Just looking at the German Competition Authorities decision around Facebook and their interpretation of the use of Consent. That will have a big impact.
Whilst I’m no big fan of GDPR (overhype and under delivery so far versus what could have been), it does seem that by the time of the first anniversary of it going live that the regulation will be starting to show its teeth and have some real impact.
The problem with that is it will probably take a decade to deliver real improvement, and even that will only be on the ‘defence’ side of personal data capabilities. That is to say, a ten year to eliminate the bad stuff which just should not be happening.
So far the regulators seem to be ignoring the more enabling the ‘offence’, ie the more enabling aspects such as data access and data portability.
Of course one could argue that it is not the regulators job to build out positive capability on the side of the individual. I would argue otherwise; if more bandwidth was put on the positive side of what individuals could do with proper access to their data then a lot of the bad things would go away more quickly. Nodding towards data access and data portability and then doing nothing about clear failure to deliver helps no one;