BY STEVE DINNEN
About those emails popping up from European companies you do business with: They’re for real. And they reflect a further tightening by the European Union on how those businesses will use information they have collected from you when you buy a flight with a European airline, or book a hotel room, or even attend an opera in Italy and buy your seats online.
Europe’s GDPR — General Data Protection Regulation — was updated last month, prompting the privacy notices. News sources say the intent is to give European citizens better control over all the data that’s currently collected during online transactions. The new policies require companies to be explicit in their efforts to seek consent from consumers before collecting their personal information. Companies also have to give consumers easy access to their own data, and to delete that data if the customer requests it (it’s called the right to be forgotten). And importantly, companies have to notify users within 72 hours of any data breach.
This is way ahead of where American companies are, and could serve as a useful guideline for them. U.S. firms that do business in Europe have to adopt GDPR, but not for their stateside operations.
