Europe is sliding into digital dependency. Under the leadership of European Commission President Ursula von der Leyen, EU regulations aimed at controlling big tech companies have been either ignored or postponed, apparently to avoid upsetting Donald Trump. Now, leaked documents show that the European Commission intends to weaken a key component of Europe’s digital regulations. This move will harm Europe’s innovators and surrender the continent’s technological independence to American corporations.
The General Data Protection Regulation (GDPR), once hailed as Europe’s landmark legislation, is now under threat. Influential voices within the European Commission, backed by the German government, believe that loosening regulations will stimulate Europe’s tech industry, especially in artificial intelligence. This is a serious miscalculation.
China’s DeepSeek, which has amazed the AI community in the past year, developed under much stricter legal conditions than Europe’s. China’s rigorous pre-deployment regulations seem to have had no negative impact on its leading AI innovations.
Europe’s issue isn’t an excess of AI rules but rather its tendency to celebrate them while failing to implement them consistently. This is why companies like Google, Meta, and Microsoft dominate Europe’s market. Evidence from a U.S. court reveals that Meta operates with minimal data restrictions, using information provided for one service, like social media, to support unrelated business areas, including intrusive advertising. This practice enables Meta and similar firms to build overlapping monopolies that control multiple sectors.
Meta’s unrestricted data use violates GDPR’s basic “purpose limitation principle,” which states that data collected for one purpose shouldn’t be automatically used for another. Enforcing this single rule alone could dismantle the dominance of major U.S. tech firms. GDPR includes other principles with similar disruptive potential, but Europe’s persistent failure to enforce them has allowed these companies to solidify their control, leaving no room for European innovators to grow.
Rather than addressing this strategic error, the commission is planning to dilute GDPR. One proposed amendment would let companies declare their AI training data legal without having to meet GDPR’s strict verification standards. This leniency would legitimize years of improperly acquired data by Google, Meta, OpenAI, and Microsoft, making it impossible for European rivals to compete. Instead, these U.S. firms should be made to follow the law as it stands.
Another proposed change would reduce protections for sensitive personal data. Since social media algorithms depend on this type of information but often misuse it, this adjustment would leave children across Europe more vulnerable to harmful content on platforms like TikTok, Snapchat, and YouTube, which can promote self-hatred, self-harm, and suicide. Again, the solution is better enforcement, not deregulation.
The commission is right to be concerned about the annoyance of constant consent pop-ups for Europeans. Here, too, enforcement is key. Applying GDPR properly to online advertising firms would address the widespread data misuse at the industry’s core, making most consent pop-ups unnecessary.
These proposed changes are legally problematic. Much of what the commission is planning conflicts with the EU’s fundamental rights charter and rulings from Europe’s highest court. The commission also plans to use a questionable procedural tactic to bypass required impact assessments and avoid democratic review by the European Parliament.
GDPR is Europe’s most powerful tool against digital monopolies, harm to children, and foreign political interference. Weakening it now, especially with the looming influence of Donald Trump, would cement Europe’s status as a digital subordinate of the U.S., a playground where American companies reign supreme and U.S. interests override European standards and values.The commission must urge key EU member states to enforce the GDPR. Ireland is particularly important, as it hosts the European headquarters of most major US tech companies—except for Amazon, which is based in Luxembourg. Ireland’s track record on enforcement has been poor, and it recently appointed a former Meta lobbyist as its data protection commissioner. However, there is a way to compel Ireland to fully and proportionately apply the GDPR to these firms: through a vote at the European Data Protection Board.
Enforcing Europe’s data regulations would not only safeguard our democracies and children from harmful algorithms but also weaken big tech’s expanding monopolies across the continent. Crucially for Europe’s competitiveness, this would create opportunities for European tech SMEs and startups to grow throughout the region.
When it comes to the future of Europe’s privacy laws, the commission should approach big tech’s claims about AI and their calls for deregulation with greater skepticism. Recently, 73 scientists wrote to Ursula von der Leyen, urging her to retract her statement that AI will achieve human reasoning by 2026. Prudence requires the commission to be cautious about altering laws based on what could be a risky speculative bubble. The reality is that large language models remain highly unprofitable; last year, they generated an estimated $235 billion in revenue but cost around $1.5 trillion to develop and operate.
Policy should not be driven by a blind faith that deregulation will always spur innovation. Enforcing the GDPR against major US firms is the solution to the issues the commission has identified. While it’s easy to understand the commission’s intentions, they must be pursued through more careful means. Europe also needs to do more to protect its democracy from being undermined by US social media algorithms. However, the recently leaked “democracy shield” proposal includes no new measures to address this. In this critical time, Europe should not weaken its most effective tool against US tech dominance. Instead, it must enforce its laws, defend its sovereignty, create room for innovation, and demonstrate that democracy can hold Silicon Valley accountable.
Johnny Ryan is the director of Enforce, a unit of the Irish Council for Civil Liberties. Georg Riekeles is the associate director of the European Policy Centre.
Frequently Asked Questions
Of course Here is a list of FAQs about the statement The EU has allowed US tech giants to operate unchecked Weakening our data protection laws will only strengthen their dominance
BeginnerLevel Questions
1 What does operate unchecked mean in this context
It means that these large tech companies have been able to grow and conduct business in Europe without sufficient regulation oversight or consequences for practices that could harm competition or misuse user data
2 What are the main EU data protection laws being referred to
The primary law is the General Data Protection Regulation which is one of the worlds strongest data privacy and security laws giving individuals control over their personal data
3 Why would weakening data protection laws strengthen big tech companies
Strong data laws like GDPR create compliance costs and limit how companies can collect and use data Weakening these laws removes those barriers making it easier and cheaper for large companies to grow while making it harder for smaller competitors to catch up
4 Can you give me a simple example of how this works
Imagine a rule that says no one can take a photo without permission This protects everyone If you remove that rule a large company with thousands of cameras can photograph everyone freely to build a powerful business while a small startup cant compete Weakening data protection is like removing that permission rule for the digital world
5 Whats the risk for me as an individual if these laws are weakened
You could have less control over your personal information This might lead to more targeted ads increased spam higher risk of data breaches and your personal details being used in ways you didnt agree to like for political manipulation or price discrimination
Advanced Detailed Questions
6 Hasnt the EU fined tech giants under GDPR How are they unchecked
While the EU has issued significant fines the process is often slow and the finesthough largecan be seen as a cost of doing business for trilliondollar companies Unchecked refers to the ongoing ability of these firms to dominate markets and acquire potential competitors before they become major threats despite the fines
7 What specific practices are considered unchecked dominance
These include
