The inaugural meeting of the U.S.-EU Trade and Technology Council, which was established to seek common agreement on the rules for digital trade, gets underway Sept. 29 in Pittsburgh. Washington’s interest in participating was bolstered by corporate alarm over the EU’s draft Digital Markets Act, which almost exclusively targets five companies, all American: Google, Amazon, Apple, Facebook and Microsoft.
The European goal is an understandable one, to provide opportunities for European companies to compete with those tech behemoths, even though none appear able to take immediate advantage of the new rules. Instead, the legislation opens the door to Chinese and Russian companies.
The EU’s Digital Markets Act classifies certain companies as “gatekeepers” based on their number of users, capitalization, or turnover, and imposes new obligations and restrictions on how these companies can conduct business. Unlike earlier EU legislation, which targeted all companies that collected data on EU citizens, this one applies only to a select few U.S. corporations.
The draft act would require these companies to transfer sensitive data or code to third-party providers without geographic restrictions. This means that Chinese and Russian firms, which are already well-supported by their autocratic governments, would potentially receive access to sensitive data that they could exploit in order to support not only their businesses, but also the foreign policy goals of their state. For example, Russia Today (RT), a Russian state-controlled media company, has continuously pressed for greater inclusion on U.S. platforms in an effort to spread its anti-democratic narratives to a wider audience.
Even worse, the act requires “gatekeepers” to provide access to systems and tools operated by U.S. companies, putting at risk sensitive code and design features as well as potentially compromising security features and system integrity. It requires companies to provide third-party online search engines with access to information regarding ranking, query, click-and-view data, which could help an autocratic government clamp down on their own dissident citizenry. Finally, the “gatekeepers” would have to provide access to high-quality, continuous, and real-time information on user data, which could include proprietary commercial or technical insights.
The trick now — albeit a diplomatically difficult one — is to convince the European Union to amend this draft act so that it does not solely apply in scope to U.S. companies. The final legislation should protect consumer choice in Europe in a manner that does not break U.S.-EU regulatory cooperation. Indeed, the act should call for greater cooperation with the United States to protect EU consumers and other from Chinese and Russian practices.
The trade technology meeting in September will conclude with a statement, which among other things should affirm that the European Union and the United States will stay aligned on regulating digital trade. Any new regulation by the European Union and the United States should be coordinated and support our shared national security objective: keeping Chinese and Russian actors from acquiring data they could use against U.S., European, and even their own citizens. The dangers are already evident in the way China and Russia are using “smart city” or surveillance technology to control their citizenry, and by the blatantly symbiotic relationship between cybercriminals and the Kremlin.
Indeed, there is a case to be made for transforming the Trade and Technology Council into a broader Trade, Technology and Security Council. Adding security issues could help further address technology and cybersecurity priorities, including protecting procedural safeguards on intellectual property and ensuring no regulatory initiatives degrade the security of devices and platforms.
Moreover, this regulatory cooperation should expand beyond the transatlantic alliance to include key democratic allies such as South Korea, Japan, Taiwan, Australia and Israel. Transatlantic standards should ideally become global or, at a minimum, agreed to and adopted by all countries who share our democratic values, including concern for individual privacy and human rights.
But right now, with new U.S.-EU tensions flaring and a lot at stake in the digital trade arena, the upcoming Trade and Technology Council meeting is the place to start. We need to focus our diplomacy on protecting the transatlantic alliance, not just in general but specifically on technology.
This time, we can talk to the Australians later.
