The EU laws are a disaster when you actually have to look at implementing them.

Background: I work for a marketing company, and I've spent a great deal of my time acting as the company conscience when it comes to how we treat data about people. Recently I've been logging a lot of time around one of our global customers and complying with EU laws.

To give you just one example, standard practice in the US is that when a consumer asks not to be sent any future mail/email/marketing material their name is added to a suppression list. Any time from then on that marketing material is sent out the mailing list is bounced against the suppression list and consumer names are removed as appropriate.

To comply with EU law it appears (there are a lot of interpretations of what the law says even within the EU) that if a user asks to stop receiving future mailings all information about them needs to be deleted. If they ever end up back on the list (a friend signs them up as a joke or whatever) the company is liable for sending them marketing materials EVEN THOUGH WE'RE NOT ALLOWED TO KEEP A LIST OF PEOPLE NOT TO SEND TO.

Sorry for the shouting, but this particular wrinkle is causing me lots of pain right now.
posted by ToasterKing at 9:35 AM on March 28, 2001

Implementation aside:

The Bush administration is pressing European regulators to weaken proposed privacy standards for consumers, saying that the current blueprint would make it difficult for U.S. financial institutions to conduct business abroad.

This kind of whinge, as they pull out of the Kyoto agreement? Tough shit. I imagine the EU's reply will contain two words, second word "off".

ToasterKing: I'm sure that the UK's Data Protection Act allows you to keep name/address data (and that's all), just for that purpose. Or there are independent bodies (the Mail Preference Society) to police direct mailing. Anyway, the EU directive, in its usual opaque way, seems to offer a few ways out: good luck.
posted by holgate at 12:04 PM on March 28, 2001