The new law is part of an overhaul of the European Commission's Data Protection Directive from 1995, and would give Internet surfers the right to have their personal information eradicated.
The idea is to make it easier for people to erase stuff they post online that could later hamper their attempts to get a job. A spokesman said the changes were "particularly aimed at young people".
Teens and young adults "are not always as aware as they could be about the consequence of putting photos and other information on social network websites," he said.
The revisions were detailed by Justice Commissioner Viviane Reding and will be proposed properly on Wednesday. The law would create a set of data privacy rules for Europe, and companies active in Europe could be subject to the new laws, even if they're based overseas or store data on servers elsewhere.
Reding has conceded that the so-called 'right to be forgotten' wouldn't apply everywhere, saying "it is clear that the right to be forgotten cannot amount to a right of the total erasure of history".
"Neither must the right to be forgotten take precedence over freedom of expression or freedom of the media."
Under the new law, websites like Facebook or Google would be obligated to notify customers when their data is collected, why it's been harvested and how long it will be stored for.
And if there was a data leak of the kind that befell Sony's PlayStation Network, companies would have to inform users and the authorities "as soon as possible", which means within 24 hours under normal circumstances.
Companies that break the rules could be fined one per cent of their global revenues. That may not sound like much, but when you earn as much cash as Facebook, it's hardly pocket change.
What do you think about these rules? Tell us in the comments or on our Facebook wall.