MAY 25th marks the deadline for companies to comply with the General Data Protection Regulation (GDPR). The law, passed two years ago by the European Union (EU), requires firms to take better care of their customers’ data. Meeting its requirements is a tall order. To pass muster businesses have to appoint a “data-protection officer”, conduct impact assessments, ensure that customers provide explicit consent to use their information and give them the ability to inspect, correct or delete their records. The regulations apply even to companies outside of the EU that deal with European consumers.

In the past, companies with sloppy approaches to data have been able to count on their customers’ lack of interest in cybersecurity which, perhaps surprisingly, has dwindled over the years despite a succession of hacking scandals. The share of people around the world asking Google about faulty passwords, email spam and computer viruses has plummeted since 2004, when the first data are available. For instance, searches for “privacy”, or the equivalent in other languages, have declined by about 50%. Google shows a brief spike in interest about data breaches in September 2017, when Equifax, a credit-reporting agency, admitted that hackers had stolen the personal information of about 143m people. Yet that failed to set off even a flicker in searches about privacy. That has changed in the past two months: queries about the topic have climbed to their highest level since 2006. One cause might be rising interest in GDPR. But searches about privacy stayed flat even though web traffic about the EU’s new regulations grew between June 2017 and March 2018. A more plausible explanation for the recent increase is anxiety about companies themselves exporting their entire inventories of customers’ online activity.

Users have been aware of this issue before. Concerns about Facebook caused a spike in privacy-related searches in September 2015, when rumours circulated about the social network charging users to keep their details private. But worries rose even higher in mid-March when news broke that Cambridge Analytica, a campaign consultancy, extracted information for at least 87m Facebook users in 2014. Unlike previous scandals, this latest one seems to have had a lasting impact.