In the saga of Big Tech companies and their seemingly never-ending confrontations with EU legislators, issues surrounding what the EU calls “digital sovereignty” are among the most intractable.
The European Parliament has defined digital sovereignty as “Europe’s ability to act independently in the digital world” adding that the concept should be understood in terms of both “protective mechanisms and offensive tools to foster digital innovation (including in cooperation with non-EU companies).”
The European Parliament has also at times mobilized the related concept of data sovereignty, which exists at both the individual level and at a larger scale.
For the individual, data sovereignty refers to people’s ability to control who does what with their data. But at another level, data sovereignty can refer to independence from what the EU perceives as the oversized influence of a handful of Big Tech firms in the global data economy.
Since last year, EU’s relationship with American Big Tech companies, most notably Google and Meta, has become increasingly fraught following a landmark ruling by the Court of Justice of the European Union (CJEU).
The case that led to the invalidation of the Privacy Shield was initially filed by an Austrian privacy advocate, Max Schrems. In 2015, Schrems filed a complaint with the Irish Data Protection Commissioner (DPA) against Facebook, challenging the company’s use of standard contractual clauses (SCCs) as a legal basis for transferring his personal data to the US.
Schrems argued that the personal data of EU subjects might be at risk of being mass processed by U.S. intelligence agencies once transferred without ensuring a level of protection equivalent to GDPR.
While the Schrems case led to the Privacy Shield being struck down, Facebook has continued to use SCCs. However, the practice has come under increased scrutiny since.