[flower-giraffe]

The tech governance issue here is that a commercial organisation used personal information provided for an unrelated purpose for political lobbying without consent.

Presumably some of the many recipients of the email are both US voters and EU residents with dual citizenship.

In that case would this be a breach of the GDPR?

[kayge]

Yea there didn't seem to be much filtering of the email recipient list... I saw a handful of people on Twitter that said they received the email even though they're not even US Citizens. GDPR violations seem likely.

[aleris149]

I am an European citizen employed by a subsidiary of an US company and I received that email. Definitely a GDPR violation.

[cmdshiftf4]

Neither I nor the company I work for are American (both Euros) and yet every one of us in the company, many thousands globally, have received this email today.

Thankfully it seems to have went directly to spam, as I had to look to find it, but the point remains.