Anyone not bored – or pissed off – repeatedly hitting a random selection Accept / Reject All / Customise button on every site you land on? Well, you can thank the EU and much maligned General Data Protection Regulations (GDPR) for insisting every website has an obscure gatekeeper.
I have to say, we are no longer fans of GDPR, despite jumping on the bandwagon in 2017, with content and even joint sponsoring a white paper. Technology moves on, GDPR is still stuck in 2018.
GDPR is a double-edged sword. On one hand, it was designed to protect consumer privacy, which is a noble goal, especially in an age where data is the new oil. On the other hand, it has made life a nightmare for tech companies, especially startups and mid-sized firms that don’t have the legal and compliance resources of giants like Google or Meta.
The biggest issue is the sheer complexity and cost of compliance. Startups that should be focusing on innovation and scaling are instead sinking time and money into legal frameworks, data protection officers, and endless paperwork. The result? A huge competitive advantage for US and Chinese firms that aren’t hamstrung by the same regulations. While Europe is bogged down in red tape, Silicon Valley and Shenzhen are pushing ahead with AI, machine learning, and big data solutions that are leaving European tech in the dust.
Then there’s the innovation-stifling effect. GDPR’s restrictive stance on data collection and processing makes it harder to build AI-driven services, develop targeted advertising models, or experiment with new business models. In contrast, the US operates under a more relaxed framework, where companies can iterate and evolve quickly, often at the expense of privacy but with undeniable technological progress.
Ironically, GDPR was meant to rein in big tech, but it’s done the opposite. The biggest players have the resources to comply, while smaller European firms struggle or simply give up. That’s why we see European startups either moving to the US or staying small instead of becoming global tech leaders.
Now, I’m not saying GDPR is entirely bad. It has forced a conversation about privacy and data ethics, which was long overdue. But the way it’s been implemented—one-size-fits-all, overly bureaucratic, and with massive fines for non-compliance—has made it more of a blockade than a safeguard.
If Europe wants to compete in tech, it needs a rethink. A more flexible, innovation-friendly data framework would help level the playing field without throwing privacy out the window. Otherwise, European tech will continue to be a second-tier player while the US and China set the rules.
