The European Union has one of the strongest attempts globally to regulate the collection and use of personal data by both governments and the private sector. In the digital age, everything a person does online generates or implicates data that can be highly revealing about their private life. Under the EU regulations, companies must ask for consent before collecting or using a person’s data. It’s illegal for them to reveal someone’s racial or ethnic origin, political affiliation, religious beliefs, or union membership, as well as data about genetics, health, and biometrics — fingerprints, facial recognition, and other body measurements. How the EU differs from the United States is that anyone can ask a company what personal data they hold about them free of charge and then request that it be deleted. The EU regulation gives people in EU member states more control over their personal data, including what information they turn over, how it is used, and with whom it is shared. The EU regulation imposes stiff penalties for organizations that violate its terms. For example, a company can be fined up to $23 million or 4% of annual global revenue for non-compliance, whichever is larger.