Europe: subject or object in the geopolitics of data?

I took these notes at the international workshop held on the 15th November 2018 by the Ifri think-tank in Paris.

Participant #1

  • geopolitical approach to data (as opposed to a GDPR-focused approach)
  • Ifri has published doctrinal research about the topic

Participant #2

  • Everybody is going for the “full stack”, from the infrastructure to the systems of engagement. It’s mature.
  • SAP CEO: “mix experience data with old data”
  • In Europe, imbalance created by the tension between support of citizens vs support of consumers.


Participant #3
Toward a transatlantic data war?

  • old battles eg Passenger Name Record, Safe Harbor, SWIFT/TFTP
    • civil liberty perspective

  • new fights ECJ/DPA, litigations, regulators

  • issues Privacy Shield, Shrems, Shrems II, Cloud Act, SWIFT weaponized by US vs Iran
    • Shrems (from Austrian activist Max Shrems) changes perspective -> ECJ voids Safe Harbor
    • going from high level negotiators to more actors (activists)
    • Privacy Shield replaces Safe Harbor but expected to disappear within 2 or 3 years
    • Cloud Act is response by the US to perceived difficulties in cooperation in criminal matters
      • some in EU want to use security agreements to leapfrog over privacy rules

    • New Battles over Financial Data: SWIFT (Belgium)
      • weaponized interdependence, panopticon effect, chokepoint effect
      • Iran 2012 vs Iran 2018 US imposes new unilateral sanctions, SWIFT complies

Participant #4
How China is envisioning its global strategy for data?

Chinese approach of data


  1. promoting sovereign definition of the Internet (there are a national and an international Internet)
    • 2017 Cybersecurity law
  2. WHO (?) perception, risk or opportunity?
    • what about social networks? Xi Jinping answer: opportunity! -> for it to support the system
  3. big data + social management
    • university research on how to make data useful in social management
  4. integrated and comprehensive approach of data
    • video surveillance etc.
    • social credit system to be complete by 2020
  5. meaning of data privacy is different from US/EU definition
    • more data protection than data privacy
    • more business-friendly and concern about misuse from the private sector

  • positioning itself as a solution provider for data infrastructure: cloud computing, sea cables, etc.: heavy investment for assymetric catch-up, wants to overtake US as 1st cyber power by 2050
  • solution provider for data management
    • eg smart cities, viewed as “safe cities” (no crime) with reliance on facial recognition
    • solution vs “terrorism”
  • ambition of cyber dominance
    • developing CIPS (Chinese SWIFT)
    • training (Africa)
    • describes strategic triangle China / US / EU, says US is misbehaving, has a seduction strategy with the EU
  • conceptual gap
    • greater between China and the West than between US and EU
    • China positions itself as an ethical actor (tactically?)
    • many references to Cambridge Analytica: “China manages better”
    • Viet-Nam copies Cybersecurity law

Q. Participant #5

Weaponization of the GAFAM?

Participant #3: Eric Schmidt after Snowden: “extraordinary disaster”

They do not want to be perceived as tools. They have a lot of autonomy to police their users.

Putin: Internet “a CIA plot”.

GAFAM not directly weaponized but their business models are uncomfortable for some regimes.

Google more responsive to Chinese government than to US one.


Privacy Shield

Participant #3: The Shrems case is the explosive one. If: “Facebook does not comply with the GDPR”, could oppose business models with user data sold to customers

Q. Participant #6


Participant #4: big companies in China need Party cells within the company

big companies not so much involved in politics

tension between attractivity vs closeness to the Party

Q Participant #7

What about second rank actors: India, Japan, Russia, etc.?

Participant #4: the US/EU/China triangle is proposed by China.

Participant #2: you might see conflicts around smart cities.

Participant #4: Nice is developping smartness with Huawei.

Q Participant #8


Participant #3: SWIFT is already here and a European institution. The question is, do you build around SWIFT and drag it away from the US, or do you build a different system? There is far greater US/EU integration (unlike with China).

The system to trade with Iran might be the seed of another system, but no state wants to host the siege, by fear of US retaliation. This is an interdependent systems vs disentanglement conflict.

Q Participant #1

What sort of retaliation from the US could we expect?

Participant #3:

  1. applying sanctions vs banks and individual bankers
  2. denying access to the dollar clearing system to EU banks

However, it would push the EU away from the US.

Within the EU there is a debate about administrative defense. The courts are going to defer to OFAC (Office of Foreign Assets Control). The companies do not fight fines. There is an ongoing challenge to the OFAC (Exxon case).

Q Participant #1

The EU has 17 regimes of sanctions. The policy of sanctions is the main policy tool.

Is there a loss of efficiency?

Does China have a sanctions policy?

Participant #4: China has a policy of gifts and sanctions.

e.g. when South Korea put an anti-missile system, there were Chinese sanctions on South Korean companies, and less Chinese tourists.

e.g. when there was a transfer of military equipment via Singapore to Taiwan, Singapore was blamed and disinvited from event


Moving into data economy, AI is the key tech.

Participant #9
Beyond GDPR: Can Europe articule a ‘Data Sovereignty’ policy?

The challenge:

  • GAFA dominated
  • GDPR
  • weak startup ecosystem
  • high fragmentation

The mega-challenge:
  • merging of Cloud and AI on big platforms

The opportunity:

  • market: most attractive worldwide
  • talent: data scientists, STEM expertise, EU trains twice as many engineers, scientists than US, need to keep talent in EU
  • innovation: DeepMind (ex-UK), Kuka (ex-Germany), Blablacar…
  • data: IoT, health, energy, mobility, smart manufacturing
  • cooperation: standards, joint ventures


  • technical: federated AI, decentralized approach, “edge computing” (machine learning in the car)
  • government open data: public sector open data, open access to research data, competition policy: “open corporate data”, dominant market players forced to share with competitors
  • cooperative, data pooling:
    • cooperation beats fragmentation
    • data marketplaces
    • technical standards and quality assurances
    • high priority in French and German strategies
    • little actions unfortunately, incentive problems
    • own research: found 54 data pooling platforms so far. 30% are data marketplaces (50% research 50% business) - is looking for people to work on data pooling (researching, building)

Participant #10
Artificial intelligence: a game-changer for Europe's data-policy ambitions?

US: most AI papers, patent applications, AI workers (⅔)

2017 Chinese investment in AI half of the world’s

3 options

  • lament about EU indecisiveness, digital colonialism, risk to get out of History
  • regulate AI rather than govern it
  • acknowledge that AI is not immune from geopolitics, eg Brexit, French Chinese AI cooperation, Transatlantic relationship

Finland creating open standards

France focus on ethics of the government policy document

state policies towards US:

  • containment policy (China, Russia, etc.)
  • critical cooperation (France, etc.)

Narrative of finding a Third Way in Europe.

Q Participant #1

What is the importance of the Chinese market for the German industry. P3 or France/Germany? is there a debate in Germany?

Participant #9: we are heading towards a data war with China. That party (German cars sold in China) is going to end. Germany is more aligned with the US (in China, there are Communist officers in corporations). China wants to move up in the value chain. China has the long term view. After three or so years, things will get complicated. There is Chinese outreach in Eastern Europe.

Q Participant #1

The Villani AI report: policy is “sovereignty of the EU as champion of ethical and sustainable AI”

Participant #10: is ethics the only EU advantage? beautiful speeches, but risk of being squeezed


The German robotic company Kuka was bought by China. How to avoid the next Kuka?

Participant #9: in Berlin they want to lower the threshold to inform the government about foreign direct investments (FDI) from 20% to 10%. There is more awareness and concern.

The SDP leader set a group to think about data monopolies. Her intent is to publish a proposal in early 2019.

Q Participant #4

Participant #9: Huawei is a partner of Deutsch Telekom. There is a pushback. It is a dicey situation.

Participant #11

national mechanic, Germany faced with Chinese acquisitions

Regarding Kuka, in early 2019 Commission draft, EU projects screened

Q Participant #12

GDPR needs to be connected to economic development

same pattern with AI (explainable AI)?

Participant #9: I have a problem with the word ‘sovereignty’: economic interest, individual control of data, we the sovereign make the rules

sovereignty differs from control, ownership

then we should invest in explainable AI

market power: the people who control the tech set the standards

ethical AI: let’s build it!

Q Participant #13

AI war links a lot of items

which data shouldn’t we open at any cost?

what is the core of sovereign data?

Participant #2: It is impossible to define which data is sensitive. The AI (use of data) is about what questions you want to answer. You need a big pool, you don’t know the questions in advance. Hence AI rather than data requires an ethical framework.

Q Participant #14

It’s not only a mechanical problem, it is a cultural conflict. The Chinese are subtle in their approach.

Q Participant #15

Governmental approach: we want quantitative facts, objective approach, no ideology. What are the threats -people, states, entities. Then, what is the target? Energy is THE critical issue.

Actions: coproduction of different tech levels. Nice act, cyber centre? How to accelerate those tools?

Participant #3: not to pool everything: data with supply chain, logistics; companies share to optimise

The EU is on the right track. For trust you need regulations. How do we have trust, mechanisms to create trust, rather than abstract ethics?

Nobody’s waiting for Europe.

Q Participant #5

Does Europe have ambition?

Participant #10: Not to be strictly on a defensive stance.

See also:
Of Privacy and Power, Henry Farrell (George Washington University)

Edited to comply with Chattam House Rule.