US-EU Digital Relations in Practice: Part II
30 September, 2021
Following the election of Joseph Biden in November, 2020, many experts believed that the coming of a new presidential administration in the United States would represent a reset in US-EU relations. While leaders on both sides of the Atlantic have signaled a clear desire for a rapprochement, which included gestures such as the lifting of taxes on Airbus and Boeing by the US and EU respectively, the systemic issues brought to the forefront by the Trump administration have shown no easy fixes. Further cooperation has begun in several areas such as security and the rollout of 5G infrastructure, while issues such as data transfers remain more complex to resolve.
The diplomatic gestures taking place at the EU level with the United States have been conciliatory. On December 2nd, 2020, the EU made its first formal overtures to the new administration as the EU High Representative of Foreign and Security Affairs issued a joint communication saying it represented a “once in a generation opportunity” to design a new transatlantic agenda. For the digital sector, this entailed opening a transatlantic dialogue on the responsibility of Big Tech, protecting critical infrastructure starting with 5G, deriving an agreement on AI, and establishing an EU-US Trade and Technology Council.
The rapprochement, however, was not meant to proceed without obstacles, since differing strategic priorities between Washington and Brussels came to the forefront. Biden’s reluctance to remove steel and aluminum tariffs and possible EU retaliation look poised to stymie the prospects of a comprehensive EU-US trade agreement in the near future.
Other issues have centered upon how to engage with China. Shortly after the Joint Communication was issued, Brussels signed a landmark investment deal with Beijing that was intended to boost large European investors, particularly German car makers; an approach which contrasted heavily with the Biden administration’s strong condemnation of Beijing over the treatment of its Uighur minority in the province of Xinjiang. Regardless, the Europe-China relationship quickly took a nosedive by March. In response to EU sanctions against four Chinese officials over Xinjiang, China responded with counter-sanctions against European parliamentarians, academics, and diplomats, causing several European states to refuse to ratify the proposed investment agreement.
That China was willing to come to blows with Europe provided an opportunity for the United States to step in and engage more fully with Europe in a number of areas, since both parties share an interest in preventing Beijing from gaining economic dominance in a number of high value sectors. Of additional concern to both parties in light of the storming of the U.S. Capitol on January 6th by a pro-Trump mob, was the need to regulate Big Tech and impose limits on the ability of algorithms to impact democratic processes.
On March 5th, 2021, Joseph Biden and Ursula Von Der Leyen spoke for the first time by telephone. The two leaders pledged to cooperate closely on containing the COVID-19 pandemic, resolve disputes related to the WTO, climate change, strengthening democracy, and technology and innovation. Von Der Leyen reiterated the call for setting up a ministerial-level Trade and Technology Council to “address innovation challenges” and “build our transatlantic technology alliance”. Shortly afterwards, Biden became the first U.S. leader to participate in a meeting of the European Commission.
What Will the Biden Administration Contend With?
Recent data shows that U.S.-led efforts to counteract Huawei’s dominance in 5G infrastructure have proven to be effective. Begun under the Trump administration, efforts to pressure European countries to exclude Chinese suppliers of the technology are being continued under Biden. Germany, in particular, while still a notable customer of Huawei, announced a $2 billion program to implement Open RAN, a hardware-based alternative to standard 5G technology that is being promoted by the United States, that is open to the participation of other European countries.
Other issues, however, have not been so clear-cut. Concerns over personal privacy and surveillance lie at the heart of disagreements over how Big Tech and AI technology should be regulated. The proposed Digital Markets Act and Digital Services Act seeks to establish a code of conduct by large “gatekeeper” tech firms operating within the Digital Single Market – commonly understood to mean the GAFAM (Google, Apple, Facebook, Amazon, Microsoft) companies. While the position of the Biden administration on these proposals isn’t publicly known, he will be expected to balance the concerns of digital business interests – which have historically viewed EU legislation as onerous – with the imperative to regulate. Furthermore, Europe’s move to impose a tax on digital services has been viewed by some in the United States as a measure imposed against U.S. tech companies. Recent moves to regulate AI have also been viewed in the same light in some circles, as companies such as Google and Amazon make heavy use of AI algorithms considered “high risk” by European regulators. Moreover, continued confusion surrounding GDPR has disrupted data streams for health research, particularly with U.S.-based researchers and institutions. Replacing the EU-US Privacy Shield will not be an easy process in the coming years due to the lack of comprehensive privacy legislation in the United States as well as differing positions on privacy within the European Union itself.
Research points to an on-the-ground reality that counters the notion that separate regulatory regimes on either side of the Atlantic could be enforced unilaterally. A four-year, longitudinal study of 225 iOS and Android apps popular in Germany carried out by Jacob Kröger of the Technische Universität Berlin, Jens Lindemann of the University of Hamburg, and Dominik Herrmann of the University of Bamberg and presented at the 2020 ARES Conference in Dublin found that compliance with Subject Access Requests for personal data across the mobile app industry was severely lacking, regardless of the location of the app itself and both before and after the implementation of the GDPR.
While this has been the only long-term study carried out before and after the GDPR’s implementation on the same vendors over time, such evidence of patchy industry compliance with privacy law both within and outside of Europe are nevertheless in line with those of previous studies such as Urban, Tatang, Dedeling, and Holz, as well as Norris and L’Hoiry.
In spite of this, the number of responses to Subject Access Requests containing personal data in a usable format, and/or a response containing a credible statement that personal data weren’t being stored, were higher in the EU as an aggregate at 45%, than the rest of the world at 31%. In the same study, some app vendors even went so far as to issue deceptive or misleading statements (7%-13%), or leaked data to third-party vendors during the process of processing the Subject Access Requests.
Indeed, while many of the apps themselves were resident inside the EU, they were sold on Google Play and the Apple Store using American services such as Zendesk and Salesforce to respond to customer inquiries. It would therefore require a strong, bilateral effort between the European Union and the United States to delegate the responsibility for compliance appropriately in a way that disentangles the regulations in force between the two great markets without decoupling, which would be a highly counterproductive notion in the digital market.
Experts on the digital economy have proposed several solution frameworks that could help rebuild the transatlantic technological alliance. While a comprehensive diplomatic agreement on the free flow of data and technology remains elusive, incremental solutions which focus on specific subject areas that remain at an impasse can still be brought forth.
Negotiations to replace the Privacy Shield in light of the Schrems II judgement by the European Union Court of Justice will need to be intensified. This will require regulatory overhauls on both sides to ensure that data flows comply with the legal systems of both powers. In a virtual talk given at the Carnegie Institute, Estonian President Kersti Kaljulaid outlined the need for the United States government to grant its citizens a secure, encrypted digital identity akin to a passport to ensure fundamental protections against identity theft and surveillance within the digital space, along with an accompanying legal framework limiting the practice of blanket surveillance and ensuring a right of redress. The European Union, in turn, would need to clarify ambiguities surrounding GDPR to ensure the smooth flow of data for crucial elements such as law enforcement and research, in order to alleviate Washington’s concerns about national security and the functioning of global supply chains in the age of Coronavirus, of which data inevitably plays a part.
Similarly, the United States and the EU will need to work towards convergence when it comes to regulating Big Tech. The United States has indeed begun to consider the impact of algorithms on the democratic space and potential anticompetitive practices by specific companies, launching an antitrust lawsuit against Google using existing authorities in October, 2020. The political momentum in the United States towards cracking down on the seemingly omnipotent power of large data gathering firms is building, leading to increasing agreement at the multilateral executive level on comprehensive reform.
On the other end, many experts hold that the European Union cannot rely on a single code of conduct for online “gatekeeper” platforms such as the GAFAM companies to inform its Digital Markets and Digital Services Acts, partly because, owing to differences in the way these platforms operate, what may constitute a conduct violation when carried out by Google may not have the same effect on fundamental rights when carried out by Amazon, and vice-versa. A study at the University of Surrey commissioned by the European Parliament, called for customized codes of conduct for various digital platforms according to their technological specifications and targeted users.
According to a report issued by the Congressional Research Service, the use of existing international institutions such as the WTO and OECD could provide forums for dialogue between the US and EU on sorting out these issues. Conversations about the role of new technologies such as AI and 5G, data privacy, common industrial standards, and setting common standards of conduct will need to be bilateral and straightforward in order to reflect the on-the-ground reality of an intertwined global economy. The shared democratic values of the US and EU provide the means to engage in productive cooperation at all levels, including in the digital space.