The era of data without borders is coming to an end

Every time we send an email, click on an ad on Instagram or spend on credit cards, we create a snippet of digital data.

Information is spreading around the world at the click of a button, becoming the kind of currency without borders that underpins the digital economy. The largely unregulated flow of bits and bytes has contributed to the growth of multinational megacompanies such as Google and Amazon, and has changed global communications, commerce, entertainment and media.

Now the era of open borders for data is coming to an end.

France, Austria, South Africa and more than 50 other countries are accelerating efforts to control digital information produced by their citizens, government agencies and corporations. Guided by security and privacy issues, as well as economic interests and authoritarian and nationalist aspirations, governments are increasingly setting rules and standards on how data can and cannot move around the world. The goal is to gain “digital sovereignty”.

Note that:

  • In Washington, the Biden administration is distributing an early draft order that should stop competitors such as China from accessing American data.
  • In the European Union, judges and politicians are working to protect information created within 27 countries, including stricter online privacy requirements and rules for artificial intelligence.
  • In India, lawmakers are passing a law that limits the amount of data that can leave a nation of nearly 1.4 billion people.
  • According to the Foundation for Information Technology and Innovation, the number of laws, regulations and government policies that require the storage of digital information in a particular country has more than doubled to 144 from 2017 to 2021.

While countries like China have long encroached on their digital ecosystems, the introduction of more national rules on information flows represents a fundamental change in the democratic world and changes the way the Internet has functioned since it became widely commercialized. in the 1990s.

The implications for business operations, confidentiality, and the way law enforcement and intelligence investigate crimes and implement surveillance programs have far-reaching results. Microsoft, Amazon and Google are offering new services that allow companies to store records and information in a specific area. And the transfer of data has been part of geopolitical talks, including a new pact to share information across the Atlantic, which was agreed in principle in March.

“The amount of data over the last decade has become so great that it has created pressure to put it under sovereign control,” said Federico Fabrini, a professor of European law at Dublin City University who edited the book and said the data was inherently harder. regulate than physical goods.

For most people, the new restrictions are unlikely to close popular websites. But users may lose access to some services or features depending on where they live. Meta, the parent company of Facebook, recently said it would temporarily suspend the offer of augmented reality filters in Texas and Illinois to avoid lawsuits under laws governing the use of biometrics.

The debate over data limitation echoes the wider upheavals in the global economy. Countries are reconsidering their dependence on foreign assembly lines after supply chains collapsed in a pandemic, delaying supplies of everything from refrigerators to F-150s. Concerned that Asian computer chipmakers may be vulnerable to Beijing’s influence, US and European lawmakers are pushing for more domestic semiconductor plants to produce thousands of products.

The change in attitudes toward digital information is “due to a broader trend toward economic nationalism,” said Eduardo Ustaran, a partner at law firm Hogan Lovells, which helps companies comply with the new data rules.

The basic idea of ​​“digital sovereignty” is that a digital exhaust created by an individual, enterprise or government should be stored within the country where it originated, or at least treated in accordance with confidentiality and other standards set by government. In cases where the information is more confidential, some authorities want it to be controlled by a local company as well.

This is a shift from today. Most of the files were originally stored locally on the company’s personal computers and mainframes. But as the Internet speeds up and the telecommunications infrastructure develops over the past two decades, cloud computing services have allowed someone in Germany to store photos on a Google server in California or an Italian company to run a website with Amazon Web Services running from Seattle.

The turning point came after in 2013, national security contractor Edward Snowden singled out a number of documents detailing the U.S.’s extensive surveillance of digital communications. In Europe, there has been growing concern that dependence on American companies, such as Facebook, makes Europeans vulnerable to US scrutiny. This has led to protracted legal disputes over online privacy and to transatlantic talks to protect communications and other information passed on to U.S. firms.

The tremors are still being felt.

While the United States supports a free, unregulated approach that allows data to be freely transferred between democracies, China has joined Russia and others in fencing off the Internet and keeping data available to monitor citizens and suppress dissent. Europe with tightly regulated markets and data privacy rules is going the other way.

In the European Union, Europeans’ personal data must comply with the requirements of the Internet Privacy Act, the General Data Protection Regulation, which came into force in 2018. Another bill, the Data Act, provides for new restrictions on what may be corporate information. provided by special services and other bodies outside the bloc, even with a court order.

The Biden administration recently developed an ordinance that gives the government more power to block deals with Americans’ personal data that threaten national security, said two people familiar with the matter. A spokesman for the administration said the document, previously reported by Reuters, was an initial project sent to federal agencies for feedback.

But Washington was trying to keep the data between America and its allies. During a March trip to Brussels to coordinate a response to Russia’s invasion of Ukraine, President Joe Biden announced a new arrangement that would allow data from the European Union to continue flowing to the United States.

The deal was necessary after the European High Court annulled the previous agreement in 2020 because it did not protect European citizens from espionage by US law enforcement, threatening the activities of thousands of companies that transmit data across the Atlantic.

In a joint statement in December, Gina Raymond, the US Secretary of Commerce, and Nadine Doris, the UK’s chief digital minister, said they hoped to counter “negative trends that risk closing international data flows”. Last month, the Department of Commerce also announced a merger with several Asian countries and Canada to preserve digital information between countries.

As new rules were introduced, the technology industry raised alarm. Groups representing Amazon, Apple, Google, Microsoft and Meta have argued that the internet economy is fueled by the free flow of data. If technology companies had to store it all locally, they would not be able to offer the same products and services worldwide, they said.

But the countries still clamped down. In France and Austria, customers of Google’s Internet Measurement Software, Google Analytics, used by many websites to collect audience figures, were told this year not to use the program anymore because it could expose American spies to Europeans’ personal data.

Last year, the French government withdrew from an agreement with Microsoft on the processing of health-related data, after the authorities were criticized for awarding a contract to an American firm. Instead, officials promised to cooperate with local firms.

The companies are set up. Microsoft has said it is taking steps to make it easier for customers to store data in specific geographic areas. Amazon Web Services, the largest cloud computing service, said it allows customers to monitor where data is stored in Europe.

In France, Spain and Germany, Google Cloud signed agreements with local technology and telecommunications providers last year to allow customers to ensure that their data is monitored by a local company while they use Google products.

“We want to meet with them where they are,” said Ksenia Duxfield-Karyakina, who manages Google Cloud’s public policy operations in Europe.

Liam Maxwell, director of government transformation at Amazon Web Services, said in a statement that the company would adapt to European rules, but customers should be able to buy cloud computing services according to their needs, “not limited to where the provider is headquartered. technologies “.

Source link