Over the past decade, the European Union (EU) has enacted a series of high-profile regulations and directives aimed at governing the digital environment. From the General Data Protection Regulation (GDPR)[1] in 2016 to the Artificial Intelligence Act (AI Act)[2] in 2024, the EU Commission consistently cites trust as a foundation for consumer uptake of new technologies. In the EU Commission documents, the logic is clear: if the EU adopts laws to prevent harm and negative consequences of new technology, individuals will be more likely to embrace digital services. This, in turn, is expected to foster innovation and growth in the EU’s digital market.
On its face, this premise is difficult to dispute. Trust – the willingness to accept vulnerability to the actions of others – matters; it lowers perceived risks and encourages the adoption of new platforms and services. Yet, current EU digital law is premised on avoiding negative events – such as data breaches, unlawful profiling, algorithmic discrimination, or manipulation. By emphasising risk reduction, the Commission seems to assume that trust already exists and merely needs to be protected or maintained. This chapter challenges that assumption. It argues that many consumers do not, in fact, trust companies’ digital practices because companies are not honest with them. As a result, consumers (to the extent that they have a meaningful choice) refuse to adopt certain services that feel intuitively scary, and they install blockers and VPNs to prevent tracking. Rather than strengthening trust as it intends, the law’s near-exclusive focus on preventing negative consequences overshadows the need to actively build and cultivate trust in the first place.
This chapter contends that while EU regulators are correct in identifying trust as the backbone of a flourishing digital market, their reliance on a risk-avoidance paradigm underestimates just how fragile consumer trust really is. To bolster genuine trust, lawmakers and businesses alike must move beyond defensive strategies and adopt affirmative duties of confidentiality, transparency, security, and loyalty. Only then can the EU achieve the sustainable, trust-based digital economy it envisions.
- Date Published:January 28, 2026
- Original Publication: Chapter found in Conceptions of Data Protection and Privacy: Legal and Philosophical Perspectives