- EU Data Protection Directive
- Very aggressive pro-privacy law.
- Organizations must notify individuals of how their data is gathered and used.
- Organizations must allow for opt-out for sharing with 3rd parties.
- Opt-in is required for sharing “most” sensitive data.
- No transmission out of EU unless the receiving country is perceived to have adequate (equal) privacy protections; the US does NOT meet this standard. EU-US Safe Harbor, optional between organization and EU.