The EU's strict data laws have set the global benchmark for protecting personal information online since coming into force a year ago, but some worry that many users have barely noticed the change. The "General Data Protection Regulation" (GDPR), launched on May 25 last year, enhances the rights of internet users and imposes a wide range of obligations on companies, including that they request explicit consent to use personal data collected or processed in the European Union.
The EU has billed it as the biggest shake-up of data privacy regulations since the birth of the web, saying it sets new high standards as the world seeks closer scrutiny of tech giants like Facebook, Google and Amazon. It has also prompted other authorities around the world to strengthen their own data laws.
The US state of California, home to global tech haven Silicon Valley, last year adopted stringent data legislation largely inspired by the GDPR. Japan meanwhile has worked with the EU to finalise common rules to offer its citizens an equivalent level of data protection as the GDPR.
And Australia plans to significantly strengthen sanctions against companies that breach data privacy rules, following the EU's lead - the GDPR allows fines of up to four percent of a firm's turnover. But the transition has not always been easy - companies inside and outside the EU have spent a total of hundreds of millions of euros to comply with the regulations.
Much of this has gone to upgrading how firms handle the vast amounts of data streaming in every day. "Many companies face a major problem: their IT system was designed around providing services, but not around the data, which is constantly duplicated in all directions, sent to multitudes of providers and suppliers," said Gerome Billois, an expert at the IT service management company Wavestone.
He added that 31 percent of companies fail to implement the GDPR's "right to be forgotten" - which allows people to have their personal data deleted - because "they don't know precisely where the data is". But Jean-Michel Franco of the French software company Talend says the industry is now "starting to get up and running" in implementing the GDPR.
However several campaign groups that defend the rights of internet users say that the GDPR's lofty goals are still a long way from being reached. The main difference that most EU internet users notice under the GDPR are consent banners that pop up as they access a website. Many users simply give their consent in the quickest way possible rather than asking for "more information" and being led into a maze of dense information and further questions. A recent study of one urban transport website found that nearly 80 percent of users simply clicked the "accept all" button to move onto the site as quickly as possible.