EU Data Localization Would Hurt U.S. Businesses

Stung by Brexit and set adrift by a neglectful U.S. foreign policy, the European Union has started to explore new ways of breaking away from the rest of the world, including taking steps to cordon EU data into locally managed systems. While this kind of protectionist move is short-sighted for the EU, it would also cause significant problems for U.S. businesses.

Americans have assumed the benefits of an open internet, where companies located nearly anywhere in the world can store and manage the information they receive in any way that makes sense to the business without undue government intervention in company choices or expenditures. We have built our technological infrastructures based on these rules since the beginning of the connectivity era thirty years ago.  Countries with closed political systems like Iran, China, and Russia have sliced their national internets off from the rest of us to maintain political and financial control, but we understood this might happen and have approached their markets differently.

But we have all assumed that free societies would be participants in an open and free internet – for information as well as business.  Maybe this was naïve. The U.S. First Amendment protections of free speech and association have no direct counterpart in Europe, and the EU/UK limits on free speech are troubling to the prospect of free expression online. But has seemed that allowing businesses to manage their data from servers in their home countries, which was a fundamental tenet of electronic commerce, may have reached its end.

The dominance of U.S. tech firms over the major data-collecting activities on the non-Chinese portion of the Internet – Google/Microsoft over search, Facebook/Microsoft over social media, Amazon over e-commerce – with no equivalent players from Europe, South America, or the rest of the English/Spanish speaking world, has placed pressure on the EU to clip the wings of huge entities largely beyond their control. It has also caused intellectual and governmental concern in Europe about how to create European versions of these successful companies.

Earlier this year, the New York Times reported on a “generational effort” in Europe to develop European solutions to the digital age. The plan included investing heavily in A.I., encouraging the development of EU-based data companies, and slamming the U.S. and Chinese data companies with restrictions, especially in the anti-trust and data privacy spaces. The Times wrote, “as Europe has created a reputation as the world’s most aggressive watchdog of Silicon Valley, it has failed to nurture its own tech ecosystem. That has left countries in the region increasingly dependent on companies that many leaders distrust.” Leading the world in tech business innovation is one thing; leading the world in tech business regulation is another.

I have already written twice about the growing enthusiasm for data localization in the EU, here and here, but I have not discussed why it matters for U.S. business.  All companies based in America should be concerned, not just tech firms, if one of our largest trading partners decides it needs to dictate how foreign businesses organize their databases, maintain their infrastructure, and spend their money. It is clear that EU regulators and Euro-crats want to limit Facebook, Google, Amazon, Microsoft, and Apple as much as they possibly can, but in doing so their rules will likely harm every U.S. manufacturer with plants and customers in Europe, every consulting company with European clients, and every retailer that sells online worldwide.

For any business wanting to avail itself of the EU marketplace, data localization will be like another tax – there may be specific data-focused taxes as well. But this will be an extra set of costs in organizing technology infrastructure and meeting new regulations that will drain profitability from any such venture. In addition, EU Internal Market Commissioner Thierry Briton has pushed forward a plan for companies collecting information in the EU to share with the European governments and with competitors. The EU rules already stand for the proposition that the data you collect on your own transactions does not belong to you, and may soon stand for the proposition that your valuable business data should be shared with people who want to hurt your company.

Importantly, if the EU moves toward data localization, other countries and regions would be empowered to do the same. The U.S. and the EU have been discouraging trading partners from closing off, and the concept that a free and fair internet helps everyone is one of their best arguments for openness. Closing down significant data movement from the EU would ruin this point, and others would react. At the moment, only those companies aspiring to iron political control over all information are localizing their data.  But if Brazil, Japan, or even Australia thought that it could localize its internet to protect its own local companies, then the business internet would quickly be closed off into discrete rooms encouraging local business. U.S. companies looking to expand into other markets would suffer through additional regulation, costs, and in some cases, partial or complete restriction from competing in these markets.

This is not an academic discussion.  If the EU moves to localize its data and restrict movement out of a “fortress Europe” then companies around the world will suffer. We need to dissuade the EU from taking this course.