Since the mid-1990's the EU has been a leader in the effort to establish individual rights in personal data.  In particular, a 1995 Directive on protection of personal data (95/46/EC) established a fundamental right of an individual to control the collection and use of information about themselves. The keystone of that right was a requirement that express, affirmative consent must be given before data about EU member state citizens' data could be collected and processed by anyone, anywhere.

The Internet was just beginning to flourish in the mainstream consciousness around the time that the 1995 EU Directive reached a critical milestone—the date upon which the various EU member states were expected to implement the principles of the Directive in their national laws. This was an awkward step forward, since it left member state legislatures handling many of the nuances and edge cases of the right of data protection. As a result, there were delays in implementing the 1995 Directive, and—more importantly—there were many, many variations in each member state's implementation. While Europe had certainly taken a step forward in terms of unifying itself around a fundamental right of individual privacy, those faced with the t...