09 Mar 2026 Data protection: Burden or obligation?

Reuters recently reported that US diplomats worldwide have been ordered to track and counter data localization efforts, naming the European Union’s General Data Protection Regulation (GDPR) as an example of “unnecessarily burdensome” regulation.

According to Reuters, “Experts say the move signals the Trump administration is reverting to a more confrontational approach as some foreign countries seek limits around how Silicon Valley firms process and store their citizens’ personal information – initiatives often described as ‘data sovereignty’ or ‘data localization’.”

This is not the first time – nor is it likely to be the last – that the current US Administration tries to control or block legislation aimed at protecting people’s fundamental rights and freedoms in relation to communication, data, and Artificial Intelligence applications.

At last year’s Internet Governance Forum, Jennifer Bachus, Acting Head of the Bureau of Cyberspace and Digital Policy at the U.S. Department of State, openly asserted that American technology companies should not be subject to regulation by foreign governments: “The United States is troubled by reports that some foreign governments, including here in Europe, are using policies that could tighten the screws on U.S. top companies with international footprints, and we will not accept that, and we think it’s a terrible mistake.”

The unregulated collection of data is inextricably linked on the one hand to its economic benefit – the huge profit margins of mega-corporations – and on the other hand to government surveillance. The security services and the military need the data provided by surveillance to track and in certain cases to eliminate dissent.

Governments insisting on no regulation are hiding behind economic laissez-faire policies to conceal data gathering and its use by their security services and military. Surveillance itself is camouflaged as (inter)national security to facilitate the tracking and location of terrorists and even their assassination – as, recently, Ayatollah Ali Khamenei.

Government and corporate interests are in cahoots. For example, as reported in The Guardian, “OpenAI helped launch a $125m lobbying initiative, a Super Pac, to make sure no state can regulate AI. It’s attacking any politician who tries to pass safety laws. It wants Trump, and only Trump, to write the rules for the most powerful technology on earth. Every month, subscription money from users around the world flows to a company that is embedding itself in the repressive infrastructure of the Trump administration.”

Data sovereignty is crucial. It makes data subject to the laws and governance of the country in which it is stored and transmitted. The world’s largest cloud providers, such as Amazon Web Services (AWS), Microsoft Azure, and Google Cloud, operate under US laws. Yet the pretext of avoiding “unnecessarily burdensome regulation” means that the US government is guaranteeing access in a bid to advance its own economic and security agendas.

Today, state-sponsored cyber threats are escalating, with attacks targeting critical infrastructure, government agencies, and private enterprises. Increasingly, such attacks are facilitated by Artificial Intelligence, which can be used to help thwart them. However, it’s a merry-go-round as AI tries to stay one step ahead and at which quantum computers (most of whose developers are based in North America) are going to be much more adept.

The US call for non-regulation masks its intention to own and control personal and corporate data assets. As a key dimension of today’s communication rights, data sovereignty must be robustly protected. Digital justice demands no less.

Photo: Gangis Khan/iStock