Data protection regulators from Europe met US tech company officials and US state and federal regulators this week to explain the EU’s data protection rules amid criticism the rules are stifling innovation, the president of the Polish Personal Data Protection Office told MLex. The dialogue follows the Trump Administration's complaints that the EU's digital rules unfairly target US companies.
Data protection regulators from Europe met US tech company officials and US state and federal regulators this week to explain the EU’s data protection rules amid criticism the rules are stifling innovation, the president of the Polish Personal Data Protection Office told MLex.“Sometimes data protection laws are accused of being an obstacle to innovation,” Mirosław Wróblewski, the authority’s president, told MLex this week on the sidelines of the world’s largest gathering of privacy professionals in Washington DC*.
“The balancing between effective protection of fundamental rights and innovation growth progress is something which is constantly discussed,” he said.
Wróblewski said the criticism extends from the EU’s flagship privacy law, the General Data Protection Regulation, to the proposed Digital Omnibus, which seeks to simplify reporting requirements across various EU digital laws and to revamp certain measures, such as cookie consent rules and the definition of personal data.
Trump administration officials have compared EU regulations such as the Digital Services Act and the Digital Markets Act to taxes on US companies. The EU rules have led to penalties against US tech companies, including Apple and Meta Platforms, which were fined a total of 700 million euros in April 2025 for DMA breaches.
Wróblewski said that during the meetings with government officials and company representatives, European authorities explained the bloc’s digital regulations.
“Sometimes, the EU is compared in a not very positive way to the US, which has a more liberal way [of regulation],” he said. However, he pointed US state regulators’ plans to become more active enforcers. These regulators are increasingly building bridges with their counterparts in Europe and elsewhere (see here).
“We talked about the coordination of enforcement also at the level of states,” Wróblewski said. “There is also an understanding that businesses, especially in a digitalized world, need a common approach,” he said.
Wróblewski said the conference offered attendees an opportunity to meet regulators from Africa, the Middle East, and Latin America.
— Cybersecurity probes —
In 2025, the Polish authority ramped up enforcement of cybersecurity-related data breaches, he said. The authority focused on sectors involving sensitive personal data and on compliance with breach response procedures.
“Unfortunately, some controllers still try not to see problems and keep things under the carpet,” he said.
He said the authority’s fines have steadily increased, rising from around 1 million złoty (around $270,179) in 2023 to 13 million złoty in 2024 and hitting 67 million złoty in 2025, with a notable fine of 27 million złoty against Polish Post.
The fine against Polish Post related to the unlawful processing of personal data from 30 million citizens during preparations for the 2020 elections, when data was shared without legal grounds (see here).
There has been a steady increase in data-breach notifications, rising from 14,069 in 2023 to 14,842 in 2024 and ramping up to about 22,000 in 2025, he said.
To ease companies’ burden of notifying multiple agencies of data and cybersecurity breaches, Poland has established a “single point of entry” for data protection and cybersecurity incidents. This simplification is a feature of the EU’s Digital Omnibus.
Poland is the second country after Denmark to establish this new system, he said.
In addition to rising fines and data breach notifications, there has been a jump in data protection complaints, almost doubling from 8,000 in 2024 to 15,000 in 2025, he said.
The rise in complaints is because of organizations' and individuals' use of generative AI, which is a trend seen across Europe (see here). He said the authority is now using AI to help respond to these complaints.
“We are testing the solutions on the ground, especially when it comes to dealing with infringements, notifications, breaches, and complaints,” he said.
The goal is to handle 30 percent of notifications with an AI solution, he said.
*IAPP Global Summit 2026: Privacy-AI Governance, Washington, DC, March 30-April 2, 2026.
Please email editors@mlex.com to contact the editorial staff regarding this story, or to submit the names of lawyers and advisers.