US-EU relations: A post-covid transatlantic digital agenda

Трансатлантическая экономика является самым сильным торговым и инвестиционным партнерством в мире, генерируя коммерческие продажи на сумму 5,6 триллиона долларов и поддерживая 16 миллионов рабочих мест. Поэтому если США и ЕС смогут вместе разработать стандарты торговли и поведения в цифровом мире, они могут стать мировыми лидерами, обеспечивая соблюдение большинством стран стандартов, поддерживающих индивидуальную конфиденциальность и открытые рынки. Однако, на пути этого стоят большие разногласия

Во-первых, США обычно рассматривают цифровую экономику как продолжение традиционной экономики и применяют существующие правила в отношении конфиденциальности, контента, защиты потребителей, политики в области конкуренции и других областях. ЕС (и большинство государств-членов) считают, что цифровая экономика создает новые проблемы как для потребителей, так и для бизнеса, которые требуют новых правил.

Во-вторых, когда европейские официальные лица и лидеры общественного мнения представляют свои усилия как вопрос достижения цифрового суверенитета, эти слова почти никогда не слышат в Соединенных Штатах. Это понятно: европейские поиски цифрового суверенитета уходят корнями в представление о том, что в Европе в цифровом пространстве доминируют компании, не входящие в ЕС, прежде всего фирмы США и Китая. В США, на родине так называемой GAFA (Google, Apple, Facebook, Amazon), не было необходимости отбивать цифровую экономику от влияния неамериканских компаний. Присутствие крупных китайских онлайн-игроков только недавно стало проблемой, прежде всего в области инфраструктуры и безопасности. В результате обеспокоенность Европы по поводу американских технологических компаний является озадачивающей и даже неуместной для многих в промышленных и правительственных кругах США. Суверенитет от кого и с какой целью? Слова европейцев скорее воспринимаются как протекционизм, направленный на создание цифровой «крепости Европы» и дистанцирование ЕС от США.

В переговорных позициях сторон подробно разобрался Фрэнсис Джи Беруэлл


Frances G Burwell

The coronavirus outbreak in spring 2020 was devastating for many individuals, societies, and economies. But it also had a significant impact on the state of the transatlantic relationship, heightening levels of misunderstanding and distrust even as both the United States and Europe were jointly facing tens of thousands of fatalities. Donald Trump’s sudden restrictions on Europeans travelling to the US, and his threats to cut off funding to the World Health Organization during the pandemic, were unpopular across Europe. Many in the US policy community saw the raising of internal EU border controls, and the struggles to agree to financial support for all of Europe, as emblematic of the European Union’s inability to cope with the virus – and potentially as the death knell for the union itself.

But in both the US and across Europe, the covid-19 experience also made clear the importance of the digital world. With millions working from home and sometimes quarantine, and connected to friends, family, and colleagues by the internet, the importance of digital policy for the modern economy was starkly clear. Even as misinformation about the virus spread across social media, governments turned to potential tracking apps and analyses of medical data to find a way out of lockdowns. At the same time, countries such as China and Russia used the internet to spread falsehoods and to increase surveillance of, and even control, their populations. The virus sharply revealed the differences in governmental approaches to the internet and their citizens.

But with this new awareness, will the US and EU be able to use the covid-19 experience to build stronger cooperation in the digital space, and so ensure that their citizens and economies – and even their democratic governance – remain secure in the future digital age? Initial impressions are not promising. The virus reinforced within Europe the desire for greater digital sovereignty, based on a strong, European-controlled digital infrastructure that will be resilient in the face of disinformation and other disruptions. In the US, as well as some other countries, the virus exacerbated a nationalist approach to economics that has been growing under Trump.

The choice facing the US and EU

Both the US and the EU now face a choice. The EU has initiated a broad effort to regulate the digital economy, but must now ensure – even in the midst of efforts to spur a post-covid economic recovery – that this drive for digital sovereignty does not turn into protectionism. Instead, the EU should use this opportunity, and the new awareness of the importance of digitalisation, to lead a multilateral effort to tame the worst excesses of the internet while fostering innovation and creativity. The US must return to participating in – if not leading – the multilateral economic system while also pursuing a more strategic domestic conversation on the digital economy; one that is not simply a reaction to the latest privacy or security breach. If the US and Europe fail to make the right choices, the main beneficiary will be China, which has consistently demonstrated its global ambitions during the covid-19 crisis. The result will be a digital world with three distinct approaches – US, Chinese, and European – with China more likely to convince many emerging markets to adhere to its more authoritarian, state-driven approach to both digital governance and commerce. But if the US and EU can together develop standards of commerce and behaviour in the digital world, they can be the global leaders, ensuring that most countries adhere to standards that support individual privacy and open markets.

Transatlantic discussions of digital policy often seem far removed from global strategic concerns, with their debates over differing US and EU approaches to topics such as intermediate liability and adequacy agreements. To those engaged on the digital frontlines, especially from the corporate trenches, these differences seem huge and certainly may be worth significant sums to businesses. But for many policymakers, including those who have been the mainstay of the transatlantic relationship, these discussions seem technical and arcane. This is especially true in the US, where the US-European partnership is predominantly seen as a security partnership based on NATO, and cybersecurity – and NATO’s role in cybersecurity – is the pre-eminent digital issue.

In reality, digital issues are central to the health of the transatlantic partnership. The digital economy is a key part of the US-EU economic relationship. The transatlantic economy is the strongest trade and investment partnership in the world, generating $5.6 trillion in commercial sales and supporting 16 million jobs in 2018. While measuring the digital economy is still more art than science, a few indicators demonstrate its scope. Cables bringing digital data across the Atlantic carry 55 per cent more data than across the Pacific, and eight new transatlantic cables are planned in the next few years. For both the EU and the US, the leading import destination for their digitally enabled services is the other, representing about one-third of such exports. In 2017, US exports of digitally enabled services to the EU totalled $190 billion, and imports totalled $118 billion, giving the US a surplus of $72 billion. (Digitally enabled services are difficult to measure. This figure combines US government estimates of trade in information and communications technology services trade as well as additional services potentially enabled by them). That same year, US corporations, through their local affiliates in Europe, supplied $180 billion in information services, while only supplying $3 billion in China and $21 billion in Latin America. Of all US overseas investment in the information industry, 73 per cent was in Europe in 2018.

Aside from the economic data, however, the digital economy now pervades almost every element of daily life in both Europe and the US. Whether it is shopping or dating online, watching movies, taking online courses, navigating on the roads, or personal banking, Americans and Europeans are constantly connected to the internet. Issues such as online privacy, copyright infringement, and understanding the source of online news have become key to the functioning of society.

At the same time, however, both Europeans and Americans are concerned about the security of their personal and financial information online. A 2019 Eurobarometer survey revealed that only 32 per cent of Europeans have trust in the internet, and, in another survey, 43 per cent of Europeans believed their data might be misused via the internet. Americans are not immune to these concerns: according to a 2019 survey, Americans are worried about how their data is collected and used, with 79 per cent concerned about how companies use the data, and 64 per cent expressing the same concern about government. With internet usage now well over 70 per cent in both the US and Europe, such widespread security concerns will inevitably be a sensitive domestic issue.

European initiatives

Over the past decade, the EU has responded to the growing economic and political importance of the digital economy – and to the concerns of its citizens – by launching a series of regulatory initiatives. The Digital Single Market Strategy, launched in 2015, aimed to reduce or eliminate barriers to digital activity between the member states and improve access to online services and products for citizens and businesses. While still far from complete, it has tackled differences in roaming charges and access to movie downloads – seemingly mundane issues that matter to individual citizens. Following the 2013 revelations by Edward Snowden of significant US government surveillance of European citizens’ communications – including German chancellor Angela Merkel’s mobile phone – the EU passed the General Data Protection Regulation (GDPR). This is arguably the most comprehensive privacy legislation in the world, which imposed strict conditions on the handling of EU citizens’ personal information, even if that data or citizen was physically outside the EU. When it came into effect in May 2018, companies around the world found themselves having to comply with GDPR. Although creating EU digital sovereignty was rarely mentioned at the time, both the digital single market plan and GDPR were clearly intended to enhance EU digital capabilities and provide citizens with a form of sovereignty, or control, over their own personal data.

By the time of the arrival in December 2019 of the European Commission led by Ursula von der Leyen, the idea of greater European sovereignty over the digital economy had become important enough to feature in her political declaration outlining her priorities. In it, she called for the EU to “achieve technological sovereignty in some critical technology areas”. Moreover, in her inaugural speech before the European Parliament, digital policy in general was identified as one of the commission’s top priorities, along with the “Green Deal”, and she again stated that Europe “must have mastery and ownership of key technologies”.

The focus within the commission has been largely on technological sovereignty – ensuring that the EU has a secure, high-quality digital infrastructure and the ability to develop and sustain key cutting-edge technologies. This requires supporting research and innovation, but also creating an appropriate regulatory environment. The previous commission had already taken steps to address infrastructure security in the face of growing cyberattacks. The 2016 Network and Information Systems directive obliges member states to identify essential network operators and then requires those operators to adopt appropriate cybersecurity measures and report breaches. In 2020, in the wake of growing concern about Chinese investment in Europe, the EU warned member states that non-EU vendors for 5G and other technology could pose significant risks, especially if they were closely connected to foreign governments. While the EU did not ban Huawei outright – despite US pressure – a number of European governments have curtailed Huawei’s role in their networks. At the same time, the commission outlined the importance of a European cloud service, and began discussions with the German and French governments, which had already launched the GAIA-X cloud project. These measures are clearly intended to promote a resilient infrastructure as a key element of technological sovereignty.

The second element of tech sovereignty is the ability to develop a European capacity in key emerging technologies. The commission has identified a range of technologies, including artificial intelligence (AI), super-computing, blockchain, and quantum communications, where Europe might become a global leader. A new Digital Europe research programme is expected to support this effort with €9.2 billion in funding, pending final approval of the EU’s next budget. In keeping with this ambition, in February this year, the commission released a preliminary legislative proposal on AI. It also released a strategy for data management, noting the importance of data collection and governance to almost all the key technologies.

There is a third element to the EU effort; one far more political and also a defining feature of the European approach. Ever since the passage of GDPR, the EU has seen itself as a global leader in establishing standards related to online activities that are intended to safeguard its citizens and ensure an ethical approach to the dilemmas posed by the digital world. This is not only true in privacy, including the “right to be forgotten”, but also in online content, where some EU countries have restrictions on illegal or hate speech. Whether EU standards accomplish those aims – and whether they are better than other arrangements – is less certain and a matter of political judgement.

Both the data strategy and AI proposal include potential rules seeking to ensure that data collected and controlled in Europe, and AI used in Europe, would be managed according to ethical and “human-centric” (but not yet precisely defined) standards. As Thierry Breton, European commissioner for the internal market, put it: “My goal is to prepare ourselves so the data will be used for Europeans, by Europeans, and with our values.”  The Digital Services Act, which is expected to be outlined by the commission in late 2020, is also expected to propose rules intended to reinforce European norms on content, consumer protection, and platform liability. Such rules go far beyond technological sovereignty, with its emphasis on infrastructure and key industries, and instead use an emerging set of European norms for behaviour and responsibilities in the digital world to develop standards that will have an extraterritorial – if not global – impact. By being the rule-maker, the EU hopes to gain more control over how digital activities are conducted within Europe and how its citizens are treated online, and thus enhance its broader digital sovereignty.

The US approach

The US has not undertaken such a comprehensive approach to digital policy. Instead, on the federal level, there have been sporadic efforts to address four separate concerns: privacy, consumer protection, security, and online content. Efforts have been divided among a group of federal agencies, including the Federal Trade Commission (FTC), the Federal Communications Commission, and the National Institute of Standards and Technology. In Congress, occasional bursts of interest in regulating the tech sector have usually faded with little consequential legislation. Given the absence of regulation at the federal level, some states have taken the initiative. Most prominently, California has adopted the California Consumer Privacy Act (COPA), which has many similarities to the GDPR and came into effect in 2020.

National US privacy legislation dates from 1974, when the Privacy Act provided certain protections for citizens when their data was held by the federal government. Laws addressing privacy in the health and financial sectors were passed in 1996 and 1999 respectively. None of these laws was intended to deal specifically with data protection online. Data protection in the US has not only been sectoral, but also focused on consumer protection. The FTC is responsible for ensuring that companies do not engage in “unfair or deceptive practices” and has used this power to examine whether Facebook and others have misled users about how their data is treated. Privacy has not been totally ignored in the US, however, as COPA, and the interest a few other states have shown in similar measures, demonstrates.

Security has been a major concern of the US government, especially following the attacks of 9/11. The initial response was for US intelligence agencies to undertake mass surveillance of online activities. This practice raised significant concerns not only in the US, but also in Europe. The Snowden revelations provided a considerable boost to European efforts to create comprehensive privacy legislation – an effort that would lead to the GDPR. Surveillance by the NSA was rolled back somewhat by the 2014 Freedom Act, which protected American citizens from bulk data collection, but instead required the NSA to submit more specific requests when asking for data from companies. Of course, in an era of terrorism and extremism, some of that data is useful to law enforcement on both sides of the Atlantic. The 2018 Cloud Act requires US technology companies to provide data requested by law enforcement agencies through a warrant or subpoena, even if that data is stored outside of the US. The United Kingdom has signed a bilateral agreement providing reciprocity and the EU has initiated negotiations to that end. Finally, one additional element of the US approach to online security is the concern about foreign vendors, whether Kaspersky cybersecurity products, or Huawei on 5G networks.

Since the arrival of social media, the US and Europe have been confronted with sometimes gruesome terrorist content online. More recently, concern has grown about the role of social media in spreading false or misleading information that has either political or health and safety consequences. While Europe has taken some steps to restrict and police such misuse, the US has taken few significant steps, as most speech is protected under the First Amendment of the US constitution. Only a few topics – such as child pornography or that identified as providing “material support” to terrorists – have been made illegal. Since the 2016 election, there has been increased debate, especially in Congress, about the role of social media in spreading false or misleading information. The social media companies have responded by requiring better identification from advertisers, but no significant legislation has been passed.

Differences in perspective

As this comparison of the US and EU approaches to digital policy reveals, there are two major differences in perspective. Firstly, the US has generally treated the digital economy as an extension of the traditional economy and applied existing regulation on privacy, content, consumer protection, competition policy, and other areas. The EU (and most member states) has viewed the digital economy as posing new challenges, both to consumers and to businesses, that require new regulations. In particular, concerns about the security of citizens’ data, the role of platforms in linking buyers and sellers, and the potential for harmful content on social media sites has spurred an effort to design a comprehensive regulatory regime for the online world.

Secondly, while European officials and opinion leaders often present this effort as a matter of achieving digital sovereignty, these words are almost never heard in the United States – and with good reason. The European search for digital sovereignty is rooted in a perception that Europe has to date been dominated by non-EU companies, especially US and Chinese firms, in the digital space. This is not a misperception. Of the top 100 digital companies identified by Forbes in 2019, only one EU company (Deutsche Telekom) made the top 20, while US companies claimed 12 spots; China and Japan two each; and Hong Kong, South Korea, and Taiwan one each. Less than 4 per cent of the market capitalisation of the world’s 70 largest platforms is European. In January 2020, Apple alone was valued at $1.42 trillion – more than the entire DAX index of Germany’s leading 30 companies.      

For the US – home of the so-called GAFA (Google, Apple, Facebook, Amazon) – there has been no need to recapture the digital economy from the influence of non-US companies. The presence of large Chinese online actors has only recently become a concern, primarily in the infrastructure and security fields. As a result, European concerns about US tech firms has seemed puzzling and even misplaced to many in US industry and government circles. Some have dismissed Europe’s ability to achieve its goals, while others have questioned whether this is simply protectionism, intended to establish a digital “Fortress Europe”. Moreover, European rhetoric about sovereignty has raised suspicions among some in the US tech sector and policy community: sovereignty from whom and for what purpose? Many in the EU portray digital sovereignty as the tech version of “strategic autonomy”, the EU ambition to achieve resilience, and more significant capabilities in the traditional defence and security realms. However, many in the US, even in the transatlantic policy community, asked similar questions about strategic autonomy – autonomy from whom? – and felt it was aimed at distancing the EU from the US.

The Trump administration has been particularly suspicious of EU ambitions in the defence sector, compared to previous governments. The administration has been less vocal in expressing concerns about EU digital policy, in part because digital issues have simply not been a priority. With a few exceptions, this administration has shown little interest in technology or digital policy, whether in the US, in the G7 or G20, or related to major trade and investment partners. The one exception is the prospect of a digital services tax, which has caused much concern. France approved such a tax, which would have affected companies – primarily US platforms – which generate €750m in global digital services and €25m in France. The Trump administration threatened the imposition of tariffs on French goods, until Emmanuel Macron agreed not to implement the tax while the OECD effort to find a consensus solution is under way. That process is expected to reach a conclusion at the end of 2020, but the Trump administration has recently suspended its participation in the effort, claiming that “no headway” was being made.

However, the US cannot ignore forever the impact of Europe’s search for digital sovereignty. The widespread implementation of the GDPR – including by many US firms – demonstrated to Europe that it could create regulations with global reach. As the EU ramps up its digital agenda, US companies are likely to face additional rules, especially on data governance, use of AI, platform liability, and other digital issues. These rules may affect, for example, the ability of US companies to import goods or services that use AI into the EU, or how they manage data pools derived from EU data.

Thus, the US and the EU each face a choice. The EU must decide how restrictive it will be in the name of protecting European citizens and supporting European innovation and companies. Will it discriminate against non-EU companies? Will its rules – however well intentioned – impede international trade in digital services and perhaps even stifle Europe’s ability to innovate and grow? As the world looks for a post-covid-19 economic recovery, European economic growth, including in the tech sector, is in everyone’s interest. Europe should look to build its digital sovereignty without becoming a digital fortress.

For the US, the choice is whether to engage with Europe as it moves forward on its digital agenda – or not. A refusal to engage, or even a continuation of the neglect of the past three years, will not prevent the EU from moving forward. US companies will have to comply with EU rules or lose a major market. The smart choice for the US is to engage with the EU and work to help shape its emerging legislation. That engagement, such as the recent US comments on the GDPR review, will be most effective if undertaken in an atmosphere of constructive cooperation, which has been missing from the US-EU relationship for some time. The US should seek early engagement on pending EU legislation on data governance, AI, and digital services. It should re-engage in the OECD process on digital services taxation. By constructing its own comprehensive federal privacy law, the US would put itself on a level footing with Europe and remove some of the uncertainties that surround continuation of data transfers across the Atlantic. Finally, the US and the EU together should inaugurate a Digital Council to provide their top leadership with a forum for discussing the rapidly evolving digital economy and how the US and EU can together adopt the best approach for their citizens and prosperity.


Публикации по теме:

Таави Котка. Семь шагов к созданию эффективного «электронного правительства»
Глава департамента информационных технологий правительства Эстонии рассказывает о том, как создавалось «электронное правительство» в Эстонии

Будьте в курсе,
подпишитесь на нашу рассылку

E-mail: info@eedialog.org

Все материалы сайта доступны по лицензии: Creative Commons Attribution 4.0
© 2019 Европейский диалог
escort eskişehir escort samsun escort gebze escort sakarya escort edirne