Digitalization at the point of sale is advancing inexorably. Whether it’s digital menus in restaurants, welcome screens in corporate lobbies, or information displays in hotels—digital display systems are highly efficient tools for customer communication. However, one key factor is often overlooked when selecting the right technology: data protection. Many of the systems used worldwide come from U.S. providers. What may seem convenient in practice often turns out to be a legal gray area—or even a direct violation—when viewed through the lens of the European General Data Protection Regulation (GDPR).
Differences in Data Protection Between the U.S. and Europe
The primary reason why U.S. software often causes problems in Europe lies in the fundamentally different legal approaches to data protection. While the GDPR in the European Union protects an individual’s right to informational self-determination as a fundamental right, the U.S. takes a commercial and security-oriented approach.
As soon as digital signage software processes data—whether it’s just the display device’s IP address, telemetry data, or personal data collected when a user logs into the dashboard—it must comply with strict EU regulations.
For U.S. companies, however, national laws such as the FISA (Foreign Intelligence Surveillance Act) or the CLOUD Act apply. These laws require American IT providers to grant government authorities access to stored data even if the servers are physically located in Europe. From the perspective of European data protection, this does not provide an adequate level of protection.