Almost all digital services that work with large amounts of data have a high potential for value creation through the use of artificial intelligence (AI). With the AI Act, Europe wants to actively shape the market of the future: A risk-based approach is intended to enable European AI innovations while putting dangerous AI applications in their place. However, AI and data regulation carry the great risk of slowing down potential developments. Europe must tackle three challenges in order not to be left behind in AI development and not to be pulverized between the USA and China.
Reforming the GDPR: Clearing the path for European AI innovation
The real intelligence of an AI is partly determined by the technology behind it, but above all by the quantity and quality of the data with which it is trained and operated. When it comes to data, Europe is already lagging behind significantly. Most of the data of Europeans is owned by American tech giants and increasingly by Chinese platforms like TikTok. This pattern is about to continue with AI technology: While the Americans and Chinese are shaping the market, Europe is watching, discussing, and trying to regulate, instead of shaping.
The current interpretation of the EU’s General Data Protection Regulation (GDPR) is focused on data minimization, which does not meet the requirements of data-intensive AI applications. It urgently needs to be reformed so that, in combination with the AI Act, it creates the framework conditions for competitive European AI innovations. European companies should be able to use data in AI systems in a legally secure manner with less rather than even more hurdles. Neither drastic threats of punishment in the case of the GDPR nor the obligation of an elaborate risk management system, as required by the AI Act, will move Europe forward in AI innovations.
The aim of the GDPR and the new data law emerging in the EU is not only to protect consumers, which is often misunderstood at present, but also to leverage the additional benefits of the use of personal data. Those who want to protect consumers with ever new hurdles from the use of their data, are unfortunately also protecting them from the positive capabilities of AI. An own data ecosystem based on European values will only emerge if companies no longer feel committed to data avoidance alone, but also to the value-creating use of data. This is the only way to create progress and added value for consumers. If this fails, Europe will continue to chase the foreign players with its attempts at regulation.
AI made and hosted in Europe: Ensuring data sovereignty and competitive advantage
The latest product presentations by Microsoft and Google have made visible what is possible with AI as long as data and copyright protection play a secondary role. Without clarified GDPR conformity, AI systems outside Europe are being fed and trained with the data of European citizens. Moreover, personal data becomes the property of the foreign AI providers and is not protected from being played out to other users.
For European companies, the use of AI platforms based in the USA or China is only a limited option. Five years after the launch of the GDPR, there is still a lack of international agreements with which data of European users can be securely stored and processed outside the EU. The supposedly new data protection agreement between the EU and the US will not give companies legal certainty for the use of American AI applications. There is little point in hoping, even in the third attempt after Safe Harbor and Privacy Shield, that the European Court of Justice (ECJ) will change its assessment of the level of data protection for European data in the USA. The ECJ has made it clear that US intelligence practices are incompatible with European values.
Since neither the European fundamental values nor the US intelligence services are likely to change in the medium term, a legally secure solution is not to be expected in the foreseeable future. Therefore, the demand can only be: Any company that uses the data of European citizens for its services must store this data exclusively on servers in Europe. Strictly European data storage should, therefore, be a prerequisite for any AI that is used in Europe and creates value with European data. In order to become independent of non-European providers, it is also necessary to build our own competitive AI applications "made in Europe".
It should be borne in mind that Europe's digital economy – unlike in the USA, for example – is not dominated by a few large, globally active corporations. Over here, innovations come from agile, innovative, often medium-sized companies or start-ups. These hidden champions now need a fair chance to compete with the dominant digital players. The goal should be decentralized and focused support that brings together and builds networks of startups, SMEs, research and corporations. Open standards are crucial for this. Open standards promote competitiveness because they facilitate market access for small and medium-sized enterprises and create transparency. They also allow companies to form partnerships to increase their clout. Without these partnerships, Europe will not be able to offer anything comparable to the dominant platforms in the field of AI.
Flexibility and speed must become the core of European digital policy
It is not enough to pass an EU law in lengthy negotiations, provide it with transition periods and then implement it bureaucratically. All reform efforts bounced off the GDPR for almost five years until new rules for improved enforcement in cross-border cases were finally promised recently. This leaves little hope that the AI Act will succeed in adapting to the rapid pace of AI development. When the regulation comes into force at the end of the transition period in 2026, it will no longer be up to date. The current trilogue negotiations will, therefore, need to define the rules for regular updates. A panel of experts from politics, business and science should ensure real-time monitoring to prevent a divergence between regulation and reality.
In addition to the AI Act, Europe has tackled key points of a fundamental platform law, in particular with the DMA (Digital Markets Act) and the DSA (Digital Services Act). The EU Commission is expressing its firm intention to take the de facto Internet legislation out of the hands of the large online platforms and return it to the sovereignty of politicians. What matters now is fast and consistent implementation, which must not be hindered again by endless arguing and lobbying by the tech giants. However, this is only the necessary prerequisite for the most important step: to finally establish our own European alternatives. This is a challenge for the European Internet industry. If the sector does not work together to build partnerships and establish open standards within Europe, all will simply end up with shifts in market share between the established US corporations and the Asian players, who are increasingly gaining influence. Such a scenario will help neither competition nor Europe.
The speed at which US and Chinese AI systems are currently developing exceeds by many times previous AI walking-pace attempts from Europe, and Europe currently has little of the AI-critical raw data material. The race to value creation through AI follows the formula: AI times data times implementation speed divided by regulation. If there is no quick turnaround in these four parameters, Europe will lose out in AI development, just like it already happened with big data, platforms and operating systems. The clock is ticking, and it has never run as fast as in the AI era.
As CEO of 1&1 Mail & Media Applications SE, Jan Oetjen is responsible for the mail and portal business of United Internet AG with the leading brands GMX and WEB.DE, the marketer United Internet Media, and the international brand mail.com. He is also Chair of the Board of Trustees of the European netID Foundation, an independent body of the Internet industry that provides and develops the open netID login standard.
Please note: The opinions expressed in Industry Insights published by dotmagazine are the author’s own and do not necessarily reflect the view of the publisher, eco – Association of the Internet Industry.