s civil-liberties committee decided that a report drawn up by Jan Philipp Albrecht, a German Green, was sufficient to make debate unnecessary in a full plenary meeting of the Parliament.

The text had been agreed by the Parliament’s political groups last week, but even so Albrecht said that he had been surprised by the sweeping support given in the vote.

The report will now serve as a basis for negotiations with the EU’s member states about a revamp of EU data-protection rules.

MEPs reinstated a provision limiting the transfer of personal data beyond the EU. Firms that have been asked by a foreign government to disclose data about EU individuals would be required to obtain prior authorisation from an EU data-protection authority. The European Commission had removed the provision before finalising its proposal in January 2012, reportedly under pressure from the US.

This provision, if passed into EU law, could create a legal dilemma for the likes of Google or Facebook, with American law compelling them to hand over personal data of Europeans and European law preventing them from doing so without prior authorisation.

MEPs also voted to raise the maximum penalties for non-compliance from 2% of a company’s annual global turnover, as the Commission had initially proposed, to 5%, or up to €100 million.

Various MEPs invoked allegations that the US has been spying extensively in Europe as justification for tightening up the rules. Sylvie Guillaume, a centre-left French MEP, said that the protection of personal data was a “fundamental right for European citizens” and that the reports published on 21 October about US spying on French telecommunications “remind us more than anything that we need clear rules”.

Albrecht and other MEPs fear that national governments – notably Germany and the UK – will seek to slow down the negotiations so that the new rules will not be adopted before the current Parliament holds its last plenary, in April.

The committee’s decision not to refer the proposal to the plenary at this stage is an attempt to maintain momentum.

A diplomat from a small state with relatively strong data-protection rules said that his country was concerned that “this truly horizontal file affecting every single data subject in the EU” could be pushed through too fast because of anxieties about US activities.

John Higgins, director of DigitalEurope, which represents digital businesses, said: “There is a real risk that the drafting process will be rushed and important details will not get addressed properly. Rushing through a half-baked law risks throwing away a vital and much needed opportunity to stimulate economic growth.”