---
id: "prereq-eu-data-privacy"
type: "prereq"
source_timestamps: ["§ Thinking About AI Capability on a National Scale"]
tags: ["legal", "compliance"]
related: ["framework-national-ai-capability", "claim-regulation-positive-factor"]
reason: "Necessary to grasp why high internet usage in Europe does not automatically translate to high 'Consumer Data Availability' for AI training, contrasting sharply with the Chinese model."
speakers: ["Yasuhiro Yamakawa", "Thomas H. Davenport"]
sources: ["futures"]
sourceVaultSlug: "hbr-seg-futures"
originDay: 2
articleStem: "hbr-cl-94-ai-strategy-beyond-us-china"
sourceUrl: "https://hbr.org/2025/12/your-ai-strategy-needs-to-expand-beyond-the-u-s-and-china"
sourceTitle: "Your AI Strategy Needs to Expand Beyond the U.S. and China"
---
# EU Data Privacy Regulations (GDPR)

**Prerequisite knowledge:** In the EU, companies face limits on exploiting consumer data commercially even when they gathered it, requiring consent to repurpose data for AI training. This implicitly relies on understanding frameworks like the **General Data Protection Regulation (GDPR)** and the upcoming **EU AI Act**.

**Why it matters:** Necessary to grasp why high internet usage in Europe does *not* automatically translate into high *Consumer Data Availability* for AI training — the seventh factor of the [[framework-national-ai-capability]] — contrasting sharply with the Chinese model ([[claim-us-china-different-models]]). It is also the constraint side of the regulation debate in [[claim-regulation-positive-factor]].
