Angst over the use of data on individuals in the United States for marketing and political purposes has led many to suggest that the European Union’s new General Data Protection Regulation provides a regulatory model that the US should emulate.
Any discussion of this issue must be grounded in a substantive understanding of the GDPR’s requirements which are much more extensive than most commentators have described. I don’t believe that anyone is attempting to gloss over the scope of the regulation - rather, the damn thing is 88 pages long, far too much for most of us to assimilate in one sitting. Just because I was curious, I did a comparison of word counts and the regulation (I’ll start referring to it as the GDPR) is 7 times longer than the US Constitution.
So the purpose of this post and the next is to provide the detail necessary to understand it. And the thing is - IT’S NOT JUST ABOUT CONSENT.