There are a few kinds of data that are most susceptible to the EU’s General Data Protection Regulation (GDPR).

In a Q3 2018 survey of 227 senior marketing executives worldwide conducted by CMO Council and SAP, 54% of respondents said they anticipate that they’ll no longer be able to use behavioral data like web browsing data and search histories if they want to stay compliant with the GDPR. About half indicated that third-party data and email addresses may not be safe to use under GDPR.

The GDPR went live in May and states that people’s data can only be used if they give a company explicit permission. Companies found to be in violation of the GDPR face a fine of €20 million ($22.1 million) or 4% of global revenues (whichever is greater).

To comply with the GDPR, Google made it easier for people to delete their search and browsing data. Another reason why behavioral targeting may be less reliable under GDPR is that many companies collecting behavioral data have not obtained user consent to do so.

Using behavioral data to serve a single ad to a user often involves dozens of tech vendors. Most users aren’t aware of the many vendors that process their data. If regulators are strict about forcing these behind-the-scenes companies to obtain user consent, then targeting ads with behavioral data becomes more of an uphill battle for marketers. Like so many other possible outcomes regarding the GDPR, the future reliability of behavioral data will come down to how regulators choose to act.