The headlines about the trade wars being touched off by President Trump’s new tariffs may telegraph plenty of bombast and shots fired, but the most consequential war being waged today is a quieter sort of conflict: It’s the new Cold War over data protection. While the Facebook/Cambridge Analytica crisis currently burns as the latest, hottest flare-up in this simmering conflict, tensions may increase even more on May 25, 2018, when the European Union’s General Data Protection Regulation comes into effect.

The Cold War I grew up with pitted Western capitalist democracies, led by the United States, against Communist dictatorships, led by the Soviet Union, in a contest for world domination. Two worldviews competed against each other on a global stage. The contest was ultimately won not on the battlefield, not by armies, but by the sheer productive capacity of the West. Capitalism triumphed by providing TVs and cars and political freedoms to an expanding middle class, while communism foundered on its inability to offer any such prizes. The society that offered the most to its citizens ultimately won the day.

Combatants in the new Cold War are fighting over the currency of the modern age: personal information. The battles are over who controls data. Vying against each other are those societies that believe that individuals have an absolute right to control their personal data—to exercise the same kind of dominion over data that they do over their bodies or their personal property—and those that believe that personal data is a good to be traded on the open market and thus subject to the same market forces at play elsewhere. May the most innovative, efficient company win.

WIRED OPINION ABOUT Tom Pendergast is the Chief Strategist at MediaPro, a cybersecurity and privacy education provider. He has a Ph.D. in American Studies from Purdue University.

The EU stands firmly for the interests of the individual. The regulatory language of the GDPR cogently expresses its view, harmonizing data protection rules throughout the EU and requiring that any company, anywhere, must respect the data rights of EU citizens, or face stiff penalties. Europeans must provide positive consent for the ways their data is used, and they have the right to access and erase that data, as well as the “right to be forgotten.” In the opposite corner sits the United States and the giant US corporations that trade in personal data for profit, and whose practices have expanded largely unchecked. One ideology puts the control of personal data in the hands of the individual, the other cedes that control to the corporation. (A third approach is state control of data, which is emerging as China’s social credit system, though that remains as yet an internal policy.) But these differing views about data protection cannot jostle for dominance for much longer. As trade grows increasingly global, it’s becoming clear that personal data crosses borders far too easily for contrasting models to co-exist.

Now, weeks before the GDPR goes into effect, the evidence is mounting that the EU’s approach will dominate. One good measure of this dominance is the speed with which countries around the world are recognizing the supremacy of the EU data protection standard by adopting models that align closely with the GDPR. The number of countries that have attained official EU recognition of the “adequacy” of their standards grow steadily; South Korea and Japan will join the list soon. For their part, EU leaders are clear in their intent. “We want to set the global standard,” Věra Jourová, the European commissioner for justice, told POLITICO last year. “Privacy is a high priority for us.” And so it must also be for those who wish to trade with this powerful economic bloc.

Even in the United States, there are signs of movement toward embracing higher standards for data protection. The United States offers a program, called Privacy Shield, that enables American companies to certify that their data protection practices meet EU standards (though this program is questioned by privacy purists in the EU). And some of the most trusted US corporations go to great lengths to respect the data rights of people in other countries (see the recent Microsoft case before the Supreme Court). Likewise, individual states establish GDPR-like laws for their citizens (see New York’s recent cybersecurity regulation). The sheer volume of companies that are willingly modifying their data protection practices, at great cost, to become “GDPR compliant” should be evidence enough that there is appetite in the US business community for the certainty of a unified data protection regime.