WASHINGTON - The U.S. government has directed its diplomatic corps to oppose efforts by foreign governments to impose tighter controls on the movement and processing of personal data, according to an internal State Department cable dated Feb 18 and signed by U.S. Secretary of State Marco Rubio.
The cable, which officials described as an "action request," warned that measures aimed at keeping citizens' information within national borders or otherwise restricting cross-border data flows could have broad consequences. It said such laws would "disrupt global data flows, increase costs and cybersecurity risks, limit Artificial Intelligence (AI) and cloud services, and expand government control in ways that can undermine civil liberties and enable censorship."
Against that backdrop, the memorandum directs American diplomats to take a more forceful international stance on data policy and to push back on what it characterizes as "unnecessarily burdensome" regulations, including data localization mandates that require data collected from a country to be stored there.
Guidance and talking points supplied with the cable include promotion of the Global Cross-Border Privacy Rules Forum - a group established in 2022 by the United States alongside Mexico, Canada, Australia, Japan and other partners - which the State Department describes as a vehicle to "support the free flow of data and effective data protection and privacy globally." The cable asked diplomats to track proposals that would restrict cross-border data flows and to use the Forum and its principles when engaging foreign counterparts.
The State Department did not respond to a request for comment on the cable. The Global Cross-Border Privacy Rules Forum did not reply to requests for comment included in the cable's distribution list.
Data sovereignty initiatives - often called data localization or similar labels - have been gaining momentum in several regions, notably Europe. The cable links that trend to concerns about the dominance of large U.S. AI companies, which frequently rely on extensive personal data sets to train and operate their models. Those dynamics have fueled European worries about privacy, surveillance and corporate control of information.
Officials on the continent have stepped up scrutiny of American social media and technology platforms, while legal frameworks such as the European Union's 2018 General Data Protection Regulation (GDPR) already impose limits on transferring Europeans' data abroad. The cable cited GDPR as an example of a rule it views as imposing "unnecessarily burdensome data processing restrictions and cross-border data flow requirements."
Experts quoted in the cable and contacted by diplomats see the recent U.S. posture as more confrontational than previous policy. Bert Hubert, a Dutch cloud computing expert and a former member of the board that oversees the Dutch intelligence services, suggested that Washington's current approach contrasts with earlier efforts to court European customers. "Where the previous administration attempted to woo European customers, the current one is demanding that Europeans disregard their own data privacy regulations that could hinder American business," he said in comments included with the cable.
The cable also raises concerns about China, asserting that Beijing has paired appealing technology infrastructure projects with restrictive data policies in a way that expands its global influence and could give it access to international data for surveillance and strategic leverage. The memorandum did not elaborate beyond that assertion, but it noted that China has tightened rules in recent years on how its companies store and transfer user data.
The Chinese Embassy in Washington said it was not familiar with the cable but stated that Beijing "has always attached great importance to cybersecurity and data security." The European Commission's mission in Washington did not reply to a request for comment included in the cable's outreach.
The communication is the latest in a sequence of diplomatic and policy moves aimed at countering certain European digital regulations. According to the cable, similar instructions were issued previously - including a directive last year for diplomats to encourage opposition to the European Union's Digital Services Act, legislation designed to compel large online platforms to remove illegal content such as extremist material or child sexual abuse material. The memorandum also referenced a recent U.S. initiative to create an online portal intended to give European and other users ways to bypass censorship of material including alleged hate speech and terrorist propaganda.
Overall, the State Department directive frames the preservation of cross-border data flows as essential to maintaining access to AI and cloud services and to avoiding higher costs and greater cybersecurity exposure. It urges U.S. envoys to use multilateral forums and bilateral engagements to press other governments to avoid imposing strict localization or transfer constraints that the administration believes would hinder technology services and could expand state control over information.
Diplomatic engagement on data rules is likely to continue as governments balance concerns about privacy, surveillance and national security with the commercial and operational needs of AI, cloud and social media companies that depend on the international movement of data.