Read The Room! Stop Oversharing with Geopolitical Bullies!

/0 Comments/in , , , /by

Introduction

Europe faces an unprecedented information security paradox that extends far beyond the familiar geopolitical threats from China and Russia. The continental commitment to transparency, openness, and democratic accountability – which rightfully defines European civilization – has created vulnerabilities that are being systematically exploited not only by authoritarian state adversaries but increasingly by American technology corporations operating under legal frameworks fundamentally incompatible with European values. What makes this crisis particularly acute is that Europe’s dependence on US technology infrastructure has created a situation where defending against one category of threat (state espionage by China and Russia) potentially exposes it to another (systematic data harvesting and surveillance by private corporations operating under the CLOUD Act and FISA). European organizations and citizens must develop far more sophisticated understanding of “reading the geopolitical room” – recognizing that information oversharing now exposes Europe to threats that are simultaneously state-sponsored, corporate-driven, and deeply integrated into the digital infrastructure upon which modern European society depends.

Europe’s Democratic Transparency Paradox

The European Union’s legal and political foundation rests on a profound paradox that has become increasingly dangerous in the 2020s. The General Data Protection Regulation, adopted in 2016 and implemented in 2018, represents the world’s most stringent data protection regime – establishing rights-based protections that apply even to non-EU companies processing European citizens’ data. This framework reflects a distinctly European vision: that transparency in data handling, individual agency over personal information, and strong legal remedies against abuse are essential components of democratic citizenship and human dignity.Yet this regulatory commitment to personal data protection coexists with a technological reality that has undermined GDPR’s protective ambitions. European companies and institutions remain almost entirely dependent on American technology infrastructure. Three American companies – Amazon, Microsoft, and Google – control more than 70 percent of the European cloud market. These same companies provide email services, document collaboration platforms, customer relationship management systems, advertising infrastructure, and artificial intelligence capabilities that European organizations cannot realistically avoid without fundamental operational disruption.

Three American companies – Amazon, Microsoft, and Google – control more than 70 percent of the European cloud market.

The critical vulnerability is legal rather than technical: American cloud providers are subject to the Clarifying Lawful Overseas Use of Data Act (CLOUD Act), enacted in 2018, which explicitly permits the US government to compel American companies to provide data in their possession, custody, or control – regardless of where that data is physically stored or whether such disclosure violates foreign law. The CLOUD Act represents what legal scholars describe as extraterritorial overreach: it asserts American legal jurisdiction over data stored on European soil, in European data centers, processed by European subsidiaries of American companies, serving European citizens and European businesses.Microsoft’s Chief Legal Counsel formally testified before the French Senate that Microsoft cannot guarantee European data will not be transferred to US government authorities when formally requested. This is not a hypothetical concern but a statement of legal fact: Microsoft, Google, and Amazon must comply with US government demands under threat of substantial penalties, and they have stated they have no mechanism to prevent such transfers even when they might violate GDPR. The 2013 Edward Snowden revelations exposed that the NSA had already penetrated these exact companies and had ongoing access to vast quantities of data through programs like PRISM and Upstream collection, harvesting communications at scale from American technology companies.

The structural problem is that while European regulators can impose fines on American companies for violations, the penalties remain small relative to the profits these companies generate from data harvesting.

Beyond state surveillance, American technology companies engage in data collection and behavioral profiling practices that, while nominally subject to GDPR, effectively operate on a different standard in the United States where they face minimal regulatory constraint. Meta (Facebook) has accumulated more than €2.5 billion in GDPR fines for behavioral advertising practices that European regulators deemed incompatible with European data protection standards. Meta’s “pay or be tracked” model – requiring users to either consent to behavioral profiling or pay a monthly fee to avoid it – violates European principles that data protection should not be conditional on payment or submission to surveillance.The structural problem is that while European regulators can impose fines on American companies for violations, the penalties remain small relative to the profits these companies generate from data harvesting. Meta collected more than €100 billion in revenue in 2023 while facing €2.5 billion in cumulative GDPR fines – a cost of less than 2.5 percent of annual revenue, easily absorbed as a cost of doing business in a market with 450 million consumers. This creates a system where American companies can calculate that violating European data protection law, paying the resulting fines, and continuing to harvest data remains more profitable than actually complying with GDPR requirements.

Surveillance Law Contradiction: GDPR vs. CLOUD Act vs. FISA

The Schrems II court decision of 2020 exposed the fundamental contradiction between European data protection aspirations and American surveillance law. The European Court of Justice ruled that American surveillance laws – specifically Section 702 of FISA and Executive Order 12333 – permitted surveillance practices incompatible with EU fundamental rights protections. These laws authorize US intelligence agencies to collect vast quantities of communications metadata from Americans and foreigners without individualized judicial warrants, subject only to internal NSA procedures rather than court oversight.After Schrems II, European organizations were required to conduct Transfer Impact Assessments before transferring data to US cloud providers, requiring proof that such data would receive protections equivalent to EU standards. This has proven nearly impossible to provide given American surveillance law. The European Data Protection Board concluded that EU data cannot be processed “in the clear” (unencrypted) in countries where public authorities have warrantless access. Yet most enterprise cloud computing requires unencrypted data processing for real-time performance and functionality, creating an operational contradiction: organizations cannot use American cloud services while complying with Transfer Impact Assessments that would prove lawful.The resulting legal crisis has forced a kind of uncomfortable accommodation. The EU-US Data Privacy Framework (DPF), negotiated after Schrems II, was designed to provide reciprocal adequacy determinations allowing data transfers despite unresolved surveillance concerns. However, critics argue the DPF fundamentally fails to address the core Schrems II problem: American surveillance law still permits broad data collection without the individual judicial authorization that European law requires. The European Commission’s own review of the DPF in 2024 acknowledged “persistent privacy concerns” while simultaneously maintaining the adequacy determination, suggesting that European policymakers have chosen geopolitical accommodation over rigorous data protection standards.

This represents a stunning capitulation to American pressure. Europe designed the world’s most sophisticated data protection regime, invested political capital in defending it against surveillance, and then effectively nullified it through the DPF adequacy determination rather than force American companies to actually comply with European standards. The message this sends to Europeans is deeply troubling: your data protection rights are valuable only insofar as they don’t interfere with American commercial or strategic interests.

The Three-Headed Threat

European organizations now face threats that operate on three parallel, sometimes intersecting tracks.

China’s intelligence services systematically target European research institutions, defense contractors, and government officials using social engineering methodologies adapted for Western professional cultures. Russia conducts disinformation operations and cyber espionage particularly targeting Central and Eastern European nations to weaken EU unity and support for Ukraine. But American technology companies present a different category of threat – one that is legal, systematic, and embedded in the commercial infrastructure that European organizations cannot avoid. While Chinese and Russian intelligence services must operate covertly and face potential international sanctions for particularly egregious behavior, American companies operate in plain sight, collecting behavioral data on hundreds of millions of Europeans through platforms they have no practical alternative to using.Consider the threat vector from each actor. China seeks specific intelligence: research capabilities, defense technologies, strategic planning documents, government communications. Russia seeks to destabilize European solidarity and amplify internal divisions through disinformation. American technology companies seek comprehensive behavioral profiles on every user – their interests, relationships, locations, communications, purchasing patterns, political affiliations, health concerns, and psychological vulnerabilities.

China seeks specific intelligence: research capabilities, defense technologies, strategic planning documents, government communications. Russia seeks to destabilize European solidarity and amplify internal divisions through disinformation. American technology companies seek comprehensive behavioral profiles on every user

The scale is incomparable. Chinese intelligence might successfully recruit one researcher to leak documents about a defense project. Russian disinformation might shift voting behavior in a single election by 2 to 3 percentage points. American technology companies have detailed behavioral profiles on 400 million Europeans, which they exploit for advertising purposes and which remain accessible to US government agencies through the CLOUD Act and FISA.The concentration of this power in three American companies (Amazon, Microsoft, Google) that control 70+ percent of European cloud infrastructure means that these companies, whether intentionally or through government access, represent single points of failure for European data security. If AWS experiences a breach, or if Microsoft systems are compromised, or if Amazon’s cloud infrastructure is penetrated, the entire European digital infrastructure could be affected. This is not hypothetical – major cloud outages in the past caused billions in economic losses. But more concerning is the thought experiment: if US authorities demanded access to all data stored on European AWS infrastructure to investigate some crime or national security matter, they could compel AWS to provide it, regardless of whether the data belongs to European citizens, European companies, or European governments.

Strategic Coercion

The asymmetry between American technological dominance and European regulatory ambition creates what strategists call “structural dependence” – a situation where Europe’s ability to enforce its own laws depends on cooperation from American companies subject to competing American laws. This creates opportunities for coercion that go far beyond traditional intelligence gathering. The Trump administration has explicitly recognized that American technology leadership provides strategic leverage. When President Trump threatened tariffs on European nations and opposed European digital regulations, he was operating from a position of understanding that Europe cannot effectively regulate technology while depending on American technology infrastructure. Similarly, US officials have stated that American companies’ willingness to comply with European regulations depends on reciprocal access for American companies to European markets. This is economic coercion dressed in the language of free trade.European nations have already experienced this in limited ways. When the US government banned Huawei equipment from European telecommunications networks over security concerns, it did so largely successfully, demonstrating the power of American government action against foreign technology suppliers. Yet American government action against American suppliers remains theoretically possible but practically unlikely, particularly when the current US administration views technology companies as allies in American strategic competition with China.

…economic coercion dressed in the language of free trade

The scenario that should concern European policymakers is straightforward: if the Trump administration (or any future US administration) decided that a particular European policy conflicted with American interests – perhaps regarding Ukraine, or Taiwan, or sanctions on Russia – it could theoretically compel American technology companies to restrict services to certain European entities or governments. This would be extraordinarily disruptive and would violate international law, but American companies would have little choice but to comply under threat of criminal penalties.More subtly, the US government already uses the CLOUD Act and FISA authorities to conduct surveillance on European entities for geopolitical purposes. The 2013 NSA scandal revealed mass surveillance of German Chancellor Angela Merkel’s communications, and more recent revelations suggest ongoing monitoring of European political and business activities by US intelligence services. This information, while ostensibly collected for counterterrorism purposes, can provide American negotiators with leverage in trade discussions, geopolitical negotiations, or business disputes.

GDPR Enforcement Illusion

…profits from data harvesting exceed the cost of compliance

European policymakers have relied heavily on GDPR enforcement as the primary mechanism for protecting European data rights. The regulatory regime has produced €5.65 billion in cumulative fines against privacy violators since 2018, establishing clear penalties for data protection violations. Major American companies have faced substantial fines: Meta €1.2 billion, Google €2.7 billion, Apple €1.8 billion.Yet GDPR enforcement has not fundamentally changed the behavior of American technology companies in ways that would reduce their data collection or surveillance capabilities. Companies pay fines and continue operating much as before, because the profits from data harvesting exceed the cost of compliance. Meta announced a “less personalized” advertising model for Europe while maintaining full behavioral targeting capabilities for users in the United States – demonstrating that European regulatory pressure merely segments the market rather than changing fundamental business practices.The reason is structural. GDPR is a regulatory hammer without underlying geopolitical teeth. European data protection authorities can fine companies, but they cannot compel companies to actually stop processing data without consent, cannot force American companies to resist CLOUD Act requests, and cannot prevent US intelligence agencies from accessing data through back doors already established in American technology infrastructure.In stark contrast, American government action against technology companies is effective because it is backed by criminal penalties and the threat of market access revocation. When the US government tells an American company to do something, companies comply because the cost of non-compliance is existential. American tech companies understand that their ability to operate globally depends on maintaining good relationships with the US government, which controls market access through export controls, sanctions, and procurement power.

The Traditional Espionage Threat

Against this backdrop of structural American dominance, the threats from China and Russia remain acute but somewhat different in character. China’s intelligence operations targeting Europe have evolved from occasional industrial espionage to systematic, state-level targeting of critical institutions across research, defense, technology, and government. German domestic intelligence reported a 15 percent increase in Chinese intelligence incidents in 2024, with particular focus on research institutions, defense contractors, and semiconductor technology. The 2024 discovery that a Chinese spy had maintained years of access to the European Parliament – granted by a right-wing political party with whom he had cultivated relationships – exemplifies the sophistication of Chinese operations and the ongoing vulnerability of European democratic institutions to influence operations.

German domestic intelligence reported a 15 percent increase in Chinese intelligence incidents in 2024

Russian disinformation operations have become particularly refined in Central and Eastern European nations, exploiting historical grievances, language connections, and inherited Cold War intelligence networks to amplify narratives that weaken European unity. Russian operations exploit specifically European vulnerabilities: the Ukrainian refugee question (amplifying anti-refugee sentiment), concerns about EU sovereignty and national identity (feeding Euro-scepticism), and the desire for economic cooperation with Russia despite geopolitical tensions.Yet these threats, while serious and requiring substantial intelligence community resources to counter, operate through mechanisms that are recognizable and, in principle, defendable. Intelligence services can identify Russian influence operations, disrupt Chinese recruitment networks, strengthen counterintelligence capabilities. These are traditional intelligence challenges requiring professional response. The American corporate threat is different because it is legal, pervasive, and openly acknowledged. Meta does not hide that it collects behavioral data on hundreds of millions of Europeans. Google does not hide that it tracks users across the web. Amazon does not hide that it operates cloud infrastructure. Europeans can make informed choices to reduce their exposure to these platforms (though doing so is increasingly difficult), but they cannot reduce the data collection that has already occurred. Moreover, as long as European infrastructure remains dependent on American technology, European governments and businesses are perpetually vulnerable to CLOUD Act access and FISA surveillance

The Digital Sovereignty Dead End

Recognizing these vulnerabilities, European policymakers have invested in digital sovereignty initiatives as a response. GAIA-X, the European cloud infrastructure initiative, aims to create an alternative to American-dominated cloud services while protecting European data against extraterritorial US surveillance. The EU Digital Compass and digital sovereignty summit in Berlin articulated strategic priorities for European technological autonomy. These initiatives are necessary and represent the correct strategic direction. However, they are insufficiently funded and face implementation challenges that suggest they will not meaningfully reduce European dependence on American technology within the next decade. European companies collectively lack the scale and capital to compete with American cloud giants that have enjoyed first-mover advantage, achieved network effects, and accumulated trillions in value.Europe would need €800 billion in sustained investment to achieve genuine digital sovereignty – money that European governments have not committed. Meanwhile, American technology companies continue to invest heavily in European markets and lobbying efforts, recognizing that European regulation threatens their business model but also recognizing that European dependence on their infrastructure makes enforcement improbable.The result is a situation where Europe’s regulatory and strategic ambitions exceed its operational capacity to implement them. GDPR is the world’s strongest data protection regulation, yet it remains largely unenforced against the most powerful American technology companies because those companies provide services Europeans cannot avoid. Digital Markets Act and Digital Services Act establish competition frameworks, yet the underlying power imbalance – American dominance in cloud infrastructure and AI platforms – remains unchanged

Reading the Geopolitical Room: A European Framework

Developing the capacity to “read the geopolitical room” requires European organizations to recognize that the information environment has become dominated by adversaries operating under three distinct logics. Chinese and Russian intelligence services operate according to state strategic interests, exploiting information for specific geopolitical advantages. American technology companies operate according to profit maximization logic, harvesting data to enable behavioral manipulation for advertising purposes, while simultaneously remaining subject to US government demands that can override commercial considerations. For individuals, this means recognizing that information shared on American social media platforms (Meta, Google, X, TikTok) is available to both the companies themselves (for behavioral profiling) and potentially to US government authorities (through CLOUD Act or FISA processes). It means understanding that professional networking on LinkedIn creates profiles that foreign intelligence services actively exploit, but that avoiding these platforms is increasingly impossible for career-oriented professionals.It means accepting a difficult reality: Europeans cannot achieve genuine privacy through technical means or regulatory frameworks as long as European infrastructure remains dependent on American technology platforms subject to American surveillance law. The only genuine protection against American government surveillance of European data is to use infrastructure controlled by European entities, which does not currently exist at scale.For organizations, it requires systematic identification of which information has strategic value and represents genuine risk if accessed by foreign intelligence services (whether state-operated or US government-operated). This assessment should include not just classified or proprietary information in traditional senses, but research directions, strategic partnerships, organizational relationships, and employee expertise.

Europeans cannot achieve genuine privacy through technical means or regulatory frameworks as long as European infrastructure remains dependent on American technology platforms subject to American surveillance law

Organizations should reduce information sharing through American platforms for strategically sensitive discussions. While this is operationally burdensome and somewhat impractical, it reduces the attack surface. Email from Gmail or Microsoft can be legally accessed by US authorities. Conversations on Slack or Teams can potentially be accessed. Documents on Google Drive or OneDrive are accessible. An organization truly concerned about protecting strategic information would use European or non-American platforms for sensitive discussions, while accepting that this creates operational friction and higher costs.Organizations should implement geopolitical risk assessments that are honest about threats from all vectors. This includes Chinese recruitment operations (particularly targeting technical experts), Russian disinformation and penetration attempts (particularly in CEE), and American government access to data through CLOUD Act processes. Training should address threats from all three vectors rather than pretending that geopolitical threats come only from non-Western sources.

Defending European Interests

At the individual level, Europeans should develop informed skepticism about the “free” services provided by American technology companies. The business model underlying these services is behavioral data harvesting. Users are not customers; they are the product being sold to advertisers and made available to governments. Reducing reliance on these platforms is desirable, though increasingly impractical.When professional obligations require using American platforms (email, cloud storage, collaboration tools), individuals should assume that sensitive information may be accessible to both corporate entities (for advertising and research) and government authorities (through CLOUD Act processes). This should inform decisions about what information is shared, with whom, and through what channels.For organizations, the priority must be sustaining commitment to digital sovereignty initiatives while accepting that meaningful independence from American technology infrastructure cannot be achieved on short timelines. This requires:

  • European governments should substantially increase funding for European cloud providers and alternative technology infrastructure. The €113 billion in direct American investment in European information technology sectors demonstrates the scale of resources American companies can deploy. European investment should match this scale if Europe is serious about reducing dependence.
  • European governments should implement critical infrastructure designations for cloud services, artificial intelligence platforms, and data storage systems, requiring that such services meet European ownership and control standards. This would restrict the use of American cloud services for government and critical infrastructure applications. Such policies would face immediate US pressure and potential trade retaliation, but they are necessary if Europe is serious about digital sovereignty.
  • European data protection authorities should implement “adequacy pause” for US surveillance law by refusing to certify that the EU-US Data Privacy Framework adequately protects EU data, forcing a renegotiation of US surveillance law rather than accepting the current Schrems II compromise. This would be disruptive and would face sustained US pressure, but it is necessary to force genuine change rather than regulatory theater.
  • European intelligence services should develop a comprehensive assessment of how American government data access through CLOUD Act and FISA processes threatens European security interests. This assessment should be shared with European policymakers and should inform decisions about critical information that should not be stored on American infrastructure under any circumstances.

At the geopolitical level, Europe should pursue strategic autonomy in digital domains, recognizing that this requires partial decoupling from American technology infrastructure, substantial investment in European alternatives, and willingness to tolerate American displeasure about policies that reduce American corporate dominance in European markets. This does not require abandoning transatlantic alliance or assuming fundamental hostility toward the United States, but it does require recognizing that American technological dominance creates structural imbalances that constrain European agency.

The Uncomfortable Reality

The uncomfortable truth that European policymakers have avoided confronting is that defending European data and digital interests is fundamentally incompatible with unrestricted access by American technology companies to European markets, data, and infrastructure. The European Union can write the world’s most sophisticated data protection regulations, can establish frameworks for digital sovereignty, can impose substantial fines on companies that violate European standards – and none of this will meaningfully constrain American technology companies or protect European data from American government access as long as American companies dominate European cloud infrastructure, maintain behavioral data on 400 million Europeans, and remain subject to the CLOUD Act and FISA surveillance authorities.This is not a technical problem that can be solved through better encryption or security measures. It is a structural power imbalance: America controls the technology infrastructure that Europe depends on, America has legal authority to access data on that infrastructure, and American companies have no mechanism to refuse CLOUD Act or FISA requests without facing criminal penalties.Europe can address this through one of three mechanisms:

  1. Substantially increase funding and commitment to European digital infrastructure alternatives, achieving genuine operational independence from American technology within a decade
  2. Negotiate fundamental changes to American surveillance law that would align with European data protection standards
  3. Accept the current situation where European data protection is effective only against private entities, while remaining subject to American government access.

The current EU-US Data Privacy Framework represents the third choice. European policymakers have accepted American surveillance law and American corporate data collection as necessary costs of access to American technology. This is an explicitly geopolitical choice, prioritizing economic integration and security alliance with the United States over rigorous protection of European data rights.

Reading the Room Means Accepting Hard Truths

Europe’s information security challenge in the 2020s extends far beyond the familiar geopolitical threats from China and Russia. While these remain serious – requiring substantial intelligence community resources and sustained counterintelligence efforts – the most pervasive threat comes from the very infrastructure that European organizations cannot avoid using: American technology platforms that are simultaneously engaged in aggressive behavioral data collection and subject to American government surveillance authorities.This creates an situation where defending against one threat vector (Chinese or Russian espionage) necessarily exposes Europe to another (American corporate data harvesting and potential government access). European organizations cannot simultaneously protect against geopolitical adversaries while using American cloud infrastructure, because the infrastructure itself represents a separate vulnerability.

Genuine digital sovereignty through European infrastructure would require investment comparable to American levels over a decade-plus timeframe

Reading the geopolitical room might means accepting this uncomfortable reality. Europe’s commitment to data protection, to democracy, and to human rights is fundamentally constrained by dependence on technology infrastructure controlled by actors (American corporations and the US government) that operate according to principles incompatible with European values. The regulatory and strategic responses Europe has developed – GDPR, Digital Markets Act, GAIA-X, digital sovereignty initiatives – are necessary but insufficient without the geopolitical willingness to reduce European dependence on American technology and the financial resources to build genuine European alternatives. The path forward requires European policymakers to choose between three options, each with significant costs. Genuine digital sovereignty through European infrastructure would require investment comparable to American levels over a decade-plus timeframe. Negotiated changes to American surveillance law would require accepting temporary economic costs and strategic tension. Or Europe can continue on the current path of regulatory theater, where it writes strong rules that apply only to non-American companies while accepting American corporate and government access to European data as an unavoidable cost of the transatlantic relationship.

…adversaries are deeply embedded in the infrastructure that European civilization depends on…

Europe’s defenders of democracy and human rights deserve honest clarity about this choice rather than the fiction that GDPR, DMA, and DSA can meaningfully protect European data while it remains stored on American infrastructure subject to American law. Reading the geopolitical room means understanding not just that adversaries exist, but that some of those adversaries are deeply embedded in the infrastructure that European civilization depends on – and that addressing this requires choices far more difficult than regulatory fines or data protection training.

References:

  1. https://opencloud.eu/en/the-cloud-act-makes-it-possible
  2. https://www.crossborderdataforum.org/cloudactfaqs/
  3. https://datalynx.ch/en/insights/it-support/six-principles-on-the-cloud-act-from-microsoft/
  4. https://iapp.org/news/a/how-could-trump-administration-actions-affect-the-eu-u-s-data-privacy-framework-
  5. https://www.reddit.com/r/france/comments/1m2w35y/microsoft_confirme_que_le_gouvernement_am%C3%A9ricain/
  6. https://policyreview.info/articles/analysis/mitigating-risk-us-surveillance-public-sector-services-cloud
  7. https://www.oecd.org/en/publications/access-to-public-research-data-toolkit_a12e8998-en/general-data-protection-regulation-gdpr-eu-2016-679_308fe54f-en.html
  8. https://www.tandfonline.com/doi/full/10.1080/13600834.2019.1573501
  9. https://gdpr.eu/what-is-gdpr/
  10. https://verfassungsblog.de/digital-sovereignty-and-the-rights/
  11. https://cepa.org/comprehensive-reports/tech-2030-a-roadmap-for-europe-us-tech-cooperation/
  12. https://www.japantimes.co.jp/commentary/2025/11/19/world/europes-cloud-scares-and-us-tech-dominance/
  13. https://www.leidenlawblog.nl/articles/gaia-x-europes-values-based-counter-to-u-s-cloud-dominance
  14. https://www.tandfonline.com/doi/full/10.1080/1369118X.2025.2516545
  15. https://edri.org/our-work/promises-unkept-the-eu-us-data-privacy-framework-under-fire/
  16. https://www.intereconomics.eu/contents/year/2025/number/2/article/big-tech-and-the-us-digital-military-industrial-complex.html
  17. https://www.euronews.com/next/2024/06/01/heres-what-a-us-surveillance-law-means-for-european-data-privacy
  18. https://www.linkedin.com/news/story/europe-broadens-metas-targeted-ad-ban-5814180/
  19. https://epthinktank.eu/2024/06/28/regulating-social-media-what-is-the-european-union-doing-to-protect-social-media-users/
  20. https://segmentstream.com/blog/articles/meta-ads-behavioral-targeting-ban-europe
  21. https://ec.europa.eu/commission/presscorner/detail/en/ip_25_1085
  22. https://www.xtb.com/int/market-analysis/news-and-research/eu-fines-for-tech-giants-their-role-in-eu-usa-competition
  23. https://www.cirsd.org/en/horizons/horizons-winter-issue-20/eu-privacy-law-and-us-surveillance
  24. https://www.cookiebot.com/en/schrems-ii-privacy-shield/
  25. https://www.a1.digital/news/almost-30-years-of-challenges-with-us-data-protection/
  26. https://connectontech.bakermckenzie.com/how-does-the-eu-us-data-privacy-framework-benefit-companies-relying-on-the-eu-standard-contractual-clauses-for-data-transfers-to-the-us/
  27. https://rebalance-now.de/en/europes-opportunity-resolute-against-the-market-power-of-tech-companies/
  28. https://odessa-journal.com/public/european-intelligence-agencies-hybrid-threats-from-russia-and-china-continue-to-grow
  29. https://icds.ee/en/more-than-a-systemic-rival-china-as-a-security-challenge-for-the-eu/
  30. https://www.freiheit.org/europe/look-behind-scenes-chinese-espionage-european-parliament
  31. https://www.gmfus.org/sites/default/files/Russia%20disinformation%20CEE%20-%20June%204.pdf
  32. https://www.fairobserver.com/politics/russian-influence-in-central-europe-evolves-from-disinformation-to-democratic-erosion/
  33. https://civitates-eu.org/examining-russian-disinformation-in-both-western-and-central-eastern-europe/
  34. https://www.gssc.lt/en/publication/russias-disinformation-in-eastern-europe-revealing-the-geopolitical-narratives-and-communication-proxies-in-moldova/
  35. https://www.securityweek.com/apple-complains-meta-requests-risk-privacy-in-spat-over-eu-efforts-to-widen-access-to-iphone-tech/
  36. https://www.idm.at/wp-content/uploads/2025/05/Schaffer_Talik_A-Digital-Battlefield-How-Russian-Disinformation-Influences-Voter-Behaviour-in-Central-and-Eastern-Europe.pdf
  37. https://scandasia.com/eu-move-against-huawei-lifts-nordic-telecoms-nokia-and-ericsson/
  38. http://www.ifri.org/en/studies/europe-and-geopolitics-5g-walking-technological-tightrope
  39. https://cms.law/en/int/publication/gdpr-enforcement-tracker-report/numbers-and-figures
  40. https://www.enforcementtracker.com/?insights
  41. https://www.reddit.com/r/FacebookAds/comments/1gq7d27/meta_to_use_less_targeting_inputs_in_eu/
  42. https://hyper.ai/en/headlines/f98cff9e1002afcb1f07db9790d19b0f
  43. https://greydynamics.com/chinas-spy-networks-in-europe-unravelled-2/
  44. https://en.wikipedia.org/wiki/Gaia-X
  45. https://gaia-x.eu/gaia-x-strengthens-european-digital-sovereignty-at-european-parliament-reception/
  46. https://www.polytechnique-insights.com/en/columns/digital/gaia-x-the-bid-for-a-sovereign-european-cloud/
  47. https://www.elysee.fr/en/emmanuel-macron/2025/11/18/summit-on-european-digital-sovereignty-delivers-landmark-commitments-for-a-more-competitive-and-sovereign-europe
  48. https://pppescp.com/2025/02/04/digital-sovereignty-in-europe-navigating-the-challenges-of-the-digital-era/
  49. https://tomorrowsaffairs.com/how-can-europe-overcome-reliance-on-us-based-tech-giants
  50. https://www.linkedin.com/pulse/unmasking-spies-from-linkedin-leaks-espionage-modus-mario-bekes-buryc
  51. https://www.airuniversity.af.edu/JIPA/Display/Article/3768503/covert-connections-the-linkedin-recruitment-ruse-targeting-defense-insiders/
  52. https://www.linkedin.com/pulse/unmasking-espionage-linkedin-how-cyber-operatives-yanito-duncan-ms-jlepc
  53. https://www.oloid.com/blog/what-is-operational-security
  54. https://www.veritis.com/blog/what-is-operational-security-opsec-and-how-does-it-protect-critical-data/
  55. https://searchinform.com/articles/cybersecurity/type/opsec/
  56. https://proton.me/blog/big-tech-data-requests-surge
  57. https://en.wikipedia.org/wiki/CLOUD_Act
  58. https://techinquiry.org/docs/InternationalCloud.pdf
  59. https://aws.amazon.com/compliance/cloud-act/
  60. https://www.exoscale.com/blog/cloudact-vs-gdpr/
  61. https://www.wired.com/story/trump-era-digital-expat/
  62. https://www.wiley.law/alert-The-CLOUD-Act-Data-Access-Agreement-10-Things-That-US-Telecommunications-Companies-Need-to-Know-Now
  63. https://www.kiteworks.com/risk-compliance-glossary/us-cloud-act/
  64. https://wire.com/en/blog/big-tech-data-sovereignty-failure
  65. https://www.csis.org/analysis/cloud-act-and-transatlantic-trust
  66. https://www.tse-fr.eu/sites/default/files/TSE/documents/sem2024/eco_platforms/aridor_juin_2024.pdf
  67. https://www.reddit.com/r/ecommerce/comments/1bbcypv/how_to_target_usa_tiktok_and_meta_ads_while_in/
  68. https://wfanet.org/knowledge/item/2023/11/03/behavioural-advertising-practices-in-europe-by-meta
  69. https://ecfr.eu/publication/get-over-your-x-a-european-plan-to-escape-american-technology/
  70. https://digi-con.org/regulating-the-regulators-can-app-stores-strengthen-privacy-in-the-mobile-ecosystem/
  71. https://b2broker.com/news/eu-dma-re-evaluated-why-is-the-tech-probe-against-apple-google-and-meta-changing/
  72. https://www.jonloomer.com/qvt/behavioral-targeting-ban-in-eu/
0 replies

Leave a Reply

Want to join the discussion?
Feel free to contribute!

Leave a Reply

Your email address will not be published. Required fields are marked *