In March 2014 the European Parliament passed the General Data Protection Regulation (GDPR). This places an obligations on companies anywhere in the world that store and process data held on EU citizens.
Some of the provisions of the legislation include:
Like previous attempts by the European Parliament to legislate on data privacy (The Cookie Law, for example), the GDPR is well intentioned but half-baked.
However, the working reality of the GDPR over the last 6 months appears to be that individuals receiving negative reviews or commentary are using the legislation to ‘erase history’. The recent case of a concert pianist using the GDPR to remove a negative review in the Washington Post shows how this ruling is currently doing more to protect fragile professional egos than it is to protect citizens from their teenage faux-pas.
Meanwhile, most businesses (etailers included) are still failing to provide a means for customers to control the data being held about them. This would be a more useful application of the GDPR ruling, anything that helps customers manage the recommendations they receive would be a good start.