LONDON — There’s just over a month before Europe’s new privacy standards come into force, and the back-slapping has already begun.

Under the EU’s General Data Protection Regulation, or GDPR, the recent Facebook data scandal would not have happened, according to Vĕra Jourová, the bloc’s justice commissioner. U.S. lawmakers — until recently not the biggest fans of Europe’s tough stance on data protection — now speak publicly about mimicking the Continent’s new privacy rules.

Even Mark Zuckerberg, Facebook’s chief executive, says his company will apply some of the upcoming standards across its digital empire of 2.2 billion users worldwide.

But for those hoping this privacy upgrade will end all the public’s fears about the misuse of data by companies and governments — sorry, that’s not going to happen.

We shouldn’t expect too much from these privacy laws, even if they are fast becoming a global standard. For one, the rules rely on relatively unknown national privacy regulators to enforce them as much as on reluctant businesses to comply with them.

“Data protection may be a luxury of the few” — Katherine Getao, Kenya’s Ministry of Information

Many existing data collection practices, including the widespread harvesting of people’s online information, will still continue when these new standards kick in on May 25.

And the regulatory burden, particularly for companies outside of Europe selling their wares in the region, will likely ratchet up.

Higher standards will make it harder for anyone other than the most deep-pocketed multinationals to compete for business in a world where failure to adhere to Europe’s privacy rules could carry a hefty cost — up to €20 million or 4 percent of companies’ global revenue, whichever is higher.

“Data protection may be a luxury of the few,” said Katherine Getao, ICT secretary in Kenya’s Ministry of Information, Communications and Technology. “We’re just at the stage of getting data into digital formats. All of the investments spent on preparing for Europe’s standard means there won’t be money left for anything else.”

Great power, great responsibility

For Europe’s new privacy rules truly to have teeth, privacy regulators will have to be willing to bite. And most of their track records show little willingness to do so.

These agencies, according to officials from several authorities, who spoke on condition of anonymity because they were not authorized to speak publicly, said the recent Facebook data scandal has helped raise awareness about their beefed-up roles.

But, they admitted, EU national watchdogs still face an uphill struggle to come to grips with their expanded regulatory role at a time when most of their budgets are still relatively small and they remained, on average, understaffed.

Previously, such limitations wouldn’t mean much because national data protection agencies were far from the public eye. Fines for wrongdoing — and some of these watchdogs didn’t even have that power — represented a mere slap on the wrist for companies’ misuse of personal data.

But now that financial penalties could reach billions of euros for the most egregious violations, corporate lawyers are prepared to go to battle to protect their clients.

The higher stakes will expose almost all EU privacy regulators to a greater level of legal scrutiny than they are accustomed to, as well as lengthy cases and legal appeals that could make Google’s decade-long standoff with the European Commission’s antitrust authority look like a walk in the park.

“They’ll have to prepare for a lot more pushback from the organizations that they’re investigating,” said Ot van Daalen, a professor at the University of Amsterdam. “The stakes will be a lot higher.”

New rules, same data collection

Europe’s expanded privacy standards also will do little to stop companies from harvesting personal data.

Data-hungry industries are now worth hundreds of billions of euros each year, and mass-collection of information has become central to the financial future of firms ranging from Facebook and Google to Siemens and Volkswagen.

Under the new rules, people will have greater control over how their information is collected and used, allowing them to pull consent from companies that collect their data for one purpose, but which then want to use it for something else.

But that doesn’t mean individuals will be given carte blanche over “free” digital services that rely on selling advertising based on people’s online habits.

Most of the general public know next to nothing about the upcoming data protection revamp.

They will still have to hand over their web histories, contacts details and other identifiable information — digital data, it should go without saying, that lies at the heart of the recent Facebook scandal.

Even the social networking giant, which faces global regulatory demands to clamp down on how much data it collects on its users, won’t be turning off the tap.

Stephen Deadman, the company’s global deputy chief privacy officer, said that while people in Europe will soon be asked more frequently to give consent for how their data will be used, Facebook is based on — and funded by — using that information to offer users a tailored online experience, including online advertising that people will not be able to opt out of.

“Serving people targeted ads helps to fund the service,” he said. “That’s critical.”

GDPR: Reinforcing the status quo?

In the build up to May 25, Europe has eagerly trumpeted its new privacy standards as both good for consumers and companies, ensuring everyone who wants to do business on the Continent must play by the same rules.

But most of the general public know next to nothing about the upcoming data protection revamp. And the extra regulatory burden may cement the dominance of a few deep-pocketed companies with the financial resources to comply with the regulation, which even its biggest cheerleaders admit will put a significant burden on companies, big and small.

The likes of Google, Facebook and the world’s largest financial institutions, for instance, spent years investing in new compliance structures and hiring hundreds of new lawyers, coders and designers to make sure they would follow the letter of the upcoming law.

Many startups and small non-tech businesses have been unable to make similar investments, and are hoping that they will fly under authorities’ radar as they struggle to bring their data practices up to snuff.

It’s true that Europe, and the wider world, needs new privacy laws designed for the online age. But it will be best to save the congratulations around the region’s revamped data protection standards until we see how such rules can be enforced, and whether they alter behavior of people and companies alike.

If history has taught us anything, it’s that any new legislation — even the most well-meaning — leads to unintended consequences. There’s no reason to think that Europe’s privacy overhaul will be any different.

Mark Scott is chief technology correspondent at POLITICO.