The European Union’s “General Data Protection Regulation,” or GDPR, went into effect at the end of May, to great international fanfare. At long last, a multilateral organization was seriously taking on the challenge of protecting privacy in the digital age. The patchwork quilt of national laws, ranging from aggressive privacy protection to nothing at all, has been predictably ineffective in the multi-jurisdiction online world. While regulation always comes with risks, it has become clear in recent years that cyberspace demands public measures to keep users safe and corporations accountable.