A few weeks ago, at an institutional event in Brussels, a digital policy expert celebrated that Europe's commitment to defense opened a window of opportunity for European artificial intelligence. But he warned: "We will need a lot more data than we have now." No one in the room seemed to have any problem. No one mentioned that one of the most important principles of the General Data Protection Regulation (GDPR) is precisely that of limiting data collection to what is strictly necessary.
The episode was revealing, not for what was said but for what was hinted at: in the name of European technological sovereignty, voices calling for fewer rules, more flexibility, fewer obstacles are gaining ground. In other words: deregulation. The narrative of sovereignty, which could be an opportunity to reorient digital development toward fairer and more sustainable models, is being instrumentalized as an alibi to dismantle protections built with great democratic effort.
In the digital realm, the word sovereignty It has been enthusiastically adopted. It is invoked to defend the need for national infrastructure, technological independence, and autonomy from foreign powers. But in practice, this rhetoric is accompanied by growing pressure to lower regulatory standards. Instead of strengthening the role of the law in guaranteeing rights, legislation is beginning to be seen as a burden that impedes European innovation. This trend is not abstract: a simplification agenda has already been announced that will reach the GDPR itself.
And, meanwhile, the big tech companies are taking action. This Monday, Meta began using content published by users on its platforms to train its artificial intelligence systems, unless they expressly opt out. No consent was sought, no information was provided in a comprehensible manner, and everything points to this practice being contrary to the GDPR itself. However, data protection authorities remain divided. It's hard to imagine a starker illustration of Europe's double standard: while rules are being weakened from within in the name of competitiveness, those who have been exploiting our data for years are allowed to dictate their pace, even when they violate rights.
This isn't just about data protection. What's at stake is something deeper: the model of digitalization that Europe wants to promote. A digitalization guided by principles of sustainability, social justice, and respect for fundamental rights? Or a European version of global techno-extractivism, in which the only thing that changes is the flag of the company that leads the market?
Digital sovereignty, in its current formulation, prioritizes who is in control (European or not), but forgets to ask how this control is exercised, within what limits, and with what impact. The risk is that this narrative serves to justify a progressive weakening of democratic protections, under the promise that Europe will then be able to compete on a level playing field with other global players.
But if competing requires giving up rights, rules, and principles, what kind of autonomy do we have? Sovereignty shouldn't be the pretext for making everything flexible. It should be the starting point for demanding more justice and less regulation.
