The US-EU Rivalry for Data Protection: Energy Sector Implications
Éditoriaux de l’Ifri
1 - 7 p.
Data protection, Energy sector, Transatlantic relations, Protection des données, Secteur de l'énergie, Relations transatlantiques
The energy sector is undergoing a ‘digital revolution’, whereby information and communication technologies (ICTs) are increasingly deployed throughout energy infrastructure, leading to the growing digitization of production, storage and consumption processes. With potentially hundreds of millions of smart meters to be installed in the European Union (EU) and the United States (US) in the coming years, ICTs make it possible to collect and analyze large amounts of complex data to optimize the whole energy system, while providing consumers with a number of customized services. Firms in the energy sector are gradually turning into massive data collectors. As a result, the energy industry is one of the sectors that has been most impacted by the requirements outlined in the EU’s new General Data Protection Regulation (GDPR), launched in May 2018. On March 23rd 2018 however, and perhaps in anticipation of the GDPR, the US Congress ratified the Clarifying Lawful Overseas Use of Data Act (or Cloud Act) as part of the 2018 federal omnibus spending bill. Many of the potential benefits deriving from the GDPR, both from an economic viewpoint and from the perspective of privacy protection, risk being jeopardized by the Cloud Act and the danger of conflicting legislation. Indeed, the Cloud Act makes it lawful for US federal authorities, within the context of an investigation, to compel American technology companies, either through warrant or subpoena, to hand over data stored on their servers and data centers. This applies regardless of whether or not such data is stored on US soil or in a foreign country; the person(s) concerned are not notified and there is no possibility of oversight from judicial authorities in the country where the data is stored. The Cloud Act has a direct impact on the energy sector, because energy firms on both sides of the Atlantic have expanded their reliance on Cloud computing technologies to store the large quantity of data they are processing. Overall, the GDPR and the Cloud Act point to an escalation of the transatlantic rivalry for data protection, with major ramifications for the energy sector in the years to come.