€500 billion-worth European data economy troubles continue

With the rise of artificial intelligence, the term "data economy" has somewhat fallen into the shadows, even though the European data market/data economy remains substantial. According to a 2025 study commissioned by the European Commission, data market has exceeded €115 billion in 2025 and is expected to reach €148 billion by 2030. The broader term - data economy - was already worth €325 billion in 2019 (2,6% of the EU's GDP) and was projected to reach €500 billion by 2025.

The roadblocks for data-driven companies in Europe to scale, become globally competitive and benefit EU's economy are largely similar across sectors: the definition of personal data under the General Data Protection Regulation (GDPR) is broad, companies have limited capacity to navigate fragmented interpretations of the GDPR across EU Member States, and the non-binding recommendations and guidelines by the European Data Protection Board (EDBP) provide only limited help. While large companies (and usually non-European companies) have the resources to deal with local authorities and even challenge the EDBP, smaller companies are left to cope with fragmented rules across the EU. 

Amending the GDPR even in a very targeted way is a highly sensitive subject in the EU, with many privacy advocates and data protection authorities (DPAs) remaining sceptical. Add geopolitical tensions between the EU and the US to the mix, along with fears that Europeans’ data could end up outside the EU, and even the most common-sense reforms risk being blocked.

Is the Digital Omnibus driven by Europeans or Americans? 

The issues European companies face are repeated again and again, and it seems the European Commission has been listening. DG CONNECT’s Deputy Director Renate Nikolay clearly answered one of the MEPs'  concerns about the Digital Omnibus "being favorable to powerful big-tech lobbying demands" at the LIBE Committee meeting of January 26:

“Let me just underline that the simplification agenda has nothing to do with US lobbying. The simplification agenda of the Commission has been developed long before the current US administration came into force. It is very much a result of Letta and Draghi, and kind of the debate, that was in the European Union, ahead of the last European Parliament election and the transition from one Commission to the other. It was a feeling, in particular about European businesses, that Europe was seen as too heavily regulating, and not listening to the concerns of the European businesses about their compliance costs and the landscape of regulation that sometimes seemed to them not fully coherent. That was the call, that was replied to with the simplification agenda of the Commission, and that’s also very much the driver of these Digital Omnibuses”. 

The MEPs' skepticism and fears of being portrayed as working against European interests are understandable - some quasi-lobby groups that are, a priori, opposed to the simplification agenda have portrayed simplification as “US lobbying”, exploited European sensitivities about the US, and completely disregarded comments and pleas from European companies themselves.

Council’s unfortunate reversal of the European Commission’s ambition on the GDPR

Over the past year, the European Commission has been working on a number of initiatives to streamline European data rules and make them more workable for European businesses, innovators, researchers, and public administrations.

The Data Union Strategy, for example, includes the Open Data Directive, the Data Act, the Data Governance Act, and the Free Flow of Non-Personal Data Regulation. All of these legislations are expected to be merged into a single new Data Act. The Commission has also been preparing two Digital Omnibus packages - the Digital Omnibus for AI and the Digital Omnibus (data rules-oriented).

The European Commission’s initial proposal for the Digital Omnibus on data included modest changes to the General Data Protection Regulation (GDPR), introducing criteria to provide data companies with greater clarity on when personal data is sufficiently pseudonymised and when the strict GDPR rules no longer apply, what constitutes personal data, data subjects' rights, and more.

Unfortunately, even these modest proposals have allegedly been dismissed by the Council. Instead, the Council has reverted the text back to business-as-usual recommendations to rely on the European Data Protection Board's (EDPB) guidance, while removing statements on what does and does not constitute personal data, essentially leaving European businesses back at square one.

Balancing the interests of the two worlds: data protection vs innovation

The European Data Protection Board is indeed trying to harmonise EU Member States’ approaches to the GDPR through various guidelines and recommendations, but these take years to issue and are non-binding, which doesn’t exactly bring more clarity to European businesses. 

Polish technology lawyer Mikołaj Barczentewicz rightly notes that the non-binding nature of EDPB guidelines doesn’t exactly protect European companies from enforcement troubles later. He argues that Europe should seriously reform GDPR enforcement by adding more independent review and better balancing of business, innovation, and other public interests alongside privacy.

The question remains open: if the EU boasts one of the best data protection regimes in the world, will it also be able to say that it has found the right balance between data protection authorities and businesses, privacy and innovation, and protection and permission?

This question matters: in light of the EU’s competitiveness ambitions, the looming economic crisis, and the need to empower European businesses and strengthen its own economy.