I teach classes for the Rutgers Business School Executive Education, so I cross paths with savvy digital marketers on a constant basis. I have been asking them the same question for the last three years, “If people are really getting creeped out by the way marketers are sneaking around with their data, how come no one has started a business around data privacy?” And I never really got an answer that I understood. Not once.

The basis for my question is that most students in the class were unnerved by Google reading their emails and Facebook knowing who their friends are, but no one ever quit Google or Facebook. Why? Because no good alternative existed. At least that’s what they told me.

But I wanted to understand why. Why does no good alternative exist?

If everyone is so excited about lack of privacy, why hasn’t some clever entrepreneur made one? If everyone is creeped out by the data they are giving up, why haven’t companies taken a pledge to never misuse your data, to get rid of it when you ask, and do it quickly and without complaining?

Well, I always thought that was a market opportunity, but it isn’t any more. That is now the law of the land because GDPR requires that of any company that wants to do business with a European citizen–which is just about any company bigger than your local pizzeria. For those caught unaware, The EU is now enforcing the General Data Protection Regulation to limit what companies can do with data about people and to increase each person’s right to control their data.

Because we as marketers would rather compete with each other to grab every piece of data we can, rather than serve our customers, GDPR happened. Because it was easier to sneak another paragraph into the terms and conditions than to do the right thing, GDPR happened. Because some clever Cals took advantage of every possible technology to identify people, even IP addresses, GDPR happened.

So where are we now?

I have had to send emails in the last month to everyone on my Christmas Card email list asking them to opt back in. Now, you might think this is overkill (and several respondents asked me if this was a joke), but I am deadly serious about it.

Some have asked me, “Are you really worried the the European Union is going to sue little old you?” No, I am not. But I work with many large companies as clients, and guess what they wrote into their latest contracts with me? That I promise to comply with GDPR and that I will allow them to inspect our procedures and audit our compliance at any time. So that well-meaning language leads us down the road of asking my Christmas Card list to opt back in.

It didn’t have to come to this.

Marketers deserve GDPR because of the way they have rapaciously used every sliver of data they could get their hands on. Maybe not all of you did it. But enough of you did (and almost none of you swore off the practices) that eventually a government (a kind of important one at that) decided that regulation was the only thing you would listen to. And so now you have it.

And I have heard people complain that enforcing GDPR will “break the Internet.” But that won’t happen. The EU is smarter than that. What will happen is that every court case will clarify what it means until the greedy marketing data beast has been driven back. If you thought that we could pull a fast one on all of our customers forever, well the backlash has begun, and with it, marketers again appear to be low-life manipulators who would sell their own mother for another point of revenue.

I’m sorry that this happened, but I have to admit that I am not surprised. I have been asking about this for years.