Terms such as harvesting, fishing and mining have been for many centuries associated with human interaction with nature as we endeavoured to sustain ourselves and to generate wealth. More recently they have become notorious euphemisms employed by organizations, both for-profit and non-profit, in their unquenchable thirst to collect data about almost everything and everyone. In the digital age data collection has become painfully easy, and we are relentlessly preyed on by those who attempt to affect our behaviour through following us from behind our screens. This presents a genuine threat to our privacy, because so many of our economic, social and political activities, even issues regarding our health, are done electronically. What we read, where we shop, where we travel and whom we communicate with are the object of snooping by companies, market and political research organizations and governments. Eventually, in 2016 the European Union got around to addressing this dangerous and irritating phenomenon, setting very strict rules under what is known as the EU General Data Protection Regulation (GDPR) that will come into force later this month. For many months now, companies and organizations all over Europe have been racing to comply with the GDPR’s demands. The massive fines attached to any violation of the new privacy regulation have been an incentive for them to devise training programmes for managers and employees, for fear of being caught and obliged to pay fines that might end in bankruptcy. There is no doubt that such regulatory legislation and enforcement are absolutely necessary. For too long the power balance of possessing data tilted towards the big organizations at the expense of the individual’s privacy. Even if some of the data collection is ostensibly harmless, it has left most people feeling uncomfortable, knowing that someone is always peering over their shoulder. It feels as if there is no separation anymore between what one’s private life is and what is legitimate for others to know. There are too many organizations that thrive and profit from collecting data. Frighteningly, there is something Frankenstein-like out there, where every computer or mobile phone user has been turned into a participant in some sort of global experiment in which big organizations are trying to mould our behaviour to suit their needs – sometimes more subliminally, sometimes less so. Data miners, harvesters and phishers have been taking unacceptable liberties by invading our privacy and making a mockery of the very concept. This is what led EU legislators to attempt to harmonize data privacy laws across the continent, with the declared aim “to protect and empower all EU citizens’ data privacy and to reshape the way organizations across the region approach data privacy.” Although not always easy to understand and implement, the new regulation is unforgiving to whoever might not comply with it. Organizations can be fined up to 4 percent of annual global turnover for breaching the GDPR, up to a maximum €20 million – enough to force them to close, or at least push them to the brink. While the EU has shown the way in terms of applying its power to introduce such a regulation, the real challenge will be in implementing this new code of conduct with the necessary determination. Yossi Mekelberg A key element of the GDPR is ensuring that users are aware, understand and most importantly consent to the personal data collected about them. For too long companies and other organizations have hidden behind our quick clicking to accept “terms and conditions,” to spy on us. If we are honest with ourselves, we usually don’t bother to read what we agree to, until it becomes relevant, but by then there is not much that we can do about it. Under the GDPR, those who harvest or mine data have to be transparent and accountable. Earlier this year, when the Facebook/Cambridge Analytica scandal hit the headlines, we became aware of some of the sinister facets of the intensive harvesting of data from our use of social media, and how it can be commercialized for both economic and political gain. Were it not for a few tireless Guardian journalists, we might never have known how this deplorable collusion between a social media giant and an unscrupulous research organization worked to influence two of the most profound political episodes of recent times, namely Brexit and the election of Donald Trump. In both we now know that voters were targeted after their activity on Facebook was followed and analyzed – and needless to say, without their consent. Consent and awareness are the key words, as we move quicker and deeper into a digitalized world. It makes us all exposed and vulnerable to those who are in constant pursuit of information, and even worse, to those who can use it to manipulate it to their advantage. But while the onus of abiding by the new regulation is on those who collect data, it won’t replace the need for us to become more knowledgeable about the threats to our privacy in providing online information, and to exercise caution in our relations with virtual reality. Moreover, while the EU has shown the way in terms of applying its power to introduce such a regulation, the real challenge will be in implementing this new code of conduct with the necessary determination. As it stands now, one of the major flaws of the GDPR is that no single authority will oversee its implementation. It will be loosely co-ordinated by national and regional watchdogs across the 28-nation bloc. Worse, not enough resources have been put in place and legislation in different parts of the EU hasn’t been consistent, while the start date is looming closer. As always, technology, and in this case information technology, is moving at a faster pace than our ability to adapt our behaviour and protect our values. The GDPR is a vital test for our societies: will they be able to protect individuals and their privacy from the data-thirsty monsters who are happy to invade it mercilessly for their own profit and benefit, or will they resort to accepting that privacy is a thing of the past? Yossi Mekelberg is professor of international relations at Regent’s University London, where he is head of the International Relations and Social Sciences Program. He is also an associate fellow of the MENA Program at Chatham House. He is a regular contributor to the international written and electronic media. Twitter: @YMekelberg