Happy #GDPRDay!

Over the last few months, you’ve probably been inundated with emails begging you to re-subscribe to a mailing list or letting you know about an updated privacy policy. Ever wonder why? It’s because the General Data Protection Regulation (GDPR) is going into effect in the European Union (EU) and, as a result, companies around the world have had to re-approach how they handle personal data.

The GDPR, grounded in the recognition of privacy as a fundamental human right, represents a fundamental change in the relationship between internet users and the data they create and leave behind. It sets baseline rules for any company that handles data belonging to EU citizens. It also places limits on how companies can gather and use personal data—giving rights to Europeans that we simply don’t enjoy here in the United States.

Beginning today, companies (even those located in the U.S.) must obtain affirmative, opt-in consent to track European internet users. Europeans can also demand that companies correct inaccurate information about them, provide their data for download so they can take the data to another service and even erase their data (subject to some stipulations).

We support the push for a strong baseline privacy law in the U.S. Thankfully, as the GDPR applies equally to both EU and non-EU businesses, U.S. citizens may benefit from the new rules and regulations as companies streamline compliance efforts. In the meantime, we are joining 25 privacy advocacy organizations to call on some of the country’s largest companies (including Amazon, Facebook, Google, Walmart and JPMorgan Chase) to commit to extending all of the GDPR protections to everyone.

So happy GDPR Day! Congratulations to privacy advocates in the EU, and thank you from the rest of us who will benefit from these new rules. We can and should demand more from our elected officials in the U.S.—the GDPR proves that companies can and will adapt.