This month marks the three-month anniversary of when the EU’s General Data Protection Regulation came into effect. While the law has largely remained the same since 2018, the environment in which it is being applied has evolved considerably. At the “Legal and Technical Perspectives on Data Privacy and Data Protection” session at the second day of the  Relativity Fest London virtual conference, privacy experts took stock of some of the most pressing challenges—and opportunities—facing the GDPR and the broader EU data privacy regime.

From the long-term impact of Brexit to the Schrems II decision, and how Americans’ view on the EU regulations are evolving, it’s clear the impact of EU privacy laws is still yet to be determined. Here’s three reasons the crystal ball isn’t clear when it comes to these regulations.