New European Union rules on data protection have now come into effect.
The General Data Protection Regulation (GDPR) gives EU citizens more rights over how their personal information is used.
Companies working in the EU – or any association or club – must now get express consent to collect personal information, or face hefty fines.
The measure is an effort by EU lawmakers to limit tech companies’ powers.
Lawmakers in Brussels passed the new legislation in April 2016, and the full text of the regulation has been published online.
Misusing or carelessly handling personal information will bring fines of up to 20 millions euros ($23.4m;£17.5m), or 4% of a company’s global turnover.
In the UK, which is due to leave the EU in 2019, a new Data Protection Act will incorporate the provisions of the GDPR, with some minor changes.
All EU citizens now have the right to see what information companies they have about them, and to have that information deleted.
Companies must be more active in gaining consent to collect and use data too, in theory spelling an end to simple “I agree with terms and conditions” tick boxes.
Companies must also tell all affected users about any data breach, and tell the overseeing authority within 72 hours.
Each EU member states must set up a supervisory authority, and these authorities will work together across borders to ensure companies comply.
The new chair of the European Data Protection Board Andrea Jelinek told the FT they expect cases to be filed “imminently”.
“If the complainants come, we will be ready,” she said.
Ireland’s data regulator Helen Dixon also spoke to the newspaper, saying the country is ready to use “the full toolkit” against non-compliant companies.
Both Facebook and Twitter have their EU headquarters in Ireland.
A data headache
By Kevin Connolly, BBC Europe correspondent
Millions of email inboxes all over Europe filled in recent weeks with messages from anxious companies seeking explicit permission to continue sending marketing material to and collecting personal data from their customers and contacts.
The new rules govern not just the collection and storage but its sale and exploitation for marketing – some companies based in the United States have decided to stop trading in the European Union at least temporarily rather than risk falling foul of the new law.
Members of the European Parliament (MEPs) see themselves as global leaders in a battle to reduce the power of giant internet technology companies and restore a degree of control to citizens and their elected representatives.
The new rules come amid growing scrutiny about how major tech companies like Google and Facebook collect and use people’s personal information.
Facebook founder Mark Zuckerberg faced questions from MEPs earlier this week about his company’s collection of data.