So cookies are not the major issue: then what are the important components? For the US, the most important issue seems to be on the security side, as US and state regulators try to prevent hacking and release of potentially personal information. One of the problems with the US is that security is handled by the states. And the US first amendment freedoms create issues with the EU’s laws.
The EU comes at privacy and security by emphasizing the privacy side — the right of individuals to control their own data, and a prohibition against collecting data without a “legitimate purpose.” It also provides no threshold for the right to be forgotten, which is in direct conflict with the freedom of speech guarantees in the US.
If you then throw in the Brexit, the UK, which is the center of digital publishing and advertising in the EU, would have much to do complying on the one hand with US regulations and on the other with EU laws, especially when dealing with so many other potentially difficult issues.
Thus, the UK is expected to ignore the Brexit for purposes of data privacy and security, and throw its lot in permanently with the EU. It makes little sense to do otherwise, as for the next two years the UK will have to go along with everything the EU is doing to get ready for the new regulation anyway.
Moreover, companies that offer cloud-based services, no matter where they are based, will have to comply with the most stringent regulations or face fines.
What do these new regulations mean for publishers and marketers? Well, for starters the new regulations are predicted to create 28,000 new Chief Privacy Officer jobs over the next two years. Both publishers and marketers will have this window of opportunity to figure out how to serve their own ends and still operate within the EU’s GDPR.