In privacy scholarship and ‘big data’ engineering circles, much is being made about the EU’s General Data Protection Regulation (GDPR). It is probably the strongest regulation passed protecting personal data in a world of large-scale, global digital services. What makes it particularly fearsome is the extra-territoriality of its applicability. It applies to controllers and processors working in the EU whether or not the data processing is itself being done in the EU, and it applies processing of data whose subjects are in the EU whether or not the controller or processor is in the EU. In short, it protects the data of people in the EU, no matter where the organization using the data is.
This is interesting in light of the fact that the news is full of intimation that the EU might collapse with the result of the French election. Prediction markets currently favoring Macron, but he faces a strong contender in Le Pen, who is against the Eurozone.
The GDPR is scheduled to go into effect in 2018. I wonder what its jurisdiction will be once it goes into effect. A lot can happen between now and then.