EU member states are negotiating an overhaul of the bloc's outdated privacy laws in a bid to make them more harmonised and relevant for the rise of the Internet.
A draft proposal from Latvia, which holds the EU's rotating presidency, suggests three levels of fines for companies breaching the rules, ranging from 0.5 percent to 2 percent of a firm's annual worldwide turnover, depending on the gravity of the data breach.
Failure to "erase personal data in violation of the right to erasure and 'to be forgotten'" falls under the second category which foresees maximum fines of one percent of a firm's annual global turnover, according to the draft.
EU ambassadors endorsed the fines on Wednesday, three diplomatic sources said.
Once all parts of the reform proposal have been agreed, EU ministers should endorse the whole text in mid-June. Following that, member states representatives can begin discussions with the European Parliament - which wants fines of up to 5 percent of global turnover - to find a final compromise.
The fines would give data protection authorities a much bigger stick in ensuring that EU data privacy rules are respected.
Under the current regime not all privacy watchdogs have the power to levy fines, and where they do, the amount is often negligible for big firms.
Last year the European Union's supreme court ordered it to remove outdated or irrelevant information from its name-search results but it is only applying the ruling across its European domains, such as Google.de in Germany, arguing that it automatically redirects users to their local website anyway.
© Thomson Reuters 2015