Can European Privacy Law Affect USA Business?

by | Aug 29, 2023 | Uncategorized | 0 comments

Did you know? ChatGpt was unavailable in Italy for about a month and Meta was recently fined $1.2 billion, as each company did not comply with GDPR. 


What is GDPR? 

The General Data Protection Regulation (GDPR 679) is the toughest privacy and security law in the world. Though it was drafted and passed by the European Union (EU), it imposes obligations onto organizations anywhere, so long as they target or collect data related to EU citizens. The regulation was definitively put into effect on May 25, 2018. The GDPR will levy harsh fines against those who violate its security standards, with penalties reaching into millions of euros. In addition, there is also the possibility of your website being blocked by European Data Protection Authorities (DPAs).

Google, Amazon, and Meta (both for Facebook and Instagram), have received fines for tens of millions of euros, but even British Airways, HeM, and Marriott Hotels have been sanctioned for misapplication of GDPR. Some US news organizations had problems in 2018 because they were also not compliant with regulations. 

Instead of adopting proper GDPR regulations, some companies have simply blocked access from the EU. To visit websites that are blocked in your country, you can find online suggestions for using VPN solutions.


What should you know about data privacy? 

Web pages release cookies and through them, owners can get ID navigations data. This knows where readers are from, the time spent on single articles, banners opened, and so on. It is a perfect way to profile readers and use data, without proper consent of users. In some cases, they even sell to third parties, suppliers, or advertisers.


Why do we want to protect our personal data?

–        First of all, we need to remember that our personal data is not limited to our name, mail, mobile, and home address. All our preferences about food, clothes, and lifestyle are data that can be profiled on the internet through algorithms. For example, the kinds of food I buy can lead an individual or organization to know if I’m vegetarian or Jewish. The medicine I buy can reveal if I’m diabetic or have other diseases, and can even assist in identifying my age. And, Zoom has biometric data of my face and my voice.

–        Second point. Have you ever fully read a regular privacy policy on a company’s website? You can find that a click could mean “your data and information will be shared with our best partners to offer you a better navigation experience.”

In a digital world where people are more connected than ever, Europe is signaling its firm stance on privacy and data security. More and more people are entrusting their personal data with cloud services and independent platforms.

The European legislator has consequently established that anyone who comes into possession of personal data of users, clients, and even mere visitors of their own website must protect and handle them lawfully, without engaging in unauthorized use.

Unfortunately, security breaches are now becoming a daily occurrence and your personal data is worth more than gold and oil. In fact, it is the world’s most stolen asset ever.


What does this mean for US Companies? 

If you want to offer services and products in the EU and the United Kingdom, you must ensure you comply with the GDPR regulations. European Privacy Agencies receive dozens of complaints daily from citizens (Data Subjects according to GDPR), associations, or from competitors assuming violations of GDPR. 

Data Protection can be a serious issue but not impossible to face for all US Companies that want to be present in the European Union, UK, and Switzerland. Yes, Switzerland also enacted a law that implements the principles of the GDPR.

Remember that all subjects dealing with personal data are reviewed according to the GDPR Data Processor and they must follow a few basic principles to respect Privacy By design and By default of GDPR. A good, customized Privacy Policy and Cookie Policy (copy/paste could be a great mistake) are the first steps to guaranteeing the rights of Data Subjects as well as respect lawfulness, purposes of limitation, and minimization of the use of Data. 

Even a US company can respect EU Law and offer an ethical service to its customers. By doing this, every company can guarantee added values: digital trust and a better digital reputation.


Author: Gianni Dell’Aiuto – Attorney; Data Protection Officer

Gianni Dell’Aiuto, a corporate and business lawyer and privacy consultant. Born in Tuscany in 1965, he graduated cum laude in law from the University of Siena, and has been practicing law since 1994. Currently based in Rome, he has always been deeply involved in corporate and internationalization of companies.

Over the years, Gianni’s focus has shifted towards privacy, personal data protection, and the European GDPR regulations. He provides expert assistance to companies and professionals in managing data protection.

In addition to his previous accomplishments, Gianni Dell’Aiuto has authored a book and numerous articles on data protection. His literary contributions delve into the intricacies of safeguarding personal data and the challenges posed by the digital age. Furthermore, he has served as a keynote speaker at various conferences, sharing his expertise and insights on privacy matters with diverse audiences.

Through his study of personal data and human behavior online, Gianni has authored two books that explore the emergence of the “new man” born alongside the internet, where a smartphone acts as an extension of one’s hand. He aptly named this phenomenon “Homo Googlis.”


Submit a Comment