Searching for smart, safe news you can TRUST?

Support safe, smart, REAL journalism. Sign up for our Axios AM & PM newsletters and get smarter, faster.

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Searching for smart, safe news you can TRUST?

Support safe, smart, REAL journalism. Sign up for our Axios AM & PM newsletters and get smarter, faster.

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Denver news in your inbox

Catch up on the most important stories affecting your hometown with Axios Denver

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Des Moines news in your inbox

Catch up on the most important stories affecting your hometown with Axios Des Moines

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Minneapolis-St. Paul news in your inbox

Catch up on the most important stories affecting your hometown with Axios Minneapolis-St. Paul

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Tampa-St. Petersburg news in your inbox

Catch up on the most important stories affecting your hometown with Axios Tampa-St. Petersburg

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Illustration: Sarah Grillo/Axios

The emails cluttering your inbox this past week with privacy settings updates are happening for a reason: A sweeping new European data privacy law goes into effect today that is having a profound impact on American businesses.

Why it matters: The General Data Protection Regulation (GDPR), which the European Commission passed more than two years ago, was at first largely ignored by U.S. companies and regulators. But it's now becoming the global standard for how businesses mine and use consumer data, in part because of recent data breaches and scandals, like Cambridge Analytica's misuse of Facebook data.

The big picture: American companies are bracing for the market impact of the new privacy standards, while Europeans are celebrating them as a part of a years-long push to better protect citizen's privacy.

How we got here: Europe's data privacy push stems from cultural trends, dating back to World War II and the Holocaust, that favor individual privacy over government or corporate powers.

  • Specifically, laws under the Nazi regime worked to strip the privacy of Jewish people to undermine their businesses and seize their wealth, like requiring Jews to register their property.
  • As a result of these atrocities, fear of government and corporate abuse of personal data is widespread in Germany, and is reflected in cultural norms. For example, only 37% of Germans use social media but 86% have internet access, according to Pew Research Center.

What it means for U.S. consumers: You'll get many more notifications from companies with details about how they're using your data, and direct requests to share your data with third parties or partners.

  • When you sign up for a service, you typically provide your name and email address, and maybe a phone number. But modern companies know much more than that about you: They track how you interact with their websites and platforms, how often you click on certain things, and where you go on the web afterward.
  • More visibility: With GDPR in place, you can now access that data to see what, exactly, different services and companies know about you.
  • In the U.S., it's a sea change for consumer privacy, said Justin Antonipillai, CEO of Wirewheel.io, which helps companies comply with the new rules. "Understanding how you're interacting with these companies has a chance to change how people think about their privacy."

What it means for businesses: Europeans tend to favor individuals when it comes to data ownership, while Americans tend to favor companies. As a result, we have let data-driven business in the U.S., like Google and Facebook, grow to become some of the biggest economic powerhouses in the world by selling consumer data to marketers.

  • The new European law will hinder that practice dramatically, by requiring that companies have a lawful basis for processing personal data. The rules also streamline data collection practices, making it harder for sketchy data vendors to collect data from users in an obscure fashion.
  • Companies around the world are spending millions of dollars to comply, which is creating a new market for privacy consulting. Non-compliance could result in daily fines of €20 million or 4% of global annual revenue in the prior year, meaning that if these companies don't get their data compliance practices together, it could be devastating to their businesses.
  • Compliance with the new rules is already being baked into business arrangements. For example, before establishing a relationship with a third party, many companies are contractually requiring partners to certify that they are GDPR compliant.

Big vs. small: Some of the biggest U.S. tech firms have the most to lose because they collect the most data, but they are also the most likely to be able to afford compliance measures. (Microsoft, for example, has hired 300 engineers to handle the job.)

  • Small businesses, meanwhile, worry that the law, which was written somewhat vaguely to address broad use cases, will have an unintended effect of strengthening some of the data powerhouses that have the money to pay for compliance measures, while strangling smaller businesses that don't.
  • In an interview with Axios, U.K. Secretary for digital, culture, media and sport Matt Hancock suggested regulators (at least within the UK) are willing to be flexible with enforcement early in the process for small businesses, and that they are more focused on cracking down on companies collecting data for nefarious purposes.

Go deeper

Caitlin Owens, author of Vitals
39 mins ago - Health

What overwhelmed hospitals look like

A healthcare professional suits up to enter a COVID-19 patient's room in the ICU at Van Wert County Hospital in Ohio. Photo: Megan Jelinger/AFP

Utah doctors are doing what they say is the equivalent of rationing care. Intensive care beds in Minnesota are nearly full. And the country overall continues to break hospitalization records — all as millions of Americans travel to spend Thanksgiving with friends and family.

Why it matters: America's health care workers are exhausted, and the sickest coronavirus patients aren't receiving the kind of care that could make the difference between living and dying.

Felix Salmon, author of Capital
59 mins ago - Economy & Business

Southwest CEO: "You should fly"

The official guidance of the CDC says that "postponing travel and staying home is the best way to protect yourself and others this year."

  • Southwest Airlines CEO Gary Kelly, however, took the opposing position when he was interviewed by "Axios on HBO." "You should fly," he told me, adding that "we need to have as much commerce and business and movement as is safe to do."

Cárdenas: Democrats need to be more "culturally competent" to win

Photo: Paul Morigi via Getty Images

Rep. Tony Cárdenas (D-Calif.), who's running for chair of the Democratic Congressional Campaign Committee, told "Axios on HBO" that the DCCC needs to change "overnight" and his colleagues need to be more "culturally competent" if they want to be successful in the next election.

Why it matters: House Democrats are confronting what went wrong and what their party needs to change after they failed to expand their House majority and President Trump expanded his support among Latino voters.