Connect with execs from The New York Times, TIME, Dotdash Meredith and many more
Do non-EU companies have to adhere to the new stringent EU privacy laws? You betcha, said EU commissioner Viviane Reding on Wednesday. Any company that is active within the 27-nation region of the EU or even possesses a digital product line targeting an European audience must adhere to EU standards. The rules go a lot farther than American Do Not Track initiatives, proposing eventual criminal penalties for standards violations, imbuing the EU with the right to determine which consumer data is “sensitive” and necessitates protection and which does not.
The EU initiative will also create national watchdog agencies across Europe to investigate and launch national and EU-wide legal proceedings, presumably with the possibility of civil damages awards against violators. “A U.S.-based social network company that has millions of active users in Europe needs to comply with EU rules,” stated Redding in her speech. “Privacy standards for European citizens should apply independently of the area of the world in which their data is being processed.” This places EU edicts firmly on American shores, raising concerns that the EU is overreaching just a tad in terms of jurisdiction. Here are some key elements of the EU proposals and how they may impact non-EU companies.
The new EU rules will attempt to adapt to new technologies. That means that cookie-less targeting may be impacted. Companies must begin to integrate a clear opt-in policy for any “borderline” marketing strategy that may possibly be categorized as “targeting.”
The new EU rules will attempt to force automatic “personal information breach” notification systems on data collection companies. In this scenario, if an errant cookie slips by, the user must be instantly notified and companies might face potential legal proceedings from the consumer and possibly the watchdog organization.
The new EU rules may also require that your company’s internal data management policies be placed under EU scrutiny for adherence to their standards. That means that your privacy policy needs not only to be solid, but it has to deal with a range of eventualities that, at least for now, don’t really exist in America. That might include pre-existing consumer accounts which before the new EU standards did not require consent for banner placement, but now do. It’s crunch time, but not the end of online advertising. Read the original privacy proposal here.
More in Media

Three publishers’ workforce diversity reports show DEI efforts remain sluggish
Overall, staff diversity at The New York Times, Hearst and Condé Nast has either marginally improved or stalled in 2024, according to their annual workforce diversity data this year.

Retail media meets publishing: News UK, Future and Ocado tap clean room tech for smarter data targeting
News UK, The Independent, Immediate Media and Future are teaming up with retail media network Ocado to test clean room-powered data matching.

From sidelines to spotlight: Esports events are putting creators center stage
Esports events’ embrace of content creators reflects advertisers’ changing priorities across both gaming and the wider culture. In the past, marketers viewed esports as one of the best ways to reach gamers. In 2025, brands are instead prioritizing creators in their outreach to audiences across demographics and interest areas, including gaming.