In February, social media platform Facebook was involved in a data scandal of gigantic proportions. The perpetrator was Cambridge Analytica, a political consulting firm in the U.K. that specialized in data harvesting and analysis. The company was found to be harvesting and selling the account information of some 87 million Facebook users to politicians who in turn used it to influence voter opinions.

The allegations ignited a firestorm of controversy that led to the downfall of Cambridge Analytica and put Facebook firmly on the defensive. Not only was Facebook founder and CEO Mark Zuckerberg called before a congressional hearing, but he was also grilled across the pond by European Parliament. The fallout from this scandal has been ongoing, and it has raised fundamental questions about privacy in the social media age.

That’s where GDPR comes in.

Many Americans might not have heard of the General Data Protection Regulation, because at the moment it’s only an E.U. initiative. But that could change (and soon) if these new consumer privacy measures (which took effect on May 25th) are adopted in other nations. GDPR ensures that companies must first receive consent from people before sharing their social media data online. Companies took silence as implied consent they could share such data before this issue came to light.

Every marketer working today should sit up and take notice of this looming reality. Because in Europe, companies that now engage in once-legal data harvesting practices are at serious risk.  If found to be in violation, they could be subject to millions of dollars in fines as well as losing a healthy slice of their profits.

Here are some of the other ways GDPR will change the marketing landscape if the new regulations are implemented worldwide.

It would take a brick to the window of social media advertising

If these new regulations become the law of the global land, it will fundamentally reshape social media marketing. In many cases, these changes will be for the better, but try telling that to Facebook. Before the European GDRP came into effect, Zuckerberg moved the account info of millions of users from servers in Ireland to the United States, where such data would be free of regulations (for the moment).

The specific reasons he did this we may never fully know, but it isn’t hard to read between the lines. Facebook’s ad revenue has been growing steadily since 2004, to the point it now represents a staggering 20% of the global advertising market. That equals hundreds of billions in revenue generated by, among other tactics, mass data mining. It’s no wonder Facebook’s CEO wants to protect this very lucrative status quo. The trillion-dollar question now is, will future regulations cut off all Zuckerberg’s escape routes and leave him with nowhere safe to store Facebook user data?

It would result in a ban on automated decision making

To glean what the GDPR portends for Europe, marketers will want to look closely at Article 22 of the regulations. This is potentially the most explosive provision because it puts marketers on a collision course with the GDPR right at the intersection of advertising and technology. All those emerging trends and tools that marketers have in their arsenal—AI, machine learning, automation software—would be upended if these regulations are adopted worldwide.

The actual definition of “automated decision making” (at least according to the GDPR) can seem a bit nebulous, so it’s worth taking a look at in closer detail. For example, all “normal” data-processing activities are still allowed under the guidelines. That means non-automated data profiling (segmentation, customer profiling based on human decision-making, etc.) is still allowed. However, using algorithms for predictive analytics, and having marketing automation software make decisions on how to drive inferences and target ads, well, that’s prohibited under the GDPR.

Article 22 states subtly but clearly that consumers have certain rights, including the right not to be the subject of mass automated data harvesting. This all goes back to consent—any further automated decision making will only be allowed if the data subject gives explicit consent.

It would make data portability the law of the land

Another article worth noting is Article 20 because with this provision, in Europe at least, it ensures an individual’s right to data portability. It expressly affirms the right of an individual to request a copy of all of his or her electronically stored data and transfer it from one controller to another.

So, what does that mean in practical terms? As an example, let’s say you wanted to cut ties with one music streaming service and use another. Before, if you wanted to request all the data your current streaming service has on you (playlists, listening history, etc.), you had to go through a cumbersome bureaucratic process. If GDPR moves beyond Europe, those hurdles would be lifted and you would now be free to obtain and transfer your data at will.

Obviously, this is a boon for individuals, but what it means for businesses isn’t so clear… yet. Critics say that system incompatibility between data controllers could make transfers a nightmare process. Then again, optimists say that loosening data lock-ins could give newer, smaller businesses a level playing field where it concerns their larger competitors. We’ll have to wait and see how it all plays out in Europe before we know for sure.

Behavioral data collection would give way to contextual marketing

So with social media advertising and automated decision-making now in flux (or outright banned) in Europe, what’s the alternative? What do marketers in the U.S. do if these regulations take over the world? The most likely scenario is that marketers will go all in on contextual advertising.

Some internet companies, like Quora, have already implemented contextual advertising. This is the process of analyzing consumer behavior based on their real-time actions as opposed to creating customer profiles. For example, a customer shares an article about Hawaii, and advertisers spring into action and display ads offering a deal on vacation packages to Oahu. Or maybe someone is reading an online review about a movie, and then Netflix marketers present an ad saying it’s available on their streaming service.

Sure, contextual marketing is a hair trigger tactic that keeps advertisers on their toes. It’s not easy. But in this 21st century digital world, technology won’t be slowing down anytime soon. Regardless of what happens with GDPR, marketers everywhere will have to adapt or die.

Conclusion

We’ll have to wait a while to see the net effect GDPR has on European consumers, and what that portends for the rest of the world. The optimistic prediction is that marketers adapt to these new regs and it becomes beneficial to advertisers and social media users alike. Then again, another prospect is that the world does indeed pick up the brick and smash social media advertising as we’ve come to know it. Time will tell.