Digital sovereignty called into question
With the implementation of the GDPR in 2018, the European Union has equipped itself with strong legislation to protect the privacy of its citizens’ data. This advance has brought order to the abusive practices that led to the mass surveillance scandals by U.S. intelligence agencies.
Europe’s energy dependence on the scale
Europe’s hard-won digital sovereignty appears to be challenged by a shift in the balance of power. Indeed, the Russian-Ukrainian conflict has reshuffled the cards in the international distribution of energy resources. This new context has made it necessary for the EU to seek new sources of supply. The United States needed no less to seize this opportunity and renegotiate the issue of the sovereignty of European personal data.
Thus, the announcement of an energy alliance between Europe and the United States on March 25, 2022 was followed seven months later (on September 7) by another announcement on the regulatory framework for data transfer on both sides of the Atlantic. This is a resumption of the discussions since the European Court of Justice invalidated the Privacy Shield (July 16, 2020). It is difficult not to make the link between these two events to explain the loss of European ground on this highly sensitive issue.
A look back at a long-standing legal tug-of-war
The Safe Harbor agreement on data transfer between the EU and the United States, which dates back to the 2000s, was annulled in 2015 by the EU Court of Justice. The lack of data protection for European citizens was at issue in this decision.
A new agreement, the Privacy Shield, was drawn up in July 2016 and invalidated 4 years later for the same reasons. The implementation of the famous RGPD in 2018 appears to be a protective bulwark against the shameless exploitation of European data by American digital giants.
The persistence of American pressure
The Americans react quickly to this strong stance by the EU. Shortly afterwards, they put in place the Cloud Act (Clarifying Lawful Overseas Use of Data Act) to circumvent Article 5 of the GDPR. With this act, the American authorities assume the right to obtain data stored on American servers, regardless of their origin (thus including abroad).
The exploitation of personal data is the core business of Big Tech, which is not ready to give it up. However, they find themselves stuck with conflicting legislation in this showdown between the two political entities. And despite the dominant position of the American digital behemoths, the European pressure to impose heavy financial penalties or ban the use of data is still hovering.
Faced with the inability to reach an agreement on this issue and break the legal deadlock, Meta waved the threat of removing Facebook and Instagram from the European continent.
In the end,
The United States were able to deftly exploit the situation by asserting the best interests of its national security. The coincidence with a U.S. liquid gas delivery agreement leaves no one fooled by the maneuver. However, the decree still has to be submitted to the European Commission for approval, which is not likely to happen before the spring of 2023. The suspense remains.
Top comments (0)