GDPR

A comprehensive data privacy regulation enacted by the European Union in 2018 that governs how organizations collect, store, process, and share personal data of EU residents. GDPR establishes key principles including consent (users must actively agree to data collection), the right to access (users can request their data), the right to erasure ("right to be forgotten"), data portability, and privacy by design. For accessibility technologies that process personal visual data—such as image description services and visual assistance apps—GDPR has significant implications: companies must clearly communicate what visual data they collect, how long they retain it, whether they use it to train AI, and whether they share it with third parties. Non-compliance can result in fines up to 4% of annual global revenue.