EU internet users are taking more action to protect their personal data online. As new data shows rising resistance to online tracking, how far is the EU willing to go to reclaim digital sovereignty?
New data shows that EU citizens are taking more precautions with their personal data online, as Europe tries to seize back its digital sovereignty from US Big Tech.
In 2025, the majority of internet users in the European Union chose not to allow their personal data to be used for advertising, while 56.2% restricted or refused access to their geographical location, according to the latest Eurostat data.
Limiting access to social media profiles or shared online storage also became more common, with 46% of internet users taking such a step.
The figure represents a five percentage-point increase compared with 2023.
In addition, 39% of people checked that the website where they provided personal data was secure, and 37.6% read the privacy policy statements before sharing their personal data.
The highest share of internet users who took measures to protect their data was recorded in Finland (92.6%), followed by the Netherlands (91.2%) and Czechia (90.3%).
By contrast, the lowest shares were recorded in Romania (56%), Slovenia (57.4%) and Bulgaria (62%).
Threats to personal data
In some cases, European organisations and regulators have taken tech companies to court for the alleged misuse of citizens' personal information.
In January 2026, the Austrian data protection authority filed a complaint against Microsoft for unlawfully placing tracking cookies on a child's devices without their consent.
The complaint, made by privacy rights group noyb in June 2024, targeted Microsoft's education software, Microsoft 365 Education, which is used by millions of students and teachers in European schools.
Last year, nine civil society organisations made a joint complaint against Elon Musk's X for alleged breaches of the EU's Digital Services Act (DSA). The complaint took aim at the platform's use of sensitive personal information, such as political opinions, sexual orientation, religious beliefs and health conditions, for targeted advertising.
It was based on research by AI Forensics, a European non-profit that investigates influential algorithms, which discovered, among other things, that Dell Technologies had targeted users on X with interests in specific medications, sexual orientation, and faith.
How are EU governments responding?
The EU and its member states appear to be ramping up efforts to clamp down on the breach of its digital rules and gain more digital independence.
Last December, the European slapped X with a €120 million fine, its first-ever penalty under the DSA, for flouting transparency obligations and advertising rules.
The EU is also working on increasing its digital sovereignty from US Big Tech, as Amazon Web Services, Microsoft, and Google currently control around 70% of Europe's cloud market.
In one of the measures, the European Commission is set to adopt the new Cloud and AI Development Act.
It aims to at least triple the EU's data centre capacity within the next five to seven years.
Meanwhile, on a national level, France announced it would replace the US platforms Microsoft Teams and Zoom with its own domestically-developed video conferencing platform.
The Visio platform is set to be used in all government departments by 2027.