In the whirlwind discussion surrounding artificial intelligence, the foundational concept of the “data economy” has, perhaps unfairly, been pushed to the background. Yet its scale and significance within Europe remain formidable. Recent studies commissioned by the European Commission reveal a data market valued at over €115 billion in 2025, with projections soaring to €148 billion by 2030. Even more impactful is the broader data economy, which accounted for 2.6% of the EU’s GDP in 2019 and was anticipated to reach €500 billion by 2025. These numbers underscore that data is not merely a technical resource but a core pillar of European economic vitality. However, for the many European companies trying to harness this potential, the path to growth is fraught with systemic obstacles that stifle innovation and global competitiveness.
The primary hurdles are rooted in the practical application of the landmark General Data Protection Regulation (GDPR). While its intent to protect citizen privacy is laudable, its execution has created a fragmented and uncertain landscape for businesses. The GDPR’s exceptionally broad definition of “personal data,” combined with differing interpretations across the EU’s 27 member states, leaves companies navigating a patchwork of regulations. The European Data Protection Board (EDPB) offers guidelines to bridge these gaps, but these recommendations are non-binding and can take years to formulate, providing little concrete safety for companies. This imbalance disproportionately affects smaller European enterprises, which lack the vast legal resources of multinational giants to challenge rulings or manage compliance across borders, effectively penalizing homegrown innovation.
This regulatory complexity has sparked a movement for simplification within the EU institutions, a movement often misunderstood and met with deep skepticism. When the European Commission proposed a “Digital Omnibus” package aimed at streamlining data rules, some privacy advocates and political factions portrayed it as a concession to U.S. Big Tech lobbying, tapping into European sensitivities about data sovereignty and geopolitical tensions. However, as clarified by Commission officials like DG CONNECT’s Deputy Director Renate Nikolay, this agenda emerged from internal European reflection. It was a direct response to persistent calls from European businesses themselves, voiced in reports like those by Enrico Letta and Mario Draghi, who highlighted that the EU’s regulatory environment was seen as overly burdensome and incoherent, hindering the competitiveness of its own companies.
Despite this clear European-driven impetus, the push for sensible reform has faced significant political resistance. The Commission’s initial proposal for the data-focused Digital Omnibus included modest, targeted clarifications to the GDPR—such as clearer criteria for when pseudonymised data falls outside strict GDPR rules and more precise definitions of personal data. These changes were designed to provide much-needed legal certainty without undermining core privacy principles. Unfortunately, the EU Council, representing member states, reportedly dismissed these pragmatic steps. Instead, it reverted to advocating reliance on the existing non-binding EDPB guidance, effectively removing the proposed clarifications and leaving businesses in the same state of ambiguity. This reversal represents a cautious, perhaps defensive, stance that privileges a rigid interpretation of data protection over adaptive governance.
The resulting tension pits two vital European interests against each other: the unwavering protection of individual privacy and the urgent need to foster innovation and economic resilience. As Polish technology lawyer Mikołaj Barczentewicz notes, the current system lacks independent review mechanisms that could balance privacy with other public interests, like business growth and research. The EDPB’s guidelines, while helpful, do not shield companies from future enforcement actions, creating a climate of risk that discourages data-driven investment. The central question, therefore, is whether the EU can evolve its world-class data protection regime into a world-class balanced regime—one that safeguards citizens while also providing a stable, predictable environment for European companies to scale, compete globally, and contribute to the bloc’s economic sovereignty.
This question is not academic; it is existential. In the face of a looming economic crisis, fierce global technological competition, and ambitious EU goals for digital leadership, the ability to empower European businesses is paramount. The data economy represents a massive reservoir of potential wealth and innovation for the continent. Unlocking it requires more than just protection; it requires permission—a framework that provides clarity, reduces unnecessary compliance burdens, and trusts European innovators to build within responsible boundaries. Finding this equilibrium is the next great challenge for EU policymakers. It is the crucial step to ensuring that Europe’s digital future is not only secure but also prosperous, dynamic, and self-determined.
