Modern conventions of privacy date back only as far as the industrial revolution, when society adopted the concept of individual and familial privacy, and political and legal visionaries began to introduce the concept of privacy as a right. Since then, and over decades of technological advancement, society’s expectations and rules about personal privacy have been on a rollercoaster of change. Today, lawmakers around the world are working to catch up to the vast expanse of digital data and how to govern and limit its commercial use with regard to consumer privacy. The activation of the General Data Protection Regulation (GDPR) in Europe earlier this year, and the emergence of similar laws in China, Latin America, Australia and even some U.S. states, have become the latest evolutions in the long-running privacy paradox.

To date, the extent of enforcement we’ll see under GDPR is still in development. The UK Information Commissioner’s Office, which is generally considered the most active EU regulator to date, lists 189 actions on its website and the business sectors impacted span marketing, health, financial services, government and others. Actions include enforcement notices, monetary penalties and prosecutions.