For a long time, the United States paid little attention to the issue of personal data and its use, but the rise of artificial intelligence (AI) and the strategic opposition with China in the technological field are forcing Washington to reconsider his approach.
American President Joe Biden signed a decree this week aimed at limiting the transfer of sensitive data to so-called risky countries, first and foremost China.
At the same time, the opening of an investigation into Chinese connected vehicles, or Chinese software and equipment embedded in connected vehicles built elsewhere, was announced.
Each time, the reason given is simple: national security.
In the opinion of Lindsay Gorman, researcher at the German Marshall Fund, these decisions are a sign that Washington “finally recognizes the strategic and national security value of data”.
In particular, the survey launched concerning connected vehicles is “a long-awaited spotlight on the application aspect of the future internet”.
Because, beyond the question of AI, the future of the Internet depends largely on the takeoff of the Internet of Things (IoT), which must connect everything, all the time, to the global network, generating piles of data and of which the connected car is the most obvious and visible example.
But it goes further: in the United States, genetic, biometric, health or financial data are bought and sold regularly by specialized brokers, without necessarily being anonymized, and it can be very simple to reconstruct a person’s profile.
Restrictions for brokers
A study published in November by Duke University highlighted how easily sensitive data on active military personnel could be found from brokers and for a few cents per file.
The decree published by the White House aims precisely to regulate the practices of brokers, “it imposes some restrictions on them, which is very positive”, estimates Martin Chorzempa, researcher at PIIE.
Certainly, the rules on investments “limited the possibility for foreign companies to buy American companies and thus access the data they possess. But they could buy the data, it was a loophole,” he adds.
Washington’s decisions now underline “a more general concern about the risk that this flow of accessible data may represent in terms of national security,” confirms Emily Benson, researcher at the Center for Strategic and International Studies (CSIS).
“We are witnessing a recalibration of the American approach” which until now consisted of defending the free use of data, an era “which now seems to be over,” continues M.me Benson.
The issue of data in particular is part of the broader effort by the United States to ensure that it remains ahead of China in the technological field.
In this case, a lot has already been done: removing Huawei from the 5G network game in the United States, reducing Chinese companies’ access to the most efficient semiconductors while recreating a real semiconductor industry in the United States. United, via the investments provided for in the Chips Act.
American catch-up
The rapid development of AI now raises even more acutely the question of data, the risk it involves and how to better protect it, questions on which the European Union and India have been making progress for many years. many years, as has China.
“China has largely developed its own data protection system, with significant restrictions concerning the transfer of data abroad” recalls Martin Chorzempa, “to the point of risking at one point decoupling itself from the rest of the world” on this point.
Although Beijing has significantly corrected the situation since then, the conditions allowing data to be taken out of China remain particularly unclear.
However, the Chinese embassy denounced this week measures that it considers “discriminatory” as well as the “generalization of the concept of national security” by the United States.
But “it is difficult to take these complaints into account,” said Mr. Chorzampa, “given the fact that they are doing exactly the same thing and that they themselves believe that it is a question of national security.
However, while the United States is taking a step toward controlling the flow of sensitive and personal data, it remains far from existing measures elsewhere, such as GDPR in Europe or equivalent rules in India and Japan.
And the restrictions mainly target China: “companies coming from countries that are not considered threats should not be affected,” assures Martin Chorzempa.
As long as they don’t send their data to China.
