In this chapter, the law scholar Boris Paal identifies a conflict between two objectives pursued by the data protection law, the comprehensive protection of privacy and personal rights and the facilitation of an effective and competitive data economy. Focusing on the European Union’s General Data Protection Regulation (GDPR), the author recognises its failure to address the implications of AI, the development of which depends on the access to large amounts of data. The regulation is observed as not only immensely burdensome for controllers but also likely to significantly limit the output of AI-based applications. In general, the main principles of the GDPR seem to be in direct conflict with the functioning and underlying mechanisms of AI applications, which evidently, were not considered sufficiently whilst the regulation was being drafted. Hence, Paal argues that establishing a separate legal basis governing the permissibility of processing operations using AI-based applications should be considered; the enhanced legal framework should seek to reconcile data protection with the openness for new opportunities of AI developments.