This panel considers the effects of data protection regulation on the usage and development of data analytics and AI in companies and research institutions. Key issues the panel hopes to discuss include whether the GDPR really is obstructing the development of these technologies – and if so, in what ways, contexts and due to which legal principles – or whether the GDPR is stimulating the innovation of new, privacy-preserving analytics and AI approaches, and how law, policy and business may drive such beneficial outcomes. We also hope to discuss how flexible the GDPR really is when dealing with technologies that seem to contradict core data-protection principles like purpose limitation or data minimization. Is it managing to offer innovators the needed flexibility and society meaningful protection, too much “flexibility” with too little protection, or even a worst-world of neither flexibility nor protection?