The United States has long paid little attention to the issue of personal data and its use, but the rise of artificial intelligence (AI) and strategic opposition with China in technology are forcing Washington to rethink its approach.
American President Joe Biden signed a decree this week aimed at limiting the transfer of sensitive data to so-called risk countries, above all China.
At the same time, it announced the launch of an investigation into Chinese connected vehicles, or Chinese software and equipment embedded in connected vehicles manufactured elsewhere.
The reason is always simple: national security.
According to Lindsay Gorman, a researcher at the German Marshall Fund, these decisions are a sign that Washington is “finally recognizing the strategic and national security value of data.”
In particular, the survey that has been launched on connected vehicles is “a long-awaited spotlight on the application aspect of the future Internet”.
Because beyond the question of AI, the future of the Internet largely depends on the rise of the Internet of Things (IoT), which must connect everything to the global network at all times, generating volumes of data and with which everything is connected. Car is the most obvious and visible example.
But it goes further: In the United States, genetic, biometric, health or financial data is regularly bought and sold by specialized brokers without necessarily being anonymized, and it can be very easy to reconstruct a person's profile.
Restrictions for brokers
A study published in November by Duke University showed how easily sensitive data about active military personnel can be found by brokers and for pennies per file.
The decree published by the White House aims precisely to regulate the practices of brokers, “it imposes some restrictions on them, which is very positive,” estimates Martin Chorzempa, researcher at PIIE.
Certainly the investment rules “restricted the ability of foreign companies to buy American companies and thus access the data they have.” But they could buy the data, that was a loophole,” he adds.
Washington's decisions now underscore “a broader concern about the risk this flood of accessible data could pose to national security,” confirms Emily Benson, a researcher at the Center for Strategic and International Studies (CSIS).
“We are witnessing a recalibration of the American approach,” which has so far been to defend the free use of data, an era “that now appears to be over,” Ms. Benson continues.
The issue of data, in particular, is part of the United States' broader efforts to ensure that it remains ahead of China in the technological arena.
In this case, a lot has already been done: removing Huawei from the 5G network game in the United States, reducing Chinese companies' access to the most efficient semiconductors, while restoring a real semiconductor industry in the United States. United States, through the investments provided for in the Chips Act.
American catch-up process
The rapid development of AI now raises even more acute questions about data, the risks associated with it and how to better protect it, issues on which the European Union and India have been making progress for many years. China also did this for many years.
“China has largely developed its own data protection system, with significant restrictions on data transfer abroad,” recalls Martin Chorzempa, “to the point of risking it becoming decoupled from the rest of the world at some point.”
Although Beijing has since significantly corrected the situation, the conditions for exporting data from China remain particularly unclear.
However, the Chinese Embassy this week condemned measures it deems “discriminatory” and the United States' “generalization of the concept of national security.”
But “it is difficult to take these complaints into account,” Mr. Chorzampa said, “given the fact that they are doing exactly the same thing and themselves believe it is a national security issue.”
However, while the United States is taking a step toward controlling the flow of sensitive and personal data, it remains far removed from existing measures elsewhere, such as the GDPR in Europe or equivalent rules in India and Japan.
And the restrictions are primarily aimed at China: “Companies from countries that are not considered a threat should not be affected,” assures Martin Chorzempa.
As long as they don't send their data to China.