A North American retailer is expanding its operations to Europe, targeting individuals aged 20 to 40 in Spain, France, Belgium, and Germany. The retailer aims to create detailed customer profiles for personalized recommendations. Which two regulations must the company adhere to in this expansion?