The era of data without borders is ending

Countries are accelerating efforts to control the data generated within their borders, disrupting the flow of what has become a digital currency.

Every time we send an email, click on an ad on a social media app, or swipe a credit card, we create a piece of digital data.

This information is then transmitted around the world at the speed of a click, becoming a borderless currency and underpinning the digital economy. They are largely unregulated, and these streams of data in bits or bytes have helped fuel the rise of transnational mega-corporations like Google and Amazon, and reshaped the commerce system. , entertainment and global media.

But now, the era of open borders for data is ending.

France, Austria, South Africa and more than 50 other countries are accelerating efforts to control the digital information created by their citizens, government agencies and corporations. Driven by concerns about security and privacy, as well as economic interests and nationalism, a growing number of governments are setting rules and standards for how data can and cannot be. moveable globally. The ultimate goal is to achieve so-called “digital sovereignty”.

In the US, the administration is circulating an early draft of an executive order aimed at preventing rival countries like China from accessing US data.

In the European Union, judges and many policymakers are working to protect information generated within the 27-nation bloc, including stricter online privacy rules and requirements.

In India, legislators are working to pass a law restricting data so they can stay in the country of nearly 1.4 billion people.

The number of national laws, regulations and government policies that require digital information to be stored in a particular country has more than doubled, to 144 between 2017 and 2021, according to data from the United Nations. Information Technology and Innovation Fund.

While countries like China have long cut off their digital ecosystems from the outside, the fact that countries are imposing more rules on information flows is a fundamental change and remarkable. And it is changing the way the Internet works since it was widely commercialized in the 1990s.

And their consequences for business, privacy, and how law enforcement and intelligence agencies investigate crime and run surveillance programs will be far-reaching. Microsoft, Amazon and Google are offering new services to allow companies to store records and information within a certain territory. And the movement of data has become part of geopolitical negotiations, including a new treaty on transatlantic information sharing, agreed in principle in March.

Federico Fabbrini, professor of European law at Dublin City University, who has edited a book on the subject, said: “The amount of data has become overwhelming over the past decade and has created pressure. forced to place it under the control of the state, which is inherently more difficult to regulate than material goods.

For most people, the new restrictions don't mean popular sites will be shut down. But users may lose access to some services or features depending on where they live. For example, Meta, the parent company of Facebook, recently said it would temporarily stop offering augmented reality (AR) filters in the US states of Texas and Illinois to avoid being sued under laws governing the use of Facebook. biometric data.

The data restriction debate is also causing wider rifts in the global economy. Countries are rethinking their reliance on foreign assembly lines after a supply chain outbreak during the pandemic delayed deliveries of everything from refrigerators to electric cars. Concerned that Asian computer chip makers could be vulnerable to the impact, US and European lawmakers are pushing to build more semiconductor factories in the country so they can become self-sufficient in chips. for thousands of products.

Eduardo Ustaran, a partner at Hogan Lovells, a law firm that specializes in helping companies comply with the new data rules, said the shift in attitudes towards digital information "is related to a broader trend." than economic nationalism”.

The core idea of ​​“digital sovereignty” is that digital data generated by a person, business or government must be stored within the country where it originates or at least processed in accordance with the law. privacy and other standards set by the government. In the case of more sensitive information, some authorities also want that information to be controlled by a local company.

With increasing internet speeds and ever-evolving telecommunications infrastructure, data is often stored far away from where it originated.

That would be a significant change for everyone. Because most data files are initially stored locally on personal computers and corporate servers. But as internet speeds have increased and telecommunications infrastructure has grown dramatically over the past two decades, cloud computing services have allowed someone in Germany to store photos on Google's servers in the state. California, or a business in Italy that operates a website on the Amazon Web Services platform with operating headquarters in Seattle, western Washington state.

But in 2013, a turning point came after former National Security Agency (NSA) contractor Edward Snowden leaked a series of documents detailing detailed communications surveillance. America's wide-ranging digital In Europe, there are concerns that reliance on American companies like Facebook makes people vulnerable to surveillance. That led to lengthy legal battles over online privacy and transatlantic negotiations to protect communications and other information being transported to American companies.

And its aftershocks are still being felt today.

While the US advocates a free, uncensored approach that allows data to be stored between countries unimpeded, China has joined Russia and other countries in keeping the data private. data at your fingertips. Meanwhile, Europe, with its tightly regulated markets and data privacy rules, is forging a different path.

In Kenya, the draft rules require that information from the payment system and health services be primarily stored within the country. Kazakhstan says personal data must be stored on a server within the border.

In the European Union, the personal data of Europeans must meet the requirements of the online privacy law, under the so-called General Data Protection Regulation, which came into force in 2018. Another draft law, titled the Data Act, would impose new limits on what information companies can provide to intelligence agencies and other authorities outside the bloc, even upon a court order.

“It's the same view as national sovereignty, that we can maintain an understanding of what we do in sensitive areas, or what defines who we are,” said Margrethe Vestager, realist. leading antitrust competition of the European Union, said in an interview.

Margrethe Vestager, the European Union's leading antitrust enforcer.

Two people familiar with the matter said that the US government recently drafted an executive order giving the government more power to block transactions involving Americans' personal data, which could be dangerous. for national security.

But the Washington administration has also tried to keep data flowing between the US and its allies. During a March trip to Brussels (Belgium), the country's president announced a new agreement that allows data from the European Union to continue to flow to the US.

The deal is needed after Europe's top court annulled an earlier deal in 2020 because it failed to protect European citizens from surveillance by US law enforcement, nor prevent them from doing so. operations of thousands of companies that collect data across the Atlantic Ocean.

In a joint statement in December, Gina Raimondo, US Trade Secretary, and Nadine Dorries, Britain's top Digital Minister, said they hoped to combat "negative trends that threaten to shut down." international data streams” . The country's Ministry of Commerce also announced last month that it is joining forces with several Asian countries and Canada to keep digital information flowing between countries.

And when the new rules were introduced, the tech industry had to sound the alarm. Groups representing Amazon, Apple, Google, Microsoft and Meta argue that the online economy is driven by the free flow of data. If tech companies are forced to host it all locally, they cannot offer the same products and services worldwide.

But countries are still determined to do it. In France and Austria, customers of Google's popular internet measurement software, Google Analytics, the tool many websites use to collect audience metrics, were told this year they could not use it. this program again because it can expose the personal data of Europeans.

Last year, the French government canceled an agreement with Microsoft to process health-related data after authorities were criticized for awarding a contract to an American company. Officials then pledged to work with local companies.

At the same time, some large companies have also quickly adjusted their policies. Microsoft says it's taking steps to make it easier for customers to keep data in certain geographic areas. Amazon Web Services, the world's largest cloud computing service, says it gives customers control over where their data is stored in Europe.

In France, Spain and Germany, last year Google Cloud contracted with local telecom and technology providers so that customers could ensure that a local company would monitor their data for a long time. when they use Google products.

Liam Maxwell, a sector transformation director at Amazon Web Services, said in a statement that the company will adapt to European regulations but customers will be able to purchase cloud-based services. based on their needs, and “not limited by where the technology provider’s headquarters is located.”

Max Schrems, an Austrian privacy activist who won a lawsuit against Facebook over its data-sharing practices, says there are more and more disputes over digital information. He predicts the US-EU data deal pushed by the US administration will again be annulled by the European Court of Justice, as it still does not meet EU privacy standards.

“We had a long time where the data was unmanaged and people did whatever they wanted,” said Mr. Schrems. But in a different way. It's a global problem."