Whenever we send an email, tap on an Instagram ad or swipe our credit card, we create a piece of digital data.
Information pinging around the world at the click of a button becomes a kind of borderless currency that underpins the digital economy. Largely uncontrolled, the influx of bits and bytes accelerated the rise of international mega-companies such as Google and Amazon and reshaped global communications, commerce, entertainment and media.
Now the era of open borders for data is coming to an end.
France, Austria, South Africa and more than 50 other countries are stepping up their efforts to control digital information produced by their citizens, government agencies and corporations. Concerned about security and privacy, as well as driven by economic interests and dictatorial and nationalist demands, governments are increasingly setting rules and standards on how data can and cannot be moved around the world. The goal is to achieve “digital sovereignty.”
In Washington, the Biden administration is circulating an initial draft of an executive order barring competitors such as China from gaining access to American data.
In the European Union, judges and policymakers are pushing for the protection of information generated in the 27-nation bloc, including stricter online privacy requirements and regulations for artificial intelligence.
In India, legislators are moving to pass a law that would limit the data that could leave a nation of about 1.4 billion people.
According to the Information Technology and Innovation Foundation, the number of laws, regulations and government policies that require digital information to be stored in a particular country has more than doubled from 2017 to 2021.
While countries like China have long shut down their digital ecosystems, imposing more national regulations on the flow of information is a fundamental change in the democratic world and changes the way the Internet works since it was widely commercialized in the 1990s.
The effects of business operations, privacy and how law enforcement and intelligence agencies investigate crimes and run surveillance programs are far-reaching. Microsoft, Amazon and Google are offering new services to allow companies to store records and information in a specific region. And the data movement has become part of geopolitical negotiations, including a new agreement to share information across the Atlantic that was agreed in principle in March.
“The amount of data has grown so much over the last decade that there has been pressure to bring it under sovereign control,” said Federico Fabrini, a professor of European law at Dublin City University who edited a book on the subject and argued that data is a physical substance. Is naturally harder to regulate than.
For most people, new restrictions are unlikely to shut down popular websites. But users may lose access to certain services or features, depending on where they live. Meta, Facebook’s parent company, recently said it would temporarily stop offering augmented reality filters in Texas and Illinois to avoid lawsuits under laws governing the use of biometric data.
The debate over data limiting echoes widespread fractures in the global economy. With delays in the delivery of everything from refrigerators to F-150s, countries are reconsidering their dependence on foreign assembly lines after an epidemic supply chain outbreak. Concerned that Asian computer chip makers may be vulnerable to Beijing’s influence, American and European lawmakers are pushing for more domestic factories for semiconductors that power thousands of products.
Changing attitudes toward digital information is linked to a “broader trend towards economic nationalism,” said Eduardo Ustara, a law firm partner of Hogan Lovels, which helps companies comply with new data rules.
The main idea of ”digital sovereignty” is that the digital exhaust created by a person, business or government should be stored in the country where it originated, or at least operated in accordance with privacy and other standards set by the government. In cases where the information is more sensitive, some authorities want it to be handled by a local company as well.
It’s a shift from today. Most of the files were initially stored locally on personal computers and the company’s mainframes. But as Internet speeds have increased over the past two decades and telecommunications infrastructure has grown, cloud computing services have allowed anyone in Germany to store photos on Google servers in California, or allow businesses in Italy to run Seattle-operated Amazon Web Services websites.
A turning point came in 2013 when national security contractor Edward Snowden leaked a number of documents detailing extensive American surveillance of digital communications. In Europe, concerns grew that Europeans became vulnerable to US snooping because of their reliance on American companies such as Facebook. This led to a protracted legal battle over online privacy and trans-Atlantic negotiations to protect communications and other information sent to American companies.
Aftershocks are still being felt.
While the United States supports a free, unrestricted approach that allows data to be zipped between democracies, China has joined forces with Russia and others to shut down the Internet and access data to survey citizens and suppress dissent. Europe, with heavily regulated markets and rules on data privacy, is building another path.
According to the Information Technology and Innovation Foundation, in Kenya, the draft rules require that information on payment systems and health services be stored primarily within the country. Kazakhstan has said that personal data must be kept on servers within its borders.
In the European Union, the personal data of Europeans must meet the requirements of the online privacy law, the General Data Protection Regulation, which came into force in 2018. Other draft laws, the Data Act, would impose new limits on what corporate information could be. Intelligence services and other authorities outside the block are made available, even with a court order.
“It is the same spirit of the sovereign state, that we can retain knowledge of what we do in sensitive areas, and that is part of what defines us,” said Margaret Westegger, the EU’s top non-commissioned officer. Interview
The Biden administration recently drafted an executive order to give the government more power to block deals involving personal data of Americans that endanger national security, two people familiar with the matter said. An administration official said the document, previously reported by Reuters, was a preliminary draft sent to federal agencies for response.
But Washington has tried to keep data flowing between the United States and its allies. During a March trip to Brussels to coordinate the response to Russia’s invasion of Ukraine, President Biden announced a new agreement to allow data from the European Union to flow to the United States.
The deal was needed after a top European court rejected an earlier agreement in 2020 because it did not protect European citizens from espionage by American law enforcement, disrupting the operations of thousands of data beam companies in the Atlantic.
In a joint statement in December, U.S. Commerce Secretary Gina Raymondo and Britain’s top digital minister, Nadine Doris, said they “hope to counteract the negative trends that threaten to shut down international data flows.” The Commerce Department also announced last month that it was partnering with several Asian nations and Canada to keep digital information flowing between countries.
As new rules have been introduced, the tech industry has sounded the alarm. Groups representing Amazon, Apple, Google, Microsoft and Meta argued that the free flow of data boosted the online economy. If tech companies were to store it all locally, they would not be able to provide similar products and services worldwide, they said.
But still the countries stopped. In France and Austria, customers of Google’s Internet measurement software, Google Analytics, which many websites use to collect audience statistics, were told this year not to use the program anymore because it would expose Europeans’ personal data to American espionage. Can provide.
Last year, the French government canceled a deal with Microsoft to handle health-related data after authorities criticized the American firm for awarding the contract. Officials promised to work with local companies instead.
Companies have adjusted. Microsoft said it was taking steps to make it easier for consumers to store data in certain geographic areas. Amazon Web Services, the largest cloud computing service, said it allows customers to control where data is stored in Europe
In France, Spain and Germany, Google Cloud signed deals with local tech and telecom providers last year to allow consumers to guarantee that a local company monitors their data when they use Google’s products.
“We want to meet them wherever they are,” said Casenia Duxfield-Karyakina, who leads Google Cloud’s public policy operations in Europe.
Liam Maxwell, director of government transformation at Amazon Web Services, said in a statement that the company would accept European rules but that consumers should be able to purchase cloud computing services based on their needs, “not limited to where the technology provider’s headquarters are.” “
Max Schrems, an Austrian privacy activist who won a lawsuit against Facebook over its data-sharing practice, said more controversy arose over digital information. He predicted the US-EU data deal announced by Mr. Biden will be hit again by the European Court of Justice because he still does not meet EU privacy standards.
“We had a time where data was not controlled at all and people do what they want,” he said. Schrems said. “Now slowly we see that everyone is trying to regulate it but regulating it differently. That’s the decent thing to do, and it should end there. “
Ana Swanson Contribution Report.