Contents
The Importance of the Digital Economy 2
The Growth of Digital Trade. 4
The Growth of “Digital Mercantilism” 4
Limiting Cross-Border Data Flows 5
Government-Driven Import Substitution. 6
Mandated Edge Provider Payments to Domestic ISPs 7
Digital Standards Manipulation. 7
Taxing Streaming Platforms and Other Tech Companies to Subsidize Domestic Content 13
Arbitrary Privacy Enforcement 14
Allies, Adversaries, and Unaligned. 14
How Should the United States Respond? 19
Strong Digital Trade Advocacy Does Not Preclude Domestic IT Regulation. 19
Time to Get Back on the Globalization Horse. 22
Amend, and Use, Section 301 to Target Digital Trade Issues 24
Pursue a Section 301 Investigation of the DMA (and Other EU Digital Sovereignty Initiatives) 24
Use Department of Commerce ICT Service Reviews to Cover EU Firms 24
Limit the Transfer of U.S. Citizens’ Data to Nations That Limit the Transfer of Their Data. 25
Support the Next Round of Information Technology Agreement (ITA) Expansion. 25
Embrace and Extend the Moratorium on Customs Duties on Electronic Transmissions 26
Limit U.S. Aid to Countries That Engage in Digital Protectionism. 26
ITIF defines digital economy industries as more than just Internet companies; they include firms involved in the entire “stack” of information technology (IT), including chip design, semiconductors, hardware, software, e-commerce, and Internet services. In addition, more and more industries are becoming digital industries relying on computing, communications, and software (including AI) as core parts of their offerings and business models.
While digital technologies are important to most industries, it is important to note U.S. Internet, software and e-commerce firms are world leaders. As ITIF’s Hamilton Index of industrial competitiveness showed, the United States leads in the IT and information services sector (e.g., software and Internet services) with 37 percent of the global market share in 2020 (the latest year available), and, in contrast to virtually all other U.S. advanced industries, that share is growing.
Figure 1: Top 10 producers’ historical shares of global output in IT and information services[1]
One key role that these firms, especially large ones, play, is their massive investment in research and development (R&D). Of the top six R&D investors in the world in 2021, five were American tech companies (Amazon, Alphabet, Meta, Microsoft, and Apple), and the other was Huawei. These five firms invested more in R&D than the top 81 Chinese-owned firms combined, with Amazon by itself investing more in R&D than the total amounts invested by Canada, France, or Italy.[2]
In 2022 (the most recent year of reported data), the gross value added of the digital economy was $2.6 trillion, or 10 percent of U.S. gross domestic product (GDP), according to the Bureau of Economic Analysis (BEA). From 2017 to 2022, while U.S. GDP overall grew at an annual rate of 2.2 percent, the U.S. digital economy grew 7.1 percent per year. The digital economy also accounted for 8.9 million U.S. jobs in 2022, with annual compensation growing to $1.3 trillion.[3]
The BEA divides the digital economy into four major categories: digital infrastructure, including software and hardware; e-commerce; priced digital services, including cloud and data services; and federal nondefense digital services. In 2022, software represented the largest share of value added in the digital economy (24 percent) followed by telecommunications (18 percent). Cloud services saw the fastest growth of all digital economy activities, with an average annual growth rate of 27.2 percent from 2017 to 2022. Cloud services are now valued at $192 billion.[4]
Globally, the digital economy continues to balloon. Since 2000, intangible assets have more than doubled as a share of global revenue, from 5.5 to 13.1 percent.[5] What’s more, the digital economy is expected to double in size once again over the next four years, with the market value expected to grow from $16.6 trillion to $32.9 trillion in 2028.[6] The international digital economy has grown two and a half times faster than the global economy over the past 15 years and is now equivalent to over 15 percent of global GDP.[7]
While most think of the digital economy as being driven by large Internet firms, the reality is that many industries are becoming digital. Motor vehicles are now “computers on wheels.” Manufacturing is becoming “smart.” And more. That means that a growing number of “traditional” industries—from oil and gas to manufacturing and retail companies—rely on data from their operations, suppliers, and customers around the world to make routine decisions. As ITIF found almost a decade ago, firms like the mining company Rio Tinto, consumer products maker Unilever, Royal Dutch Shell, retailer Tesco, financial service firms ING, Boeing, and Alliance Medical move data across international borders to improve operations and customer service.[8] Indeed, over 75 percent of the value added by data flows over the Internet accrues to traditional industries.[9] Further, over 50 percent of all traded services are enabled by the technology sector, including by cross-border data flows.[10] The value of international data flows has surpassed the value of physical goods trade, meaning the movement of bytes across the global digital economy is every bit as important as the movement of atoms.
There is probably not a single company with operations, suppliers, and customers in more than one nation that does not rely on moving data across international borders. Moreover, no international trade can take place without collecting and sending certain data—such as names, addresses, and billing information—across borders. Opponents of data flows and digital trade seek an economic model where local firms are protected from foreign competition, but this protection would also cut them off from the use of global digital tools, essentially forcing them to remain small players in their home markets.
As the digital economy has grown globally, it has become an increasing focus of policymakers across the world; unfortunately, more often than not, it’s to enact unfair and protectionist measures that discriminate against foreign firms. Because U.S. companies lead in digital technologies and services, these measures have a disproportionate negative impact on U.S. jobs, export earnings, and companies. And while it is bad enough that America’s key adversary, China, is engaged in these practices in spades, unfortunately so too are many U.S. allies.
There are many different types of digital mercantilism practices. But at heart, the lion’s share of these policies and practices are discriminatory, designed to either extract money from large American companies, or favor domestic companies and domestic jobs, or both.
Data localization refers to the practice of countries prohibiting or limiting the transfer of data outside their borders. The number of data-localization measures in force around the world has grown dramatically.[11] In 2017, 35 countries had implemented 67 such barriers. By 2021, 62 countries had imposed 144 restrictions—and dozens more are under consideration. In 2021, China was the most data-restrictive country in the world, followed by Indonesia, Russia, and South Africa.[12] But many other nations have gotten on the bandwagon. For example, Vietnam’s Decree 72 would force foreign firms to store data locally. Firms providing websites (article 37), social networks (article 38), content over mobile telecommunication networks (article 44), and online video games (article 66) would all be forced to store data locally.[13] Bangladesh has gone down the same path.[14]
Nations attempt to justify such practices on privacy and security grounds. But the reality is that nations can have robust domestic rules on privacy and cybersecurity without limiting cross-border data flows. The reason is that national privacy (and cybersecurity) rules follow the data, no matter where it goes. For example, if an American company with a legal presence in a European Union (EU) member state transfers an EU person’s data for processing and analysis to the United States, that company does not magically escape the restrictions from Europe’s privacy law, the General Data Protection Regulation (GDPR). And if it violates the GDPR either in Europe or the United States, the European national privacy regulator can bring action against the company.
Even if some policymakers will acknowledge that reality, some nations or regions, especially the EU, play the government surveillance card. Europe, and its courts, have articulated differing standards when scrutinizing U.S. surveillance practices as compared to what it allows for EU member states and even other nations.[15] Edward Snowden’s leaking of the U.S. National Security Agency’s intelligence collection programs have led to successive Court of Justice of the European Union (CJEU) cases that have restricted and cut off data flows to the United States. CJEU judgments (Schrems I and Schrems II) have invalidated two transatlantic data transfer arrangements—the Safe Harbor Framework and the Privacy Shield Framework.[16] If there is an open question whether data transfers from the EU to the United States comply with new European law, there is a clear answer on China and other authoritarian regimes—their safeguards bear no “essential equivalence” to EU standards of privacy.[17] Never mind the fact the European Data Protection Board (EDPB) conducted a detailed study into government access to data in China, India, and Russia, and yet, there are no calls to cut off data to these countries.[18]
At the same time, European governments have received a mostly green light from the CJEU to continue their own bulk metadata programs for national security purposes.[19] The CJEU opened the door a crack for continued bulk metadata retention for national security purposes in Europe in the recent “La Quadrature du Net and Others” (LQDN) judgment.[20] European policymakers have long deflected calls of hypocrisy, as Article 4(2) of the Treaty of European Union states that national security “remains the sole responsibility of each Member State.” The CJEU decided that if a member state determines that a “serious threat to national security” exists, it may order service providers to collect and retain bulk metadata, so long as the program is “not systemic in nature,” Soon after, France’s highest administrative court, the Conseil d’Etat, ruled that such a threat existed and that the French government could continue to utilize metadata previously retained for national security purposes.[21]
Finally, it is important to note that while the free flow of data is important, it is not absolute. Some Internet fundamentalists believe that all data “wants to be free” and there should therefore be no restrictions on data flows, within or between nations. This is like saying just because free trade is good that there should be no barriers to trade in endangered species. When the United States advocates for an open Internet and the free flow of data, it needs to make clear that it is referring to legal data. Child sexual abuse material is clearly not legal, and countries should block such flows. Downloading or streaming digital content without the owner’s permission is also illegal and, as ITIF has written, countries should block access to such pirated content.[22]
Many governments resent U.S. success in digital industries and seek to implement protectionist laws to replace American presence. For example, in 2020, the EU created the GAIA-X project and the European Cloud Initiative, in essence, to replace U.S. cloud providers. As usual, Europe tried to drape its efforts in moral values, and seemingly upstanding public policy objectives. Europe frames GAIA-X as an “open, transparent and secure digital ecosystem, where data and services can be made available, collated and shared in an environment of trust.”[23] The EU asserts that with GAIA-X, it wants to create European cloud services and a marketplace to exchange data on conditions that apply “European values” to data protection, cybersecurity, and data processing.[24] This is, of course, nonsense, because American cloud providers must comply with EU law when operating in Europe. It’s true objective—to replace U.S. providers—is clear. In 2021, Amazon, Microsoft, and Google’s cloud services accounted for 69 percent of the EU cloud market. Europe’s biggest cloud player, Deutsche Telekom, accounted for only 2 percent.[25] This isn’t the first time France, Germany, and others have tried to forcibly replace U.S. cloud providers and other vendors, such as in search (e.g., via the French-supported Qwant search engine, which failed and was bailed out by Huawei in 2021).[26]
In 2019, France’s finance minister, Bruno Le Maire, stated that France has enlisted tech companies Dassault Systemes and OVH to “break the dominance of U.S. companies in cloud computing.”[27] Indicative of how GAIA-X fits into their plans, in September 2021, France’s digital minister told French GAIA-X participants to “go faster” because they held “in [their] hands … no more no less than a part of France’s digital sovereignty.”[28] In October 2021, French President Emmanuel Macron lamented that Europe was “very late” with its sovereign cloud plans.[29] This is ironic because the EU enjoys a massive trade surpluses with the United States—in sectors like drugs, chemicals, cars, and machinery—while the United States enjoys a modest, if not tiny trade surplus in digital services (such as cloud computing), but that is not enough for the EU; it wants to run a trade surplus with America in digital industries too.[30]
Many nations have passed laws requiring cloud computing services to be physically located in their country. For example, in 2022, France enacted updated “sovereignty requirements” as part of a new cybersecurity certification and labeling program known as SecNumCloud. Its “sovereignty requirements” disadvantage—and effectively preclude—foreign cloud firms from providing services to government agencies as well as to 600-plus firms that operate “vital” and “essential” services. The latest SecNumCloud guidance (v3.2, March 2022) retains broad data localization requirements for all data (both personal and non-personal) and foreign ownership and board limits, which would effectively force foreign firms to set up a local joint venture to be certified under SecNumCloud as “trusted” and thus able to manage European data and digital services. A prior post for the Cross-Border Data Forum also analyzed this proposal and how it breached EU trade law commitments under the World Trade Organization (WTO) Government Procurement Agreement (GPA). France is leading efforts to embed SecNumCloud’s “sovereignty” requirements in the European Union Agency for Cybersecurity’s (ENISA) Cybersecurity Cloud Services scheme, which is under development.
The latest version of SecNumCloud explicitly requires suppliers of cloud computing services to store and process their customers’ data within the EU. This effectively constitutes a ban—or a “zero quota” in WTO terminology—on the cross-border supply of these services. In the U.S. gambling case at the WTO’s dispute settlement body (DS285: United States—Measures Affecting the Cross-Border Supply of Gambling and Betting Services), the WTO made it clear that a zero quota (in that case, the United States blocking of Internet gambling from Antigua) violates the General Agreement on Trade in Services (GATS) market access obligation (specifically, Article XVI:2(a)).
A number of nations have proposed or implemented so-called “Fair Share” policies—in which content companies, like streaming services, would be required to pay government-mandated fees to domestic Internet service providers (ISPs) to deliver streaming and other content to consumers. These policies distort the pricing of peering and transit services, disrupting efficient traffic management and raising consumer costs. After adopting such a policy, South Korea has seen higher latency, higher transit and consumer broadband prices, and a decline in available of content.
Similar policies proposed but not yet enacted in Europe and South America suffer from the same fatal flaw of thinking: that there is a free lunch to be had at the expense of American tech companies.[31] To begin with, like any other tax, the burden of these mandated fees falls on domestic consumers, not just foreign content companies. Moreover, the premise that American companies are the source of much Internet traffic and therefore ought to pay government-mandated rates to have it delivered, is fallacious. By and large, Internet traffic is requested by end users, not arbitrarily sent by content companies. [32] It would be like charging foreign washing machine and refrigerator companies a fee that goes to the local electric utility because these devices use electricity.
Moreover, content providers have invested heavily in content delivery networks and caching, both of which reduce burdens on ISP infrastructure. Moreover, ISPs and content providers should be free to negotiate peering and transit deals, but foreign ISPs hurt consumers and the Internet as a whole when they seek favoritism from their domestic regulators because they don’t like the deal they got.[33] If ISPs are worried about too much data use, then they should charge heavy data users more. But going after American content providers is much easier: free money for the EU ISPs and less competition for their own content channels.
Like most technologies, digital technologies are based on standards, ensuring interoperability. These standards process have long been established by a wide variety of voluntary, industry-led standards bodies, which lead to the best standard being adopted.
However, in a bid for its so-called “digital sovereignty,” the EU wants to ignore international standards-setting processes (and related trade law) for new technologies such as artificial intelligence (AI). The EU’s theory of the case is that by setting its own standards rather than following standards developed by international organizations, it can promote European “values” in areas like data protection, cybersecurity, and ethics.[34]
But the logic and process reek of protectionism. By rejecting global technical standards in favor of its own alternatives, the EU is trying to give its firms an advantage over foreign competitors. For example, the EU’s “common specifications” sound obscure and non-threatening, but they are potentially powerful tools for protectionism. A common specification is defined as “a document, other than a standard, containing technical solutions providing a means to comply with certain requirements and obligations established under (laws/regulations).” This requirement features in recent legislation and regulations for medical devices, cybersecurity, the AI Act, machinery products, and the Data Act. For example, the AI Act specifically mentions it in the context of AI risk management and record keeping. In the Data Act it’s mentioned in relation to building interoperability of common European data spaces. When the Commission creates common specifications for these technologies, it will be mandatory for firms to abide by them to sell into the EU market.
The EU can use common specifications to override or ignore international standards when and how it sees fit. For example, it can do so when no harmonized European standard exists or if one needs revisions. They can also do so if one of the three key European standards organizations denies or delays the EU’s request to develop standards. Or if the EU simply deems the relevant international standard “unsatisfactory” or does not address European legislative requirements or the EU’s standardization request. The European Commission, at any point over the last few years, could have clarified that common specifications are a tool of last resort and that deference would be given to international standards. But it hasn’t.
The EU could easily engineer a situation to use common specifications, such as setting an unrealistically short deadline for standards or saying they are too slow. For example, the AI Act sets an unworkable two-year deadline for two European standards bodies to develop a broad and complex set of (local) standards. Never mind that this tasking ignores the years of work that a joint committee of the International Standards Organization (ISO) and the International Electrotechnical Commission (IEC) has already done since 2019 on AI standards. In another case, the Commission released the standardization request for the Accessibility Act to the European Telecommunications Standards Institute (ETSI) at the last possible (legal) moment. It is virtually assured ETSI will miss the compressed legislative timelines, even though it has already spent years working on relevant standards.
The EU can do this as common specifications don’t have the critical safeguards of standards developed at international organizations—no transparency, inclusiveness, due process, or appeals mechanism. In contrast, the EU can handpick participants—who may not be technology experts but simply Commission officials—to work behind closed doors (away from scrutiny) to develop common specifications that are mandatory in the EU market. WTO members anticipated that countries could try to impose local technical specifications as trade barriers, exactly as the EU is now doing. That’s why WTO members have committed to using open, transparent, and voluntary standards. The EU and its member states are WTO members and are now violating their commitment.
Many nations have proffered a fanciful notion, which goes against long-standing corporate tax treaties, that foreign (usually U.S.) digital companies should pay corporate taxes to their own treasury department rather than to their home country. These are nothing more than raw tax grabs and an array of nations have gone down this road. As the Tax Foundation writes:
Austria, Denmark, France, Hungary, Italy, Poland, Portugal, Spain, Switzerland, Turkey, and the United Kingdom have implemented a DST. Belgium and the Czech Republic have published proposals to enact a DST, and Latvia, Norway, Slovakia, and Slovenia have either officially announced or shown intentions to implement such a tax.[35]
These taxes discriminate against one sector and one type of firm. The Organization for Economic Cooperation and Development (OECD) has made it clear that the issue of digitalization and international tax goes far beyond narrow digital companies: “Instead, it considered digitalization as a transformative process affecting all sectors brought by advances in ICT.”[36] It went on to state: “Because the digital economy is increasingly becoming the economy itself, it would be difficult, if not impossible, to ring-fence the digital economy from the rest of the economy for tax purposes.”[37] Yet that is exactly what most DSTs would do.
All proposals discriminate against large firms. For example, Canada’s proposal arbitrarily sets tax thresholds with no logic behind them other than to sweep in the largest U.S. firms. The DST thus perversely gives firms, including Canadian ones, an incentive to not grow. Once a firm hits the magic threshold of CA$20 million in Canadian digital services revenues, it would face a 3 percent tax on those revenues. If a firm is earning CA$19 million in Canada, the smart thing for it to do would be to stop growing there. If it earns $1 million more, it would face a tax of $600,000. This incentive not to grow will mean fewer Canadian jobs.[38]
Proponents of digital services taxes have tried to justify this tax grab by claiming users are creating value and therefore that value should be taxed where users reside. (otherwise under international corporate tax agreements, foreign nations are not allowed to tax other countries’ corporate profits.) In fact, users do not create value; companies do. Users consume, digital companies produce.[39] The idea that a Canadian user of Google or Facebook creates value (and hence the service is produced in Canada) is nonsense.
When I buy Canadian Honey Butter from my local grocery store in Washington, D.C., the U.S. government does not impose a tax on Dickey Bee Honey, because Dickey Bee pays its corporate taxes to Canadian governments (federal and provincial). Likewise, when a Windsor resident buys their Canadian honey butter at a Walmart in Detroit, Canada cannot tax Walmart’s earnings just because some of it came from Canadian purchases. It’s no different when a resident of Windsor searches Google. They are coming to Canada and the actual production of value is occurring in the United States. Despite what DST advocates say, digital services consumers are not producers that trigger tax nexus. This would be like saying that I am a producer of honey butter if I, as someone living in the United States, send Dickey Bee Honey a suggestion for how to improve its label.
Some, especially in Europe, will argue that that even if value is not created domestically, that these American companies earn revenue in Europe, and therefore should pay corporate taxes there, a tax that would come at the expense of the U.S. Treasury. But if this is case, the United States should impose corporate taxes on all European firms that sell products into the United States, regardless of where their production is located. In other words, a French winemaker who sells their wine to U.S. importer should pay corporate taxes to the United States government.
Furthermore, taxing profits based on where users reside would violate longstanding international agreements by taxing income more than once and imposing an ad valorem tax that primarily targets imports. DSTs obviously discriminate against a narrow set of highly digital industries, mainly search engines, social media platforms, and online marketplaces. Precisely because it falls mainly on U.S. companies, the DST also likely violates existing trade agreements as they act as a prohibited de facto tariff. More specifically, the high revenue thresholds that subject a firm to the DST, and the exclusion of certain revenues widely earned by European firms, create de facto discrimination against U.S. digital firms, in violation of the European Union’s national treatment commitment under the GATS.[40]
Antitrust enforcement is an easy tool for nations to use to discriminate against foreign firms, in order to boost the relative strength of their own firms. The European Union is the poster child for this. The EU Digital Markets Act (DMA) should have been called the U.S. Tech Firms Act. The European Parliament rapporteur for the DMA, Andreas Schwab, suggested that the DMA should unquestionably target only the five biggest U.S. (digital tech) firms (Google, Amazon, Apple, Facebook, and Microsoft).[41] He stated that the DMA’s revenue threshold (to be designated as a so-called “gatekeeper”) should be 10 billion euros and the market value at least 100 billion.[42] He went on to say, “Let’s focus on the biggest problems, on the biggest bottlenecks. So, let’s go down the line—one, two, three, four, five—and maybe six with [China]’s Alibaba… But let’s not start with number seven to include a European gatekeeper to please Biden.”[43] Basically, DMA (and the DSA) are designed to cover, almost exclusively, U.S. firms and not their European or Chinese competitors that offer similar services.[44] A leaked draft of the proposed EU Digital Services Act is quite clear of the intent: “Asymmetric rules will ensure that smaller emerging competitors are boosted, helping competitiveness, innovation and investment in digital services…”[45]
The European Union’s use of antitrust enforcement and competition law has become its primary tool for regulating foreign firms, especially in the tech sector. This approach stems from the fact that taxation remains under the powers of the member states, leaving the EU unable to impose bloc-wide taxes on multinational companies. As a result, competition law has been weaponized in order to protect European companies and promote competitiveness within the Single Market. This protectionism often happens at the expense of foreign rivals, targeting primarily U.S. tech giants (Alphabet, Amazon, Apple, Meta, and Microsoft), and a Chinese one (ByteDance).
The adoption of the Digital Markets Act (DMA) and the Digital Services Act (DSA) illustrate the EU’s focus on regulating the largest players in the tech industry.[46] The EU’s bold stance taken in historic antitrust cases like the 2004 Microsoft case set a precedent by targeting Microsoft’s dominance and anti-competitive practices in the tech industry.[47] A precedent was reinforced by subsequent actions against Google in 2017 and 2018.[48] The EU has consistently scrutinized U.S. tech giants for stifling competition. Wrapped in concepts like “ensuring fair competition” and “safeguarding innovation in the digital market,” the DMA and the DSA target U.S. Big Tech companies. The so-called “gatekeepers” are defined by revenue and market share thresholds that align with the size of major U.S. tech companies. According to the DMA, gatekeepers must have an annual turnover in the European Economic Area (EEA) of at least €7.5 billion or a market capitalization of at least €75 billion, effectively ensuring that firms like Google, Amazon, Apple, Facebook, and Microsoft are the primary targets. The DSA is designed with similar intentions, stating that “very large online platforms and very large online search engines may cause societal risks, different in scope and impact from those caused by smaller platforms. Providers of such very large online platforms and very large online search engines should therefore bear the highest standard of due diligence obligations, proportionate to their societal impact” in Section (75) of its Preamble. Allegedly, these asymmetric rules are supposed to ensure that smaller emerging competitors are boosted, fostering competitiveness, innovation, and investment in the digital services market. However, do these regulations actually achieve their intended goals?
While the DMA has been in force since November 1, 2022 (and has been enforced against gatekeepers since March 7, 2024), and the DSA entered into force on February 17, 2024, neither the Letta report nor the Draghi report’s findings strengthen the evidence regarding the positive impact of these laws on the single market or European competitiveness.[49] Moreover, the Draghi Report emphasizes that Europe’s slow productivity growth, the widening GDP gap between the EU and the United States, and the economic catch-up by China indicate that over-bureaucratic regulations do little to make Europe more competitive or innovative. Despite Draghi’s report not highlighting the bad impact of the DMA or any other laws specifically, the report declares that this regulatory overreach risks stifling growth and leaving Europe reliant on external technological advancements while trying to compete through protectionist policies. Draghi understands that in order to enhance Europe’s competitiveness and innovation, radical changes are needed in productivity and regulatory frameworks, showing a more streamlined approach to regulation that avoids bureaucratic overreach and fosters an environment conducive to growth and technological advancement. It is not too late to realize that the DMA and the DSA were not the best tools to foster European competitiveness, promote fair competition, and support consumer welfare.
However, regardless of its failed approach, the EU has set a precedent globally. The “Brussels Effect”—the European Union’s ability to influence global regulations and standards—is alive and well. Other jurisdictions are now considering transitioning from traditional ex-post antitrust enforcement—which addresses anti-competitive practices after they occur—to ex-ante regimes like the DMA, where rules are set proactively to prevent anti-competitive behavior before it arises. Countries such as Australia, Brazil, India, the United Kingdom, South Korea, and Japan are going down the same road as the EU, without evaluating the copycat DMAs’ consequences on consumer welfare and innovation.[50] Moreover, these regulations—similar to the EU’s DMA—overwhelmingly negatively affect U.S. firms, while often giving Chinese firms a built-in advantage. While the DMA and DSA aim to boost competitiveness and curb monopolistic behaviors, they stifle innovation, create barriers to entry for smaller firms, and fail to resolve the issues they were intended to address. Moreover, the heavy compliance burden placed on U.S. tech firms exacerbates transatlantic trade tensions and risks fragmenting the global digital market by encouraging localized, protectionist policies.
Because American technology firms are so large and successful, a number of foreign nations have decided to levy massive fines on them.
Europe is the leading practitioner of this. Indeed, at times it seems as if the Commission is seeking to fund itself by levying exorbitant fines on big American tech companies.[51] For example, in 2017 the European Commission imposed a then record-high $2.3 billion fine on Google, for putting its own shopping comparison service results at the top of the search page.[52] As they say, no consumers were hurt in the making of that decision. This is why the U.S. Federal Trade Commission found no “search bias” and concluded instead that Google’s behavior benefited consumers. In 2018, the EU doubled down on Google with an even higher fine of $5 billion in another competition law case involving Google’s operating system Android, followed by a 2019 fine of $1.7 billion in a case involving Google’s AdSense online advertising program.[53] And the EU has brought another antitrust case against Google related to ads. Not counting this case, that would be nearly $9 billion in fines for one company for exclusionary behavior, which for context is 30 percent more than the fines for more serious cartel behavior that the Department of Justice (DOJ) has gotten over a 10-year period.[54] In 2024, the Commission levied its third largest antitrust fine ever, $1.9 billion on Apple.[55] Just last week the EU’s top court validated the Commission’s $2.65 billion antitrust fine.
The same day the court upheld a decision that Apple must pay $14.3 billion in back taxes, for supposedly “illegally” receiving tax benefits from Ireland. Apple asserts that the issue is not how much it pays in taxes, but to what government.[56] Moreover, this reeks of hypocrisy from the EU, which restricts state aid to companies, but turns a blind eye to Ireland’s undermining of the global tax system with its extremely low corporate tax rate. EC president Margaret Vestager praised the decision as “a big win for European citizens and for tax justice.”[57] She could have added “and a big win for EU taxpayers” who now have American companies and consumers paying taxes in Europe. If Ms. Vestager wants to fix the problem, rather than fine a large American company she should encourage the EU Parliament to pass an EU minimum corporate tax rate that all member nations need to comply with.
Moreover, while the United States works to support domestic semiconductor production against Chinese unfair practices and the risk of Chinese invasion of Taiwan, the Commission works to undermine that goal. Qualcomm was hit with a $258 million fine.[58] And the Commission levied a $418 million fine on chipmaker Intel.[59] While China is trying to build up its tech champions, and tear down American ones, it turns out that it has an ally in Brussels.
The GDPR is also another important revenue generator for Europe. As of January 27, 2022, of the 900 fines that EU data protection authorities have issued under GDPR, 7 of the top 10 were against U.S. firms, including a $877 million fine against Amazon and $255 million fine against WhatsApp.[60] The European Data Protection Board fined Meta $1.3 billion for the audacity of sending data to the United States using a standard contractual clause, something thousands of U.S. companies do. The French privacy regulator fined Google $51 million for not being more transparent on how it used users information to provide targeted ads, even though they present absolutely zero privacy risk (because all that is happening is that a Google computer algorithm matches the information Google already has with an ad that is then shows on the web site).[61]
According to ITIF estimates, between 2020 and 2023, EU governments imposed at least $3.1 billion in fines on U.S. companies under the GDPR, equivalent to $29 per American household.[62] For the EU this is an easy decision: their governments get free money while the citizens get free Internet services.
Other nations are seeking large fines on social media companies for content they do not like. Australia is considering legislation that would impose fines up to 5 percent of their global revenue on companies that fail to take down content the government objects to.[63] To put that in perspective, only around 1 percent of X users are in Australia, so in theory it could be fined 5 times the total revenue it receives in Australia.
A number of countries have decided that they will force U.S. technology companies to pay the government money so it in turn can distribute it to local supplicants: including local news outlets and artists. Case in point, Canada and Australia.
The Canadian Parliament recently passed the Online Streaming Act, which requires foreign streaming services like Netflix, YouTube, and Spotify to extensively promote Canadian content in Canada, and to pay into a fund that supports the creation of Canadian content. The federal government has said that it could see these online streaming services paying over $740 million into a Canadian government media fund, or over 22 percent of the total online streaming market in Canada. These costs will be passed on directly to consumers, with Spotify already doing just that in France after the French government implemented a streaming tax to support its music sector, even though musicians receive royalties from streaming services.
Similarly, the Australian Arts Commission has issued proposed regulations to tax streaming companies to be used to provide subsidies for Australian artists, even though most if not all of the foreign streaming services host and support Australian content. The idea is that, once again, American companies would pay the government so it in turn can subsidize local artists.
The governments’ rationale is that their domestic stories and music must have a place in the world of streaming. The platforms agree. In the case of Canada, stories like Netflix’s Golden Globe-winning Handmaid’s Tale by renowned Canadian author Margaret Atwood, and songs like Despacito, featuring Canadian singer Justin Bieber have been wildly successful, both worldwide and across Canada. Yet neither of these two are what Canada’s telecommunications regulator would consider Canadian content, and accordingly don’t deserve to be promoted to Canadians. Convoluted and overly reductive rules about who directs and who stars in films and shows, and who wrote the lyrics for a song mean that content by, for, and about Canadians may not even qualify to be promoted as Canadian content. The same is true with Australia’s proposed law.
The reality is that this is not about a content production problem. In fact, the Canadian Media Producers Association’s most recent annual report shows that Canadian production volume is now growing at three times the rate than it did in the previous decade. And of course, streaming companies have absolutely no financial interest in not giving domestic consumers the content they want, including national content.
Existing Canadian content laws came from a world with limited airtime and set television schedules, where Canadian shows would compete with higher production value American and international shows, and where Canadians had few avenues for accessing Canadian content other than the CBC. This is no longer the case in the 21st century, as high-definition phone cameras and AI tools make it easier than ever to record and produce content, and social media has ushered in a golden age for indie filmmakers and SoundCloud rappers alike in finding their audiences. Forcing companies, and in turn, consumers to pay more for even more of the status quo is not a winning strategy and will simply work to add costs on Canadians and discourage consumption. Similarly, mandating that platforms recommend videos and music to the wrong audiences could, at worst, cause viewers to skip or dislike the video, reducing their standing in the algorithms. Many Canadian and Australian creators aren’t making content to cater solely to a domestic market now, and reducing their clickthrough rates on platforms by mandating the promotion of their content to unwanted audiences will hurt more than help.
Moreover, Canadian and Australian artists now have access to streaming platforms that give them direct access to a global audience. That is why there has been an explosion in the number of artists, musicians, filmmakers, comedians, photographers, and other creators across the country: Because they can find niche audiences worldwide that love their creations.
Europe’s selective application of surveillance scrutiny also applies to privacy enforcement. With the death of Privacy Shield, transatlantic data flows face death by a thousand cuts. Privacy activists have filed complaints in all 30 EU and European Economic Area (EEA) member states against 101 European companies that share data with Google and Facebook.[64] They plan to file hundreds more.[65] Following this, in January 2022, Austria’s data protection authority found that the use of Google Analytics is a breach of GDPR.[66] This is first ruling in this line of complaints, but it’s not going to be the last. In another, separate, case, a Munich court found that a website owner’s use of Google Fonts violated the plaintiff’s “general right of personality” and right of “informational self-determination” of their IP address under § 823 of the German Civil Code. Like the Austrian decision, the only personal data submitted to Google was the user’s IP address. It’s shocking that the German court decided that Google’s use of standard contractual clauses (SCCs) were not sufficient to overcome the risk of U.S. government surveillance, no matter how unlikely or unrealistic the scenario that the U.S. government would seek a European user’s IP address based on their specific interaction with an EU-based website’s analytics tooling or font library. The decision reveals privacy fundamentalism, given it essentially means that any IP address shared, for any reason, in any context, with any U.S. entity subject to US surveillance laws likely also exposes personal data.[67] In February 2022, France’s DPA responded to another complaint and ordered websites to not use Google analytics.[68]
Meanwhile, none of these complaints are against Chinese, Russian, or other firms using standard contractual clauses to transfer EU personal data. In 2016, Max Schrems stated that firms could use standard contract clauses to transfer EU personal data to China, but not for the United States. That Chinese firms could somehow provide assurances that EU personal data could be protected from surveillance in China (where there is no true rule of law and Chinese laws allow extensive state surveillance) is laughable.[69]
What is striking about these policies is just how widespread they have become, not only among U.S. adversaries and nations that have historically embraced limited free trade, but also among America’s core allies. It is one thing for our adversaries, such as China, to engage in them. We expect that China will adopt policies and practices that violate the letter and the spirit of the WTO agreement and that seek to advance its own companies at the expense of American ones. And certainly, it should not be a surprise that countries like India and Brazil, which have never embraced free trade, undertake digital mercantilism, even though the behavior is still wrong. But what is striking is how aggressive many of America’s closest allies have become, including Australia, Canada, and South Korea.
While the Canadian-U.S. trade relationship is critical for both nations, it is troubling that Canada is turning to some of the precautionary and protectionist digital trade measures embraced by the EU. Consider some of Canada’s major technology policy initiatives over the past year. Many of its efforts have constituted discriminatory policies targeting the tech sector, especially foreign companies. For example, the government has pursued a digital services tax on large technology companies in Canada. Over 140 countries are participating in a multinational process led by the OECD to align corporate tax rules and prevent multinationals from shifting profits to avoid paying taxes. Every country in this group except Canada has agreed to postpone any new digital services taxes for at least another year to give countries time to reach a consensus. In contrast, Canada’s Deputy Prime Minister and Minister of Finance Chrystia Freeland has pushed for its 3 percent tax on digital services to go into effect in 2024, a discriminatory measure that would largely impact U.S. technology companies and apply retroactively for the past two years. This proposal would raise prices for Canadian consumers and signal that Canadian policymakers would rather squeeze the tech sector for some fast cash than support its long-term economic growth.
Or consider the Online Streaming Act. The legislation, which received royal assent earlier this year, directs the Canadian Radio-television and Telecommunications Commission (CRTC) to impose domestic content requirements on online streaming services like Netflix, TikTok, and YouTube. These services must now register with the government and pay for and promote Canadian content. Once again, the policy seems more like another cash grab from foreign tech companies rather than a serious attempt at a pro-innovation digital policy that would help Canadian businesses and consumers. After all, if Canadian consumers want to watch Canadian content, these companies have every incentive to provide it to them.
And Canadian lawmakers have not stopped with streaming services. The government also enacted the Online News Act, a law that forces large online news aggregators to pay domestic news publishers for displaying links to their articles. While Canadian news publishers claim they have lost revenue to news aggregators, the reality is that any publisher can easily remove itself from these aggregators, but the overwhelming majority choose not to because it benefits them. Google eventually agreed to pay C$100 million ($73.6 million) annually, indexed to inflation, to a fund for Canadian news publishers. To avoid this shakedown, Meta announced that it would no longer display content and links from news publishers, both Canadian and international, to Canadian users of Facebook and Instagram. These policies have hurt consumer access to news domestically and reinforced the view that the Canadian government is hostile to the tech sector.
Moreover, in 2021 Quebec adopted a law that limits transfer of personal data to jurisdictions with data protection regimes deemed “adequate.” Canada does seem to embrace the free flow of data for pirated content, given that according to the 2024 USTR Watch list in the Special 301 report, “Canada remains on the Watch List in 2024. The lack of intellectual property (IP) enforcement remains a significant concern, particularly at the border and against online piracy…. Levels of online piracy remain very high in Canada, including through direct downloads and streaming.”[70]
Take the case of South Korea, a close ally and hopefully even closer in the fight against Chinese technological dominance. Korea has enacted a range of problematic digital policies that hurt U.S. companies. It blocked access to American ride share companies, including Uber and Lyft. It blocked GPS access to mapping applications for American companies like Google and Apple, even though Korean map application companies have access to it. Its national privacy law includes data localization provisions. Its proposed digital antitrust law (modeled after EU’s problematic Digital Markets Act) would discriminate against American firms, while strikingly, exempting most Chinese competitors, and potentially giving Chinese companies access to U.S. company data and technology. Korea has also proposed a tax on American streaming companies with the money to be funneled to Korean ISPs. Its Software Industry Promotion Act restricts bids for government contracts for software services to small and medium sized firms, effectively precluding U.S. multinationals. Likewise, government rules regarding cybersecurity impose restrictive requirements related to government purchases. According to USTR, its Cloud Security Assurance Program creates significant restrictions for U.S. providers to bid on government cloud contracts.[71] Korea restricts reinsurance firms from moving data outside of Korea, while its financial services regulations impose cloud localization requirements.
When Willie Sutton was asked why he robbed banks, he said, “because that’s where the money is.” Foreign countries target U.S. technology firms for the same reason: It’s where the money (fines, local revenue, etc.) and jobs are.
However, few countries are as brazen to come out and admit their true motivations. They wrap them in noble sounding goals. Case in point: European policymakers commonly portray digital and tech sovereignty as a strong yet nebulous concept, usually referring to the assertion of state control over data, data flows, and digital technologies, coupled with the replacement of U.S. technology firms with European ones. That it helps them “take back control” and “sovereignty” from mainly U.S. technology firms is not a bug, but a central feature.[72] The European Center for International Political Economy summarizes the mix of four factors behind the emergence of technological sovereignty: culture, control, competitiveness, and cybersecurity.[73]
While the vague and broad notion about state “control” over data and digital technologies is evident in the various policy issues and debates, it is clear what this means in practice—targeting U.S. firms and products to ultimately replace them with European ones. European leaders such as former German chancellor Merkel and French president Macron have explicitly called for both digital protectionism and data sovereignty in talking about digital and technological sovereignty.[74] It means different things to different officials.[75] For example, the mere fact that data from companies like Volkswagen were stored on Microsoft and Amazon servers was enough for Germany’s former economy minister Peter Altmaier to state that “and in this we are losing part of our sovereignty.”[76] The French minister for economic affairs went so far as to call U.S. “big tech” companies an “adversary of the state.”[77] Maybe our Commerce Secretary should call French “big wine” companies an adversary of the U.S. state.
For the European Commission, European control largely means that Europe’s policymakers retain the capacity to cater for European firms and advance Europe’s economic interests globally.[78] Ursula von der Leyen, the European Commission president, signaled the EU’s protectionist objectives: “We must have mastery and ownership of key technologies in Europe.”[79] As Sabine Weyand, Director General of the European Commission’s DG Trade, stated, there has been a shift in the international order from a rules-based system to a power-based system and the EU has every interest in opposing this shift because rules-bound international trade is the cornerstone of a system which protects everyone from arbitrary discrimination.[80] She asserted Europe needs to proceed with a dual integration of everything the EU does in the economic realm at the international level—within a geopolitical perspective—and, on the other hand, to the intermingling of external and internal policies such as industrial policy, internal market policy, competition, or even research policy. (And) that it is essential the EU do so from a stronger position.[81] While European officials defend its conceptualization of “open strategic autonomy” as not being about autarky and self-sufficiency, at every turn when it comes to tech policy, that’s exactly what it is.[82] Even if Ms. Weyand doesn’t interpret it this way, other European officials and political leaders are enacting digital regulations that ultimately reflect this.
Figure 2: EU Lilliputians tying down the U.S. tech Gulliver
While Europe and other developed nations extoll their rationales, many developing nations bring out the old chestnut of resisting colonial exploitation. Many advocates for developing nations have spun a narrative in which data is “the new oil” and cross-border data flows are an extractive, zero-sum process that benefits rich tech firms over impoverished users in low-income nations. Framing it as “data imperialism” leads to demands for change. Parminder Jeet Singh, executive director of IT for Change, an Indian NGO in special consultative status with the UN, has stated that American and European efforts to focus on issues like global privacy or trade simply give “globally dominant digital interests time and cover to entrench their business models and economic domination globally. It would soon also convert to social, political and cultural domination.” For Singh, and others, the ideal policy is “that communities own their data, and national data is a sovereign asset which should be employed for a country’s own development.”[83]
In this view, users don’t get any value from engaging online nor do they have agency to decide what to do online, including whether or not to share their data, or with whom. However, while it is true that the value added to the global economy from data is large, the analogy of colonial extraction is nonsensical. The Internet’s ability to connect people, firms, and governments around the world with cloud, search, and other large-scale digital services—at little or no cost to users—is not a plot by the evil “North” to oppress the victims in the “South.”
In opposing laws and trade deals that enable data flows and digital trade, critics want countries, especially developing ones, to have “policy space” to enact rules in the “public interest”—both of which are code for protectionist tariff and non-tariff barriers to discriminate against foreign tech firms and support local ones, and/or coercive pressures on tech firms to donate money to local causes. While large countries such as India and Brazil might—like China—be able to support their own large data-driven firms, most nations will not.
The reality is that when U.S. tech companies move data out of a country, they are not exploiting it in a zero-sum interaction—it is win-win for both consumers and producers. Countless people and organizations share data daily via both free and paid services. Users provide information about themselves in exchange for a free service such as email, search, or maps. Meanwhile, firms receive information about the user for advertising or other uses.
The sharing of data—far from being a one-way transaction—is a fundamentally different exchange of value than other economic transactions. Data is non-rivalrous, meaning many different firms can collect, share, and use the same data. When consumers exchange data to access a website, they still have the same data after the transaction as before. This contrasts with oil where if you have a barrel of oil, then I don’t.
Those who believe in the data-colonialism myth also ignore the fact that the global Internet creates a huge consumer surplus—the difference between consumers’ willingness to pay for a service and the amount that they actually pay. Researchers have used willingness-to-accept estimates to show that the median U.S. consumer in 2016 valued online search at $14,760 per year and valued the rest of the Internet at $10,937 per year.[84] The reality is that few people would actually pay that much, but it does suggest that the consumer surplus from Internet services is quite large.
To put this surplus in perspective, spending on digital advertising in the United States totaled roughly $240 billion in 2022—some 62 times more than in India, where the figure was around $3.9 billion.[85] [86] On a per-capita basis, U.S. ad spending was 293 times greater than in India. Virtually all the value from Google searches, YouTube videos, X tweets, Facebook posts, and more comes from selling ad placement to companies that want to get their messages in front of customers. But despite these vast differences in value, the price and quality of these services is pretty much the same all around the world. Indian users get essentially the same Facebook and Google experience as American users. Yet they contribute far less to support these companies.
There is an old saying: “Give them an inch, and they will take a mile.” In this case, it might be better put: Give them a kilobit, and they will take a terabit. In other words, because the U.S. government has not made fighting digital mercantilism a top priority—and has even tacitly encouraged it in the last few years—other nations have moved forward with abandon. Why not when you know that there is only an upside. It is time for this to stop and be rolled back. Congress needs to make clear that it expects other nations to cease and desist, while at the same time holding whoever is in the White House to high standards of more strongly incorporating digital issues into a robust trade defense strategy.
One argument we have heard recently for the United States abandoning the field to nations seeking to extract value from the American digital economy is that efforts might contradict domestic policies.
This is what U.S. Trade Representative (USTR) Katherine Tai said to support recent controversial decision to withdraw from key digital trade negotiations at the WTO.[87] The rationale Tai used is that the United States needed to have “policy space” for new laws on privacy and other issues before it can negotiate. She stated that “[USTR would be] committing massive malpractice and probably committing policy suicide by getting out ahead of all of the other conversations and decisions that we need to make as a country.” Not only is this not the case, but the opposite is actually true. Given that the United States is the predominant digital economy in the world it is malpractice to not work strenuously to shape the global trading system to maximize digital innovation.
Tai was saying that USTR can’t make commitments on data and other digital trade issues until the United States has new laws in place. At one level this makes sense. How can USTR commit the United States to international regulations when domestic ones are not fully fleshed out? In reality, though, this is wrongheaded. It is clearly not the case that digital trade policy must follow new domestic laws, just as it clearly doesn’t apply to any number of U.S. interests and initiatives involving data and new and emerging technologies.
The Biden administration, like every administration before it going back to the Clinton White House when the modern Internet formed during the 1990s, engages internationally on digital issues separate from domestic legislation. For example, the United States doesn’t need to pass AI legislation to be able to commit to a trade agreement prohibiting foreign legislation discriminating against foreign firms. The Biden administration’s extensive AI executive order shows that the lack of an explicit AI law does not stop it from taking action domestically and internationally. Likewise, the United States doesn’t need to pass a national privacy bill (although Congress should) to be able to commit to an agreement prohibiting data localization regimes and other core issues like non-discrimination against foreign firms and digital products.
USTR Tai created this false sequencing between the domestic and international realms to justify what is an end-run around the fact that the U.S. Congress rejected competition legislation advocated for by progressive democrats and digital trade opponents such as Senator Elizabeth Warren (D-MA). Unable to enact their anti-innovation agenda in the democratic forum of the U.S. Congress, these members want USTR to ensure digital trade policies do not prevent foreign governments from targeting U.S. tech firms. For these advocates, regulating and restraining large corporations for the sin of being large trumps U.S. international economic interests.
But even here, the intent of Congress on these issues is clear. The fact Congress approved the U.S.-Mexico-Canada Trade Agreement (USMCA) and its ambitious digital trade provisions, and that there have since been many bipartisan pro-digital trade letters statements and letters, indicates Congress’s views should be clear. The disproportionate attention progressive Democrats get is made clear by the fact a bipartisan group of 32 senators recently signed letters in support of digital trade—as compared to the five that signed Senator Warren’s anti-digital trade letter.
Moreover, USTR Tai’s portrayal of digital trade is simply not borne out in reality. The United States committed to ambitious and legally binding commitments on data flows, data localization, and source code in the USMCA. The USMCA didn’t undermine California’s Consumer Privacy Act. Nor would it have prevented the proposed American Data Privacy and Protection Act (ADPPA). Neither of these laws contain localization policies or discriminate against U.S. or other foreign firms and their digital products. If the United States enacted the ADPPA, U.S. digital trade law (under USMCA) would already be in alignment, not conflict (as USTR Tai tries to paint it). Not only that, but other Biden administration initiatives like the Global Cross Border Privacy Rules framework would actually support it in providing an additional layer of accountability to ensure that firms protect data when they transfer it overseas.
USTR Tai tries to paint digital trade as if it conflicts with congressional legislative sovereignty and efforts to enact new domestic laws and regulations on privacy, competition policy, content, cybersecurity, and other digital issues. This is clearly not the case. The WTO e-commerce negotiations are led by Australia, Japan, and Singapore, and involve other advanced countries with highly sophisticated regulatory systems, like Canada, Chile, the European Union, Korea, New Zealand, Taiwan, the United Kingdom, and others. These are not labor, human rights, consumer rights, or regulatory scofflaws. Many of these countries have signed several digital trade agreements and these have not stopped them from subsequently enacting new domestic legislation. Digital trade rules, like traditional trade rules, only become a problem when domestic laws and regulations are discriminatory and act as an unnecessary and disproportionate barrier to trade. Herein lies the rub: USTR Tai does not support digital trade as she wants the European Union and other regions/countries to enact discriminatory laws and regulations to target U.S. big tech.
Further, USTR Tai’s subversion of the interagency process took advantage of the fact that the United States does not have a single digital economy minister or digital “czar” to coordinate digital policies. Digital issues break into bite-sized pieces across U.S. government agencies, which then (sometimes) filter back together as part of the White House-led interagency process. For example, Peter Harrell (former Senior Director for International Economics and Competitiveness in Biden’s early National Security Council) effectively led and coordinated the interagency process to negotiate with the European Union on the new Transatlantic Data Privacy Framework, which involved U.S. intelligence agencies, the Department of Justice, the Department of Commerce, and other agencies.
The purpose of U.S. trade policy is to promote trade and investment and protect U.S. interests abroad. Advocating for policies such as the global free flow of data and dissuading other countries from implementing data localization measures directly benefits U.S. trade interests. The United States is a global leader in cloud computing services, and it has the most to lose from restrictive policies that limit the use of U.S.-based data firms. Many countries would gladly implement protectionist measures, like data localization, to disadvantage American tech firms and workers. If USTR is not willing to defend U.S. trade interests abroad, who will?
None of this should be surprising. U.S. global economic, trade, technology, and national security engagement does not depend on the United States having new laws in place for every new issue raised by technology. It’s one thing for progressive politicians to push their preferred legislation in Congress, but it’s quite another for USTR Tai to dismiss and undermine other parts of the Biden administration and their interests in U.S. global digital and technology policy. USTR Tai’s decision shows a concerning disregard for the usual boundaries between domestic debates and support for the U.S. government abroad, given how USTR Tai essentially wants to take U.S. trade policy hostage in the absence of progressive Democrats’ preferred competition and antitrust legislation.
USTR’s decision helps Beijing advocate for the broad, self-judging exception for national security in trade agreements to justify rules that require data to be stored on local servers. By contrast, Australia, Japan, Singapore, the United Kingdom, and many other U.S. trade partners are negotiating rules so that data flows are the norm and any restrictions to it the exception. For example, members of the Comprehensive and Progressive Agreement for Trans-Pacific Partnership (like Australia, Japan, and Singapore) advocate for language at the WTO that protects data flows and ensures that any exceptions to this rule are necessary, not arbitrary, and proportionate. These U.S. allies want WTO negotiations to narrow the scope for domestic “policy space” exceptions to legitimate privacy, cybersecurity, and other policies. While policy space may sound appealing in principle, in practice countries like China have misused this concept in existing WTO agreements, such as on services trade, to enact restrictions that make its trade commitments—whether on data flows, digital goods and services, or other issues—essentially meaningless.
Paradoxically, at the same moment the United States is walking back its stance on free data flows, Beijing has taken significant steps to ease controls over cross-border data transfers. Driven by a slowing economy and declining foreign investment, China’s cyber regulator issued a landmark new draft regulation in September that exempts many companies from a mandatory security assessment required to send data out of the country. Beijing is revising long-standing restrictions on data flows, in part, to make the business environment more favorable to businesses, while the United States is sending signals that it intends to do the opposite. That said, implementation of China’s policy shift remains unclear. And even if it were to go into place as written, Beijing could still deem a company’s data as linked to national security and, therefore, subject to localization requirements at any moment—consistent with its cyber sovereignty position.
An Indian think tank, the Global Trade Research Initiative, notes that USTR’s decision will help ensure that future digital trade agreements provide “policy space” for data sovereignty, stating, “given the US’ dominant role in the global digital landscape,” this decision “is poised to spark a worldwide reassessment of national e-commerce policies.” India’s concerns about data sovereignty led it to not join the IPEF’s trade pillar and to avoid the WTO e-commerce negotiations. The absence of U.S. advocacy on data flows will inevitably have implications for digital trade policy in other countries in the future.
USTR’s decision also undermines U.S. ambitions for global leadership in AI. AI firms in the United States and in other countries depend on access to large, diverse international data sets. If U.S. firms cannot send data out of countries in which they operate overseas, this significantly limits AI researchers and developers who use cross-border data to build applications that work across a variety of geographies, languages, cultures, and demographics. As the technology competition between Washington and Beijing continues to play out less in the United States and China and more in other countries around the world, encouraging trusted data flows among allies and partners is vital to advancing U.S. technological leadership. Although China’s large domestic population creates a data advantage, the United States and its partners can offset this by using data flows from around the world, but this relies on continued access to global data sources.
To start with, it is time for Congress and the administration to “get back on the globalization horse,” and in particular on the digital horse. If the United States is not “in the game” the rules will be set by others in a way that hurts our economy and workers, and America will cede whole parts of the world to Chinese economic predation and European regulatory imperialism.[88]
To be sure, some past trade agreements were too one-sided against the United States. But the reality is that it is China that has caused most of the problem regarding globalization and trade, not trade with most other nations. Rather than abandon trade, which leading figures in each major party now seem to want to do, America needs to reengage, albeit this time in a new way.
First, we need a USTR that seeks to open up more trade, but this time with tougher standards to protect U.S. interests, including, despite what the anti-trade left says, investor-state dispute settlement (ISDS) rules, and what the right says, strong currency manipulation protections. This means signing new trade agreements that are gold-standard agreements when it comes to digital and other agreements, including intellectual property protection.
Second, given the importance of the digital economy, U.S. global IT and digital policy needs to be guided by a grand, overall strategy, focused first and foremost on maintaining U.S. global tech leadership. The United States faces a risk where much of the world, including the EU, could align against U.S. IT and digital interests, leading to a many-against-one environment, with detrimental consequences.
So, to start with in efforts to reestablish closer relations with the EU, the United States should not “give away the store” by allowing the EU to go forward with its increasingly aggressive technology mercantilism. At the same time, the United States must enlist likeminded nations in a variety of ways to support U.S. interests—and it should not be reluctant to exert pressure to encourage these nations to come along.
Domestically, all too often, U.S. thinking about privacy, tech platforms, national security, and Internet and AI governance is siloed and bifurcated. During the Clinton and second Bush administrations, U.S. policymakers believed that the rest of the world would emulate what was obviously the superior U.S. digital policy system, and they worked toward that end. But China’s unprecedented success in IT and digital industries, coupled with a questioning of the desirability of a U.S.-style light-touch digital regulation and the rise of U.S. “big tech” companies, has meant that the United States can no longer rely principally on persuasion to convince others of the economic and innovation advantages of its approach.
Shaping the global IT and digital economy in ways that are in U.S. interests is one of the most important challenges facing U.S. foreign and economic policy going forward. Getting it wrong could lead to a many-against-one environment wherein U.S. IT and digital firms—and by extension, the United States overall—face a challenging environment with consequences for many aspects of American life.
It is long past due to leave behind the hopeful, but naïve, view that most countries will see the digital economy the way the United States has historically seen it: as a force for progress, innovation, and free speech, wherein market outcomes should generally be allowed to prevail, with a light touch of government only in the few places needed. In the future, needed change will come more from appealing to foreign interests, rather than values and ideas.
The U.S. government needs to formulate a grand strategy grounded in a doctrine of digital realpolitik that advances U.S. interests first and foremost, recognizing that it should work with allies when it makes sense, and constrain digital adversaries, especially China and Russia.
It is time for the U.S. government to develop and implement a grand strategy for the global IT and digital economy that is realistic and pragmatic in recognizing how countries enact digital policies and is most likely to appeal to a broad and diverse range of countries—while putting U.S. national interests at the forefront. Failure to do so will risk having the United States surrounded by a host of technology competitors, and in some cases, such as with China and Russia, adversaries, which will lead to diminished U.S. technological, economic, political, and military leadership.
For too long, the United States has either had abstract, ideological strategies such as promoting an open global Internet, or responded piecemeal, fighting each fire as it breaks out. And in both kinds of engagement, it has worked to change hearts and minds by trying to persuade other nations of the superiority of the U.S. system. That might have had some purchase in the 1990s and 2000s when the United States was the early leader in the digital revolution and before the rise of large, global U.S. tech firms. But education and persuasion, while needed, are no longer enough. EU officials, for example, mostly understand the arguments U.S. officials make—they just either don’t agree with them or their politics won’t allow them to act on them. This is even more true in China, where for years the U.S. approach was to “educate” Chinese officials on the merits of the U.S. system. China didn’t need education. They fully knew they were “cheating” and what the United States did not like. It needed pressure and pain.
As such, the U.S. government needs to understand that the major global IT and digital challenges it faces stem not from ignorance, but from ideology and interests. As such, here are four scenarios the U.S. government should work to achieve in the immediate and moderate term.
And while we are at it, Congress should require the USTR to publish a list annually of all the trade barriers and distortions listed in the past National Trade Estimates (NTE) reports which are still in force. It is striking to read the annual USTR NTE and Special 301 reports for the sheer volume of protectionist and other problematic foreign practices affecting trade and U.S. companies. But the real question is how often does the United States prevail in either preventing other nations from implementing proposals, or in the cases of ones already in place, getting nations to roll them back.
Besides playing the important role of oversight and pressure on the Administration and foreign governments, Congress and the next Administration can and should take some specific steps.
The next Congress should update a main trade defense tool—the Trade Act of 1974—for the digital era by amending it so that it can respond to the type of barriers (digital) that are central to modern trade. Section 301’s traditional use of tariffs makes it easy to apply to 20th century trade in goods, but it needs to be amended to create new legal and administrative mechanisms and tools to target service providers. Although Section 301 mentions fees and restrictions on services, it should be amended to detail the mechanism (in terms of responsible agency) and process (in terms of the action, such as licensing, certification, or legal judgement) whereby the administration imposes specific retaliatory measures on a foreign service provider. For example, it should be amended to create a reciprocal joint venture requirement. French, German, and Chinese tech and cloud firms would be forced to setup local joint ventures with equivalent ownership and control restrictions that U.S. firms have had to setup in their respective countries.
The next administration should use Section 301 to initiate an investigation of the DMA as it is among the most-clearly egregious examples whereby European policymakers target U.S. firms. There is a clear case to be made that the DMA would meet the standard for action under section 301 of the Trade Act of 1974. However, an investigation could be broader and include other EU digital sovereignty initiatives, such as discriminatory cybersecurity regulations and exclusively European cloud initiatives. If used, the Biden administration could enact retaliation via tariffs on imported goods (the traditional use of Section 301), taxes or restrictions on EU digital service companies doing business in the United States (a new use of Section 301), and restrictions on other EU service providers, such as accounting firms, air carriers, media companies, automotive companies, aerospace companies, and others.
The Department of Commerce could interpret new rules regarding the use of ICT goods and services by foreign adversaries to apply to transactions with EU firms that use ICT goods and services with those same adversaries. The Rule (86 FR 4909) on Securing the Information and Communications Technology and Services Supply Chain provides a framework for the Department of Commerce to unwind ICT services transactions with foreign parties that “(1) involve ICTS designed, developed, manufactured, or supplied by persons owned by, controlled by, or subject to the jurisdiction or direction of a foreign adversary [defined to include China, Russia, Iran, Cuba, Venezuela, and North Korea]; and (2) poses an undue or unacceptable risk.”[89] The rule allows the Department of Commerce to review transactions involving a wide range of ICT products and services, including data hosting and computing of sensitive personal data.
Europe (and other’s) use of digital service taxes to single out American tech firms for blatantly discriminatory punishment needs a clear response. USTR has already released a detailed Section 301 Report on the issue, including the threat of retaliation.[90] As Gary Hufbauer at the Peterson Institute for International Economics suggests, the United States should amend the Internal Revenue Code to enact a tax on large foreign firms that extracts funds in mirror-image fashion to the discriminatory digital tax on U.S. firms.[91] Section 891 of the Internal Revenue Code (enacted in 1934) provides the legal authority for the president to retaliate against foreign discriminatory or extraterritorial taxes. It allows the president to enact taxes, and to ratchet these up, on foreign citizens and firms. It has never been used. Congress could adapt it for the modern era, in mandating a tax on the global revenues of large firms based in France, Italy, and other DST countries, when those firms sell goods or services in the US market. The tax could be legislated to expire upon either of two events: agreed international rules that subject tech giants to taxation in countries reached by their platforms or, in the case of an individual country, repeal of its own DST tax.[92]
The DMA not only specifically targets U.S. firms, but targets core components that make up their competitive and innovation goods and services. The DMA includes a provision requiring “gatekeepers” to disclose certain search engine data (rankings, search data, click and view data) to third-party providers of online search engines, upon request and on fair, reasonable, and non-discriminatory (FRAND) terms. It’s essentially state-directed forced trade secret disclosure (vis a vie China’s forced technology transfers).
Congress could create a cause of action in U.S. courts for U.S. firms to obtain financial damages from EU companies that use this provision to obtain their trade secrets and other commercially sensitive information. This would essentially act as a blocking statute to counteract discriminatory EU digital laws and regulations. While the U.S. firms that would potentially use this are small (given the EU is targeting just five firms), it’d send a clear signal that there are consequences for unfair and unjustified state intervention into a firm’s trade secrets and competitive position.
If other nations refuse to allow data flows to the United Sates, and cannot be persuaded by U.S. government negotiation, then it’s time to play hardball. Thierry Breton, the EU commissioner for the internal market, argues that “European data should be stored and processed in Europe because they belong in Europe. There is nothing protectionist about this.”[93] No, actually there is. As such, if the United States and the EU cannot work out an easy-to-administer process by which data can flow seamlessly across the Atlantic, the United States should adopt a similar approach of Europe’s: limiting the transfer of U.S.-person data to European companies in Europe. The same goes for other countries that impose transfer limitations.
The ITA has been one of the WTO’s most successful plurilateral trade agreements. Originally signed in 1996 and to which 82 countries are now signatories, it has eliminated tariffs on trade in hundreds of ICT products through the original agreement and a 2016 expansion which added 200 more products. But digital and information technologies have already evolved considerably since then, and so an initial group of stakeholders has convened to identify over 400 more unique ICT products as candidates for potential ITA inclusion into an “ITA-3.” ITIF estimates that if the 82 signatories of the original ITA were to join an expanded ITA-3, the global economy would grow by nearly $766 billion over the ensuing 10 years. Moreover, an ITA-3 expansion could help grow U.S. GDP by $208 billion over a decade, increase U.S. exports of ICT products by $2.8 billion, and help create almost 60,000 U.S. jobs.[94] Pursuit of an ITA-3 should be a priority of the next Congress and administration.
In 1998, WTO member countries agreed to enact a moratorium on customs duties on electronic transmissions, and have agreed to renew the moratorium roughly every two years, recognizing that the growing global digital economy should be kept duty-free. The moratorium has played a catalytic role in expanding the growth of the global digital economy and the economic growth it engenders for all nations.[95] Some countries have called for ending the moratorium seeking the revenues such duties could bring, but doing so would hurt more than it would help. For instance, one study concludes that developing and least-developed countries would lose more in GDP than they would gain in tariff revenues with the withdrawal of the WTO Moratorium. Across even just a handful of developing countries, ECIPE estimates annual GDP losses of $10.6 billion.[96] As such, U.S. policymakers should continue to advocate for the recurring extension of the e-commerce customs duty moratorium.
Since the end of WWII, U.S. foreign aid programs have turned a blind eye to foreign mercantilist practices that harmed U.S. techno-economic interests. That may have been okay when the United States lead in advanced industries was strong. Now that the United States is no longer in the lead it is not acceptable. As such, when Congress engages in oversight of various federal aid programs, it should investigate and ultimately require that these agencies limit funding that goes to nations that engage in more than de minimus digital mercantilism or IP theft. For example, ITIF has found the U.S. Development Finance Corporation supports many projects in countries on the 301 Watch List and the engage in digital trade restrictions.[97] Equally importantly, U.S. aid and other support, including through organizations such as the World Bank and InterAmerican Development Bank, should be contingent on nations limiting their digital protectionist policies and programs, such as data export restrictions, IP theft, and forced localization of production.
To be sure, some nations embrace digital mercantilism for protectionist means. But often policymakers are not fully aware of the problems with some of their policy proposals, including harm to their digital ecosystem. At the same time, many developing nations need help in crafting pro-innovation digital policies.
Congress needs to increase the budget of the State Department for much stronger digital policy technical assistance to these nations. If all they hear from are EU and Chinese officials, it is unlikely they will adopt the superior U.S. digital policy system. Part of this should include more funding for State and Commerce Department engagement with developing nations, including expanding the digital attachés program, a network of digital trade officers in U.S. embassies currently in 16 markets who help U.S. firms increase their global online market access and navigate regulatory and digital policy challenges. [98] It should also expand the program into new markets in order to continue promoting U.S. firms’ global competitiveness.
In addition, Congress should press the State Department to lead on a global narrative arguing why the United States’ pro-innovation approach to digital policy is best for countries hoping to thrive in the digital economy and compete with China. This narrative should include debunking the “harm gap” between EU and U.S. approaches—the argument that the EU’s “values based” approach is significantly more effective than the U.S. approach at protecting consumers from online harm. There is indeed a “third way” between Chinese digital authoritarianism and European statist regulation and the U.S. government needs to actively educate other nations on this reality.
The State Department should push back against the UNCTAD narrative that developing countries are victims of foreign firms, and therefore they are justified to enact protectionist measures, including data localization, to protect their interests in the digital economy.[99] This should include much more engagement by the U.S. government and other groups such as think tanks in United Nations (UN)-related forums to counter this anti-American narrative and explain why digital innovation in higher-income nations is key to driving development in lower-income nations. In addition, the State Department should stop funding organizations that misleadingly paint U.S. digital policy and performance in a bad light, including the advocacy group Freedom House’s annual Freedom on the Net report, which takes a highly subjective, ideological approach to analyzing Internet freedom.[100]
Thank you for the opportunity to appear before you today on this critical issue of data flows and digital protectionism.
[50]. See ITIF’s filings to public consultations and articles regarding these digital markets laws: Joseph V. Coniglio and Ayesha Bhatti: Comments Before the UK CMA Regarding Draft Guidance for the Digital Markets Competition Regime, https://itif.org/publications/2024/07/12/comments-before-uk-cma-regarding-draft-guidance-digital-markets-competition-regime/; Joseph V. Coniglio and Lilla Nóra Kiss: Comments to the Indian Ministry of Corporate Affairs Regarding Digital Competition Law, https://itif.org/publications/2024/05/15/comments-to-the-indian-ministry-of-corporate-affairs-regarding-digital-competition-law/; Robert D. Atkinson, Joseph V. Coniglio and Lilla Nóra Kiss: Comments to the UK Parliament Regarding the Digital Markets, Competition and Consumers Bill, https://itif.org/publications/2024/01/22/comments-to-uk-parliament-regarding-digital-markets-competition-and-consumers-bill/; Joseph V. Coniglio and Lilla Nóra Kiss: Comments to the Italian Competition Authority Regarding Draft DMA Enforcement Regulation, https://itif.org/publications/2024/07/11/comments-italian-competition-authority-draft-dma-enforcement-regulation/; Lilla Nóra Kiss: Will Korea Burn Its Digital Future Down?, https://itif.org/publications/2024/06/12/will-korea-burn-its-digital-future-down/; Aurelien Portuese, The Digital Markets Act: A Triumph of Regulation Over Innovation | ITIF, 2022, and The Digital Markets Act Is “Bad Economics and Bad Law,” Says ITIF, https://itif.org/publications/2022/09/14/the-digital-markets-act-is-bad-economics-and-bad-law-says-itif/; Robert D Atkinson, Joseph V. Coniglio and Lilla Nóra Kiss: Comments for the Australian Competition and Consumer Commission Regarding Digital Platform Services, August 29, 2024, Comments for the Australian Competition and Consumer Commission Regarding Digital Platform Services | ITIF.
[53]. The European Commission Press Release of July 18, 2018, http://europa.eu/rapid/press-release_IP-184581_en.htm; European Commission Press Release IP/19/1770, Antitrust: Commission Fines Google €1.49 Billion for Abusive Practices in Online Advertising (March 2019) http://europa.eu/rapid/press-release_IP-19-1770_en.htm.
[69]. Peter Swire, @peterswire, Twitter, July 2020, “Max #Schrems, please listen to 1:10 to 1:12 on the recording. you were speaking about using standard contractual clauses to China, and said one would “have to look at specific companies and specific safeguards.” What safeguards could work from China for #surveillance?” https://twitter.com/peterswire/status/1287551706150998016; Justin Hemmings,” Privacy in the EU and US: A Debate between Max Schrems and Peter Swire,” (Soundcloud, 2016) https://soundcloud.com/justin-hemmings-44462987/privacy-in-the-eu-and-us-a-debate-between-max-schrems-and-peter-swire; Nicolas Tenzer, “In protecting Europe’s data, can EU regulation keep up with Chinese tech?” (Euractiv, November 2020), https://www.euractiv.com/section/digital/opinion/in-protecting-europes-data-can-eu-regulation-keep-up-with-chinese-tech/.
[72]. European Commission president Ursula von der Leyen clearly stated regarding the EU’s protectionist’s objectives, “We must have mastery and ownership of key technologies in Europe,” naming quantum computing, AI, blockchain and critical chip technologies as examples. “Speech by President-elect von der Leyen in the European Parliament Plenary on the occasion of the presentation of her College of Commissioners and their programme,” November 2019, https://ec.europa.eu/commission/presscorner/detail/es/speech_19_6408.
[75]. For example, for several EU Member States, strategic autonomy often means avoiding dependence on European economic and political powers.
[77]. Radio Classique, @radioclassique, Twitter, November 2020, “ #Gafa : @BrunoLeMaire a accusé les géants du numérique d’être les “adversaires des états”. Retrouvez l’Invité politique de @guillaum_durand du lundi au jeudi à 8h15 sur @radioclassique,” https://twitter.com/radioclassique/status/1324006008235134978.
[85]. “Indian Digital Marketing Market Share, Size, Growth, Analysis: By Type: Email Marketing, Search Engine Optimization (SEO), Blogging and Podcasting, Social Media Marketing, Influencer Marketing, Digital OOH Media, Affiliate Marketing, Others; By End Use; Regional Analysis; Market Dynamics: SWOT Analysis; Competitive Landscape; 2023-2028” (Expert Market Research, 2023), https://www.expertmarketresearch.com/reports/indian-digital-marketing-market
(Bloomberg) -- Pony AI Inc.’s American depositary shares erased an early pop to decline 7.7% in their trading debut after raising $413.4 million in an ini
We recently published a list of 10 Trending AI Stocks on Latest News and Ratings. In this article, we are going to take a look at where Taiwan Semiconductor
New advanced U.S. drone systems have been hailed as "game changers" after being successfully tested on the front lines of the war in Ukraine.Developed by two le
INDIANAPOLIS (WISH) — Here’s a look at Monday’s business headlines with Jane King, who discusses new American Airlines boarding t