General Data Protection Regulation
The General Data Protection Regulation (GDPR) is an extensive set of regulations in the European Union on how personal information is collected, stored, and used. It also defines what should be considered personal information. All companies which do business in the European Union are required to comply with its requirements, or be fined. This law was confirmed by the EU Parliament on April 14, 2016, with the set enforcement date of May 25, 2018. It is intended to give citizens control over their personal information. Among the parts of this law, are the "right to be forgotten" (individuals can demand that their private data be deleted), and a requirement for deliberate and obvious consent from individuals before their private information is collected and stored.
Some feel that this law is a significant step towards individual privacy and by extension, freedom. Others see this as an overly-restrictive and poorly defined law, which leaves too much to interpretation. Regardless, it has had a sweeping impact across the globe, as international companies from a variety of countries (including the United States) have needed to make changes in the way they do business as a result of the GDPR.