The issue of data privacy is going to be a big, tough, chewy lump of raw meat. People are going to fight over it, but nobody really wants to eat it.
If you’re a company doing business overseas – and if you’re online, you’re overseas – then you will have to comply with these rules as regards European users. That means, for all intents, you’ll have to implement data protection and privacy measures, period.
This may drive business from Europe, at least businesses for whom an Internet presence is also an element; at least that’s the theory. It’s certainly true that the previous round of laws were designed to encourage Internet growth; now the shoe’s on the other foot. How do you implement a “right to be forgotten”?
The new Regulation signals that the tide has turned. The 1995 Directive focused on building the online economy, and favouring businesses large and small to expand and grow, while the 2012 Regulation will reverse the fortunes for businesses and focus on European end users.
Internet companies will have to seek explicit consent from its users to use data about them, including when it is being collected, told for how long it will be stored, and for what purpose it is being used for.