The legend of El Dorado is one of high promise that never come to be; rumours of a land filled with precious gold met with failed expeditions set up to find it. Neither the Spanish, nor the English, could claim success in locating such wonders, and it thus remained a fanciful dream which would never come true.

The narrative relating to today’s most valued resource is very different. The great data juggernauts of modern times not only managed to find the promised lands, but also basked in all its glory. Facebook, Google and many others have managed to generate billions of dollars from the fruits of vast amounts of information in an unprecedented fashion. Yet surely, just as with El Dorado, this story has to be too good to be true?

But alas it is not. While social media companies reek the benefits of the data-age, users appear to have been left behind and in some ways neglected. The recent Cambridge Analytica case, which involved the collection of personal data in a questionable manner, was just one of many instances evidencing such an imbalance.

As such, vague, extensive and jargon-filled privacy policies have proven to be of little help in informing users as to what will happen to their data once they have so easily given it away. But the Cambridge Analytica case will likely not cause users to siphon their data and delete their Facebook accounts en masse. There is plenty of evidence that people want to be part of the various digital services which have come into existence during the modern age, which includes social media apps among others. What consumers want, as Steve Jobs articulated at a technology conference in 2010, is to know, unequivocally, what they are signing up for.

The General Data Protection Regulation will be a good start at achieving such transparency. Its provisions, on the surface, appear to be strong and coherent enough to create an environment in which data can be processed fairly and ethically. The rules and conditions in relation to user consent will be of particular importance in achieving this.

The Regulation provides that social media companies, and others, can only process user data with the consent of the user. Such consent has to be given freely and clearly, and is required for every instance of processing which takes place. The data that is subsequently obtained can only be processed for the purposes conveyed and no other. Furthermore, the consent requires a positive opt-in, meaning pre-ticked boxes will fall short.

The new laws also specify that it needs to be explained to the user exactly what the data is being processed for, who is processing it and where it may be transferred to. Such information must also be provided in clear and plain language; terms and conditions littered with legal-jargon will no longer suffice.

These provisions, in combination with others, will provide a thorough framework in which data processing will no longer be a murky operation. The GDPR will help consumers have a much clearer understanding of what personal data is being used and for what purposes. The critical consequence of such clarity is that users will no longer have to resort to expressing a passive and unconvincing acceptance to incomprehensible agreements just to get to the digital services they crave.

This may, of course, make it slightly harder for social media companies to collect and process data. This was evidenced by an attempt by Evernote, makers of the popular note-taking app, to implement machine learning capabilities into its services last year. It was swiftly rebuffed when users become aware of the privacy implications this would have, forcing the company to abandon its plans.

Thus, for social media companies like Facebook, the task will be to make offers to users that are genuinely worth their while. It will become even more imperative that such companies are able to put forward lucrative deals for users that will make them want to provide their data. This, in turn, will reveal the true value of data in a way that had not been realised before. That data could be harder to come by with the introduction of the GDPR will encourage social media companies to acknowledge and appreciate the inherent worth of the 21st century’s most sought-for resource.

The days when social media companies were able to loll in a sea of data that it had so effortlessly garnered are now dwindling as they are faced with guards at the gate and a revolt of the populace. The explorers may have found the promised lands, but enriching themselves in all its treasure will no longer be a forgone conclusion.