Big Tech firms deploy nationalistic arguments to suggest that American incorporation equates to a guarantee that their business models won’t undermine US national security or US foreign policy. Without a federal privacy law to constrain data collection and sharing, however, that is not true. This data-brokerage ecosystem allows US citizens’ data to end up in foreign government hands, threatening national security and potentially sabotaging US diplomacy and foreign policy activities. It also weakens American credibility on data issues; if the White House is taking action against individual Chinese tech firms while Congress passes no privacy law, for instance, seeking to eliminate a potential means through which Beijing can spy on US citizens, the US appears more focused on targeting companies than mitigating overall data-diffusion harms.
These Big Tech arguments, though, relate to a second concern of weak US privacy law: distrust of US tech firms overseas.
There are myriad legitimate reasons why US tech giants have reputation problems abroad, from sheer market power and extensive lobbying to enabling the spread of hate online and massive, exploitative data collection. Phrases like “data colonialism” and “digital colonialism” have been used to characterize this phenomenon, particularly when large tech firms enter lower-resourced countries (e.g., Venezuela, Uganda, India), surveil citizens, and extract all the value back to their headquarters while perpetuating other problems like unequal divisions of labor.
It doesn’t have to be this way. Right now, American civil servants are renegotiating a transatlantic data-transfer agreement with European Union counterparts, following an EU court’s invalidation of the Privacy Shield framework in July 2020. Some might argue, with good reason, that the EU Court of Justice will find any reason to invalidate any EU-US data-transfer agreements. But Washington can buttress its position by putting new, real constraints on American companies’ data collection, sharing, and use. Even though Schrems II, the decision invalidating Privacy Shield, focused on national security access to data in the US, this absence of robust US privacy law almost always enters the same conversation about inadequacy.
Passing a strong federal privacy law in the US could also help American companies grapple with an increasingly complex and fractured regulatory landscape globally. For instance, India’s Personal Data Protection Bill, introduced in 2019 and still undergoing deliberation, was inspired by the EU’s GDPR (though it includes a dangerously broad set of exemptions for the state). Brazil’s General Data Protection Law also has similarities to GDPR. The more that other governments enact privacy laws, the greater the risk that US firms will face regulatory challenges and public distrust around the world.
For all that politicians talk about the importance of having competitive US technology firms, that shouldn’t come at the expense of democratic regulation to protect citizens from data-related abuses—nor should controls on data abuses be seen as an antithesis to a competitive tech sector. On the contrary, as more data regimes crop up globally, as Silicon Valley faces increased scrutiny in overseas markets, and with trust in artificial intelligence coming to depend partly on a country’s privacy regime, passing a robust federal privacy law could have many benefits for US tech competitiveness.
The recently announced US-EU Trade and Technology Council, through which the US and EU member states will engage in conversation on everything from internet policy to standards development, has a strong implicit focus on China. Coming out of the G7 Summit in June, Biden reiterated a focus on providing a “democratic alternative” to Chinese government influence.
Biden’s plan to unite democracies on tech faces many challenges, in part because it’s not clear if a democracy-versus-authoritarianism framing is the best way to combat digital repression. Depending on the plan’s execution, it might also wrongly overlook disagreements among democracies themselves on how to address technology challenges. EU member states, for instance, are hardly in lockstep with Washington on a range of internet policy issues. India is often assigned to the democratic bloc in these conversations, but the Modi government’s repression, attacks on democracy, and internet abuses call that into question.