The European Union's new data privacy rule, which went into effect last week, is the reason your inbox has been a mess for the last month, and it just might change how the internet works for better.

In the week since the European Union’s General Data Protection Regulation, or GDPR, came into effect, websites have been scrambling to figure out how they should handle people’s information.

And it looks like no one really knows how to get the new law under their belt, even the EU themselves.

On Wednesday the British newspaper The Telegraph was sent evidence by tech site Individual detailing how the EU’s website is serving the residential addresses and names of people who attended one of their workshops and conferences in 2016. Even in a world before everyone began having privacy policy meltdowns, it seems like a serious oversight from the very people trying to curtail the internet’s exploitative attitude to data. Despite the European institution being exempt from the new laws “for legal reasons,” they’ve said they’re aiming to mirror the legislation as close as possible.

According to research by the Ponemon Institute back in April, half of the 1,000 companies surveyed said they wouldn’t be compliant in time for the May 25 deadline. But the reason why everyone is scrambling around like headless chickens is that whichever company the EU decides to penalize will surely be made example of. Fines for large companies go up to 4 percent of global annual turnover, and if you’re a mammoth of industry that can amount to millions.

Since the birth of targeted advertising and cookies, there’s rarely been a right-way to collect people’s data, which has led to everyone doing it differently. It’s why our inboxes are an assortment of bribes to opt-in to newsletters and privacy policy updates.

Until we figure out what these laws look like in practice, sites like The Los Angeles Times and Chicago Tribune have decided to block access to European users, whereas NPR are serving a stripped back version of their site for readers across the pond. Even the Chinese smart lightbulb manufacturer YeeLight has stopped users from accessing their own lightbulbs.

The problem lies with the fact that we’re only just dealing with the issue of data protection now, and trying to retrofit lofty guidelines on the wild west of the web is opening up a compliance minefield. Writing in The New York Times, anthropology and information science professor Alison Cool detailed how the law is one big mess. In a classic case of chicken or egg, it’s incredibly difficult to manage developing technology while simultaneously setting a precedent for how it should behave moving forward.