The issues raised throughout this article show how there is a potential loss of European business for USA web-based and data processing businesses.
The EU has debated for years with the US Congress the perceived lack American uniformity in privacy legislation. They argue that we have 50 state laws on the subject and a myriad of court interpretations. The EU has passed a "Privacy Directive" effective Oct, 1998. A directive is binding on the Member States as to the results it seeks to achieve, leaving discretion to the Member States as to how to achieve these goals, usually by national legislation.

The EU has, as of January 1, 1999 established the EURO as he currency of exchange between the world and the member states' 200 million -  populace economic force.

This Directive provides in part as follows:

• The member EU states may not allow transmission of personal data to any country that does not have certain "certifiable" privacy standards for e-data.
• The EU nations can require a country to enact privacy rules that they have adopted or transmission of personal data can be restricted or blocked.
• The standards include:
• The provision of a privacy notice:
• That the personal data input by a user may be modified.
• That a user may delete the data.
• The Directive is applicable to electronic data processing and manual processing of personal data as far as personal data form or are going to form part of a filing system (Art.3.1.).
• Personal data is defined as "any information relating to an identified or identifiable natural person ('data subject'); an identifiable person is one who can be identified, directly or indirectly, in particular by reference to an identification number or to one or more factors specific to his physical, physiological, mental, economic, cultural or social identity; " (Art.2.a.).
• The directive provides for a "controller" to monitor the transmission of data. This seems impractical at best.
• Member states may adopt exemptions typically for religious and charitable, arts uses.
• Where there is a real commerce problem is the defined rights of data "subject":
• Data subjects have a right to object to the processing of their data at any time on compelling legitimate grounds if the processing was only based on the legitimate reasons like being "necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller or in a third party to whom the data are disclosed "
• Legitimacy as prescribed by Art.7.e is being "necessary for the purposes of the legitimate interests pursued by the controller or by the third party or parties to whom the data are disclosed, except where such interests are overridden by the interests for fundamental rights and freedoms of the data subject which require protection.
• However, such objection is not possible "where otherwise provided by national legislation."
• This right to object has a specific importance in the area of direct marketing where the data subject may object to "processing of personal data relating to him which the controller anticipates being processed for the purposes of direct marketing or to be informed before personal data are disclosed for the first time to third parties or used on their behalf for the purposes of direct marketing, and to be expressly offered the right to object free of charge to such disclosures or uses." (Art.14.b.)
• An important Exemption exists: No such right to object exists if such a decision "is taken in the course of the entering into or performance of a contract, provided the request for the entering into or the performance of the contract, lodged by the data subject, has been satisfied or that there are suitable measures to safeguard his legitimate interests, such as arrangements allowing him to put his point of view; or [if such a procedure] is authorized by a law which also lays down measures to safeguard the data subject's legitimate interests." (Art.15.2.a. and b.)