The first major government crackdown on Facebook and big tech in the wake of the Cambridge Analytica scandal and growing concerns about data privacy isn’t going to come from [...] Washington. Instead, it’s likely to come from Europe. 

On May 25, Europe will enact the General Data Protection Regulation or GDPR... The law requires companies to be transparent with what information they’re gathering and why... 

The law will put data privacy and protection at the center of technology design...

What the law does, essentially, is unify rules for how companies handle European citizens’ data, expand the scope of what personal data is, strengthen transparency and consent conditions, and set specific penalties for enforcement...

In the case of the GDPR [...] there’s a risk of putting too much weight on the shoulders of individual users to figure out what to allow to happen with their data. “To the extent that the EU has barreled forward with consent being the key, in this environment when we can’t really know what’s being collected about us all the time and what’s being used, putting the onus on a person to use judgment to allow or disallow something could be problematic...