Chicago Journal of International Law


In October of 1998, the European Union Data Privacy Directive ("Directive") became effective. Consistent with Europe's serious approach to consumer privacy, the Directive mandates that Member States adopt the most rigorous privacy legislation the world has seen. The specific requirements of the Directive are complex, and I have discussed them in some detail in another article. Very generally, the Directive places obligations on data collectors and provides rights to data subjects. The most significant of these protections from a global privacy perspective is the Directives "opt-in" approach, which presumes an expectation of data privacy as the default position, and (with certain exceptions) allows the processing of personal information only if "the data subject has unambiguously given his consent." [CONT]