The EU is just about ready to turn on their information privacy laws. Typically the US uses the EU as baseline and tries to “harmonize”. Given the Facebook debacle I suspect there might be a bit more impetus given to that effort. Safe to say the US is still a bit of the Wild West (except for HIPAA). If you do business internationally best to be aware.
After four years of preparation and debate the GDPR was finally approved by the EU Parliament on 14 April 2016. Enforcement date: 25 May 2018 – at which time those organizations in non-compliance may face heavy fines.
The EU General Data Protection Regulation (GDPR) replaces the Data Protection Directive 95/46/EC and was designed to harmonize data privacy laws across Europe, to protect and empower all EU citizens data privacy and to reshape the way organizations across the region approach data privacy. The key articles of the GDPR, as well as information on its business impact, can be found throughout this site.