The General Data Protection Regulation (GDPR) in the EU has arrived and it’s giving more control to users on how companies handle their personally identifiable information (PII). On the eve of GDPR launch, nearly two-thirds of Americans responded that they have ignored, opted out immediately or put their consent off until later, according to a survey conducted by Research Intelligencer and Pollfish.

U.S.-based companies have been scrambling to get permission from users because of the liability of processing any data from EU citizens. The legislation sounds logical in theory, but it’s going to present challenges for many brands and media companies.

Here are some possible effects of the GDPR:

Duopoly
The duopoly known as Facebook and Google controls 80% of digital spend in the EU. While legislators have been trying to control the dominance of the duopoly, the GDPR is not set up in a way to break them down. Věra Jourová, the EU justice commissioner, took a trip to Silicon Valley and expected Facebook and Google to be nervous. Instead, “they were more relaxed, and I became more nervous,” she told The Wall Street Journal. Consumers are dependent on the daily use of apps such as Facebook, Gmail, YouTube, etc., and have opted in to share their data to be able to use these apps. The barriers to entry have now become even more challenging for smaller firms that don’t have that dependency from their users. GDPR could be the end for many smaller digital firms that can’t keep up with the expense of complying with the new regulation while strengthening the duopoly.

Single Sign-On (SSO)
Single sign-on allows users to use one set of login credentials to access multiple applications. To comply with GDPR across multiple publishers or sites, European markets could establish a single sign-on strategy to access content. The idea would be to give people the option to opt-in for data-driven advertising across multiple sites. IAB Europe has already released a GDPR Transparency and Consent Framework that can be implemented through a Consent Management Provider (CMP). Google does plan on joining the IAB Framework which is a critical next step for the effort.

Micropayments
If the top publishers have to ask for consent, there could be a major drop in programmatic volume, which means less money for publishers. The new regulation may spur a new model for the online experience. Instead of the exchange of personal data for free internet, there might be micropayments to access content. Facebook has been tossing around the idea of an ad-free subscription model. Brave has also introduced a blockchain-based form of cryptocurrency known as the Basic Attention Token (BAT). This allows consumers to effectively make micropayments to publishers. While subscription-based models have been explored in the past, it is becoming more relevant now with more privacy regulations.

We can’t predict if these unintended consequences will or won’t happen, but we know that consumers continue to feel that their personal data should be protected. GDPR should be a good thing in the long run, helping companies gain trust back from consumers.