Answer to Question 1
TRUE
Answer to Question 2
In Europe, privacy protection is much more stringent than in the United States. Unlike the United States, European countries do not allow businesses to use personally identifiable information without consumers' prior consent. On October 25, 1998, the European Commission's Directive on Data Protection went into effect, broadening privacy protection in the European Union (EU) nations. The directive requires companies to inform people when they collect information about them and disclose how it will be stored and used. Customers must provide their informed consent before any company can legally use data about them, and they have the right to access that information, correct it, and request that no further data be collected. Informed consent can be defined as consent given with knowledge of all the facts needed to make a rational decision. EU member nations must translate these principles into their own laws and cannot transfer personal data to countries, such as the United States, that do not have similar privacy protection regulations. In 2009, the European Parliament passed new rules governing the use of third-party cookies for behavioral tracking purposes. These new rules were implemented in May 2011 and require website visitors to give explicit consent to be tracked by cookies. Websites are required to have highly visible warnings on their pages if third-party cookies are being used. In January 2012, the EU issued significant proposed changes to its data protection rules, the first overhaul since 1995. The new rules would apply to all companies providing services in Europe and require Internet companies such as Amazon, Facebook, Apple, Google, and others to obtain explicit consent from consumers about the use of their personal data, delete information at the user's request (based on the right to be forgotten), and retain information only as long as absolutely necessary. In 2014, the European Parliament gave strong support to significant changes in privacy policies by extending greater control to users of the Internet. Although the privacy policies of United States firms (in contrast to the government's) are largely voluntary, in Europe, corporate privacy policies are mandated and more consistent across jurisdictions. Among the changes being discussed are a requirement for firms to inform users before collecting data, every time they collect data, and how it will be used. Users would have to give consent to any data collection. Other proposals call for users to have a right of access to personal data, and the right to be forgotten. The right to be forgotten was upheld by a European Union court in 2014, and since then, Google has had to respond to more than 200,000 requests to remove personal information from its search engine.