Do data privacy laws impede microtargeted foreign disinformation campaigns on social media? This thesis argues that data privacy laws prevent foreign actors from customizing such campaigns and limit the campaign's overall effectiveness. I test the effect of data privacy laws on disinformation campaigns by investigating the effect of the European Union’s General Data Protection Regulation (GDPR) on Russian-linked actors targeting the United Kingdom (UK) with disinformation. This paper finds strong evidence that the implementation of GDPR coincides with a change in how frequently the Russian accounts spread disinformation relating to the UK on Twitter despite a confounding news story. I hypothesize that this decrease in daily tweets indicates a temporary pause on the disinformation campaign targeted at British citizens as the data required for the microtargeting campaign became harder to get. The contributions of this paper include a thorough review of the research into strategies for spreading disinformation targeted at other states. I also emphasize the need for research into the interruptions into strategies of spreading disinformation, rather than simply the strategies themselves. Finally, I lend evidence to the assertion that the controversial data privacy laws may have security benefits in minimizing or interrupting the microtargeting tactic to spread foreign disinformation.