Once Europe’s most hyped law, the General Data Protection Regulation (GDPR) is now on the chopping block. Powerful forces within the European Commission, supported by the German government, hope that deregulation will boost Europe’s tech sector, particularly AI. This is a grave mistake.

China’s DeepSeek, which has stunned the AI world over the past year, emerged under a legal regime far stricter than Europe’s. China’s rigorous pre-deployment rules appear to have done its world-beating AI innovation no harm.

Europe’s problem is not that it has too many rules for AI, but that it hypes those rules and then neglects to enforce them. This is why Google, Meta, Microsoft et al dominate Europe’s market. Documents revealed in a US court show a vast free-for-all of data inside Meta: it uses information that people give it for one service, such as social media, to prop up unrelated parts of its business, including its most invasive ad targeting. This allows Meta, and other similar companies, to build cascading monopolies that dominate sector after sector.

Meta’s data free-for-all violates GDPR’s commonsense “purpose limitation principle”: when you hand over data for one purpose, it cannot automatically be used for some other unrelated purpose. Enforcing just this one GDPR principle would effectively break up every giant US tech firm. The GDPR has many other principles that also have the power to upend these firms’ operations. Yet chronic under-enforcement in Europe has allowed them to entrench their domination, leaving no space in the market for European innovators to scale up their offerings.