Greetings from Kittery, Maine!

It's been an unprecedented week in U.S. privacy news with escalating tensions between the Trump administration and China, particularly around Chinese-based social media networks TikTok and WeChat. Late Thursday, the White House announced two executive orders against the companies. In the order against TikTok, the Trump administration said the company "automatically captures vast swaths of information from its users, including Internet and other network activity information such as location data and browsing and search histories. This data collection threatens to allow the Chinese Communist Party access to Americans’ personal and proprietary information — potentially allowing China to track the locations of Federal employees and contractors, build dossiers of personal information for blackmail, and conduct corporate espionage."

Incidentally, concerns of government data collection through private sector social media companies is what has been a primary driver in both Schrems cases against Facebook Ireland, which led to the invalidation, first of the Safe Harbor framework, and then last month of the Privacy Shield (but more on that in a bit). 

The executive orders were issued not long after the U.S. State Department announced an expansion of what it calls the "Clean Network," which is aimed at Chinese-based network carriers, storage applications, mobile apps, cloud services and protecting access to U.S.-based undersea cables. According to Secretary of State Michael Pompeo, the initiative intends to protect "our citizens' privacy and our companies' most sensitive information from aggressive intrusions by malign actors, such as the Chinese Communist Party." The us vs. them, clean vs. dirty language is a stunning shift in U.S. foreign policy away from so-called "American exceptionalism" to perhaps something more resembling the digital policies of China, which has long erected a digital firewall around its national borders. 

In its response to the Executive Order, TikTok said it was "shocked" and that the move undermines "global businesses' trust in the United States' commitment to the rule of law, which has served as a magnet for investment and spurred decades of American economic growth." And though the company may well fight the order in court, the 45-day time limit before the orders go into effect gives U.S.-based companies,

I reached out to Alston & Bird's Peter Swire to get his reaction to the "Clean Network" news in particular, and he told me that the initiative, "if thoroughly implemented, would create major barriers between the U.S. and China for hardware, software, and Internet services. This ... is happening at the same time that the European Union is considering after Schrems II how strictly to cut off data flows with the United States. This combination creates huge geopolitical risks, if the U.S. becomes isolated from Europe, China, and who knows how many other countries in the world. A major goal of U.S. policy should be to find ways to encourage continued trade, privacy under the rule of law, and Internet freedom between the U.S. and the large majority of users in the world who are in neither the U.S. nor China.” 

India, too, is restricting TikTok and other Chinese-based companies within its borders, and we're seeing more data localization legislation and laws emerge around the world, including in Brazil, India, Russia and Vietnam, among others. 

So are we seeing the long feared balkanization of the global internet? Will the U.S. find itself isolated from a world it has long been a leader of? Is the free flow of information under threat from what writer Sarah Jeong calls information-nationalism? Some would argue that the fractures in the global internet have been there since the Great Firewall of China went up years ago. It certainly appears that we're entering a digital space where international data transfers will have more obstacles than ever. As always, privacy pros will have their work cut out for them.