Businesses, whether legitimate or illegitimate, have long been gathering detailed information about consumers so that they can use it for advertising or fraud, while consumers had no choice but to sit back and watch it happen with a sense of helplessness. Until recently, this was acknowledged as the status quo, but things are changing as we enter a new era. With the advent of new regulations in the European Union (EU), consumers can take back their power. Regulations such as the General Data Protection Regulation (GDPR) and the second Payment Services Directive (PSD2) mean that consumers have more choice over when and how companies collect their data, as well as how they pay for goods and services online.

What Do the Regulations Mean for Consumers?

In summary, GDPR gives European consumers more control over their personal data and the information organizations can collect on them, while also setting out regulations to better protect this information. Specifically, GDPR stipulates that “opt out” measures are not good enough if an organization wants to gather and share information about its consumers. Instead, consumers must now “opt in” if they agree to share their information or receive communications, and they can also expressly state whether they consent to their data being shared with third parties.

PSD2 is not a new concept; the regulatory ...