Anton, a 44-year-old Russian soldier who heads a workshop responsible for repairing and supplying drones, was at his kitchen table when he learned last month that Elon Musk’s SpaceX had cut off access to Starlink terminals used by Russian forces. He scrambled for alternatives, but none offered unlimited internet, data plans were restrictive, and coverage did not extend to the areas of Ukraine where his unit operated. It’s not only American tech executives who are narrowing communications options for Russians. Days later, Russian authorities began slowing down access nationwide to the messaging app Telegram, the service that frontline troops use to coordinate directly with one another and bypass slower chains of command. “All military work goes through Telegram — all communication,” Anton, whose name has been changed because he fears government reprisal, told POLITICO in voice messages sent via the app. “That would be like shooting the entire Russian army in the head.” Telegram would be joining a home screen’s worth of apps that have become useless to Russians. Kremlin policymakers have already blocked or limited access to WhatsApp, along with parent company Meta’s Facebook and Instagram, Microsoft’s LinkedIn, Google’s YouTube, Apple’s FaceTime, Snapchat and X, which like SpaceX is owned by Musk. Encrypted messaging apps Signal and Discord, as well as Japanese-owned Viber, have been inaccessible since 2024. Last month, President Vladimir Putin signed a law requiring telecom operators to block cellular and fixed internet access at the request of the Federal Security Service. Shortly after it took effect on March 3, Moscow residents reported widespread problems with mobile internet, calls and text messages across all major operators for several days, with outages affecting mobile service and Wi-Fi even inside the State Duma. Those decisions have left Russians increasingly cut off from both the outside world and one another, complicating battlefield coordination and disrupting online communities that organize volunteer aid, fundraising and discussion of the war effort. Deepening digital isolation could turn Russia into something akin to “a large, nuclear-armed North Korea and a junior partner to China,” according to Alexander Gabuev, the Berlin-based director of the Carnegie Russia Eurasia Center. In April, the Kremlin is expected to escalate its campaign against Telegram — already one of Russia’s most popular messaging platforms, but now in the absence of other social-media options, a central hub for news, business and entertainment. It may block the platform altogether. That is likely to fuel an escalating struggle between state censorship and the tools people use to evade it, with Russia’s place in the world hanging in the balance. “It’s turned into a war,” said Mikhail Klimarev, executive director of the internet Protection Society, a digital rights group that monitors Russia’s censorship infrastructure. “A guerrilla war. They hunt down the VPNs they can see, they block them — and the ‘partisans’ run, build new bunkers, and come back.” THE APP THAT RUNS THE WAR On Feb. 4, SpaceX tightened the authentication system that Starlink terminals use to connect to its satellite network, introducing stricter verification for registered devices. The change effectively blocked many terminals operated by Russian units relying on unauthorized connections, cutting Starlink traffic inside Ukraine by roughly 75 percent, according to internet traffic analysis by Doug Madory, an analyst at the U.S. network monitoring firm Kentik. The move threw Russian operations into disarray, allowing Ukraine to make battlefield gains. Russia has turned to a workaround widely used before satellite internet was an option: laying fiber-optic lines, from rear areas toward frontline battlefield positions. Until then, Starlink terminals had allowed drone operators to stream live video through platforms such as Discord, which is officially blocked in Russia but still sometimes used by the Russian military via VPNs, to commanders at multiple levels. A battalion commander could watch an assault unfold in real time and issue corrections — “enemy ahead” or “turn left” — via radio or Telegram. What once required layers of approval could now happen in minutes. Satellite-connected messaging apps became the fastest way to transmit coordinates, imagery and targeting data. But on Feb. 10, Roskomnadzor, the Russian communications regulator, began slowing down Telegram for users across Russia, citing alleged violations of Russian law. Russian news outlet RBC reported, citing two sources, that authorities plan to shut down Telegram in early April — though not on the front line. In mid-February, Digital Development Minister Maksut Shadayev said the government did not yet intend to restrict Telegram at the front but hoped servicemen would gradually transition to other platforms. Kremlin spokesperson Dmitry Peskov said this week the company could avoid a full ban by complying with Russian legislation and maintaining what he described as “flexible contact” with authorities. Roskomnadzor has accused Telegram of failing to protect personal data, combat fraud and prevent its use by terrorists and criminals. Similar accusations have been directed at other foreign tech platforms. In 2022, a Russian court designated Meta an “extremist organization” after the company said it would temporarily allow posts calling for violence against Russian soldiers in the context of the Ukraine war — a decision authorities used to justify blocking Facebook and Instagram in Russia and increasing pressure on the company’s other services, including WhatsApp. Telegram founder Pavel Durov, a Russian-born entrepreneur now based in the United Arab Emirates, says the throttiling is being used as a pretext to push Russians toward a government-controlled messaging app designed for surveillance and political censorship. That app is MAX, which was launched in March 2025 and has been compared to China’s WeChat in its ambition to anchor a domestic digital ecosystem. Authorities are increasingly steering Russians toward MAX through employers, neighborhood chats and the government services portal Gosuslugi — where citizens retrieve documents, pay fines and book appointments — as well as through banks and retailers. The app’s developer, VK, reports rapid user growth, though those figures are difficult to independently verify. “They didn’t just leave people to fend for themselves — you could say they led them by the hand through that adaptation by offering alternatives,” said Levada Center pollster Denis Volkov, who has studied Russian attitudes toward technology use. The strategy, he said, has been to provide a Russian or state-backed alternative for the majority, while stopping short of fully criminalizing workarounds for more technologically savvy users who do not want to switch. Elena, a 38-year-old Yekaterinburg resident whose surname has been withheld because she fears government reprisal, said her daughter’s primary school moved official communication from WhatsApp to MAX without consulting parents. She keeps MAX installed on a separate tablet that remains mostly in a drawer — a version of what some Russians call a “MAXophone,” gadgets solely for that app, without any other data being left on those phones for the (very real) fear the government could access it. “It works badly. Messages are delayed. Notifications don’t come,” she said. “I don’t trust it … And this whole situation just makes people angry.” THE VPN ARMS RACE Unlike China’s centralized “Great Firewall,” which filters traffic at the country’s digital borders, Russia’s system operates internally. Internet providers are required to route traffic through state-installed deep packet inspection equipment capable of controlling and analyzing data flows in real time. “It’s not one wall,” Klimarev said. “It’s thousands of fences. You climb one, then there’s another.” The architecture allows authorities to slow services without formally banning them — a tactic used against YouTube before its web address was removed from government-run domain-name servers last month. Russian law explicitly provides government authority for blocking websites on grounds such as extremism, terrorism, illegal content or violations of data regulations, but it does not clearly define throttling — slowing traffic rather than blocking it outright — as a formal enforcement mechanism. “The slowdown isn’t described anywhere in legislation,” Klimarev said. “It’s pressure without procedure.” In September, Russia banned advertising for virtual private network services that citizens use to bypass government-imposed restrictions on certain apps or sites. By Klimarev’s estimate, roughly half of Russian internet users now know what a VPN is, and millions pay for one. Polling last year by the Levada Center, Russia’s only major independent pollster, suggests regular use is lower, finding about one-quarter of Russians said they have used VPN services. Russian courts can treat the use of anonymization tools as an aggravating factor in certain crimes — steps that signal growing pressure on circumvention technologies without formally outlawing them. In February, the Federal Antimonopoly Service opened what appears to be the first case against a media outlet for promoting a VPN after the regional publication Serditaya Chuvashiya advertised such a service on its Telegram channel. Surveys in recent years have shown that many Russians, particularly older citizens, support tighter internet regulation, often citing fraud, extremism and online safety. That sentiment gives authorities political space to tighten controls even when the restrictions are unpopular among more technologically savvy users. Even so, the slowdown of Telegram drew criticism from unlikely quarters, including Sergei Mironov, a longtime Kremlin ally and leader of the Just Russia party. In a statement posted on his Telegram channel on Feb. 11, he blasted the regulators behind the move as “idiots,” accusing them of undermining soldiers at the front. He said troops rely on the app to communicate with relatives and organize fundraising for the war effort, warning that restricting it could cost lives. While praising the state-backed messaging app MAX, he argued that Russians should be free to choose which platforms they use. Pro-war Telegram channels frame the government’s blocking techniques as sabotage of the war effort. Ivan Philippov, who tracks Russia’s influential military bloggers, said the reaction inside that ecosystem to news about Telegram has been visceral “rage.” Unlike Starlink, whose cutoff could be blamed on a foreign company, restrictions on Telegram are viewed as self-inflicted. Bloggers accuse regulators of undermining the war effort. Telegram is used not only for battlefield coordination but also for volunteer fundraising networks that provide basic logistics the state does not reliably cover — from transport vehicles and fuel to body armor, trench materials and even evacuation equipment. Telegram serves as the primary hub for donations and reporting back to supporters. “If you break Telegram inside Russia, you break fundraising,” Philippov said. “And without fundraising, a lot of units simply don’t function.” Few in that community trust MAX, citing technical flaws and privacy concerns. Because MAX operates under Russian data-retention laws and is integrated with state services, many assume their communications would be accessible to authorities. Philippov said the app’s prominent defenders are largely figures tied to state media or the presidential administration. “Among independent military bloggers, I haven’t seen a single person who supports it,” he said. Small groups of activists attempted to organize rallies in at least 11 Russian cities, including Moscow, Irkutsk and Novosibirsk, in defense of Telegram. Authorities rejected or obstructed most of the proposed demonstrations — in some cases citing pandemic-era restrictions, weather conditions or vague security concerns — and in several cases revoked previously issued permits. In Novosibirsk, police detained around 15 people ahead of a planned rally. Although a small number of protests were formally approved, no large-scale demonstrations ultimately took place. THE POWER TO PULL THE PLUG The new law signed last month allows Russia’s Federal Security Service to order telecom operators to block cellular and fixed internet access. Peskov, the Kremlin spokesman, said subsequent shutdowns of service in Moscow were linked to security measures aimed at protecting critical infrastructure and countering drone threats, adding that such limitations would remain in place “for as long as necessary.” In practice, the disruptions rarely amount to a total communications blackout. Most target mobile internet rather than all services, while voice calls and SMS often continue to function. Some domestic websites and apps — including government portals or banking services — may remain accessible through “whitelists,” meaning authorities allow certain services to keep operating even while broader internet access is restricted. The restrictions are typically localized and temporary, affecting specific regions or parts of cities rather than the entire country. Internet disruptions have increasingly become a tool of control beyond individual platforms. Research by the independent outlet Meduza and the monitoring project Na Svyazi has documented dozens of regional internet shutdowns and mobile network restrictions across Russia, with disruptions occurring regularly since May 2025. The communications shutdown, and uncertainty around where it will go next, is affecting life for citizens of all kinds, from the elderly struggling to contact family members abroad to tech-savvy users who juggle SIM cards and secondary phones to stay connected. Demand has risen for dated communication devices — including walkie-talkies, pagers and landline phones — along with paper maps as mobile networks become less reliable, according to retailers interviewed by RBC. “It feels like we’re isolating ourselves,” said Dmitry, 35, who splits his time between Moscow and Dubai and whose surname has been withheld to protect his identity under fear of governmental reprisal. “Like building a sovereign grave.” Those who track Russian public opinion say the pattern is consistent: irritation followed by adaptation. When Instagram and YouTube were blocked or slowed in recent years, their audiences shrank rapidly as users migrated to alternative services rather than mobilizing against the restrictions. For now, Russia’s digital tightening resembles managed escalation rather than total isolation. Officials deny plans for a full shutdown, and even critics say a complete severing would cripple banking, logistics and foreign trade. “It’s possible,” Klimarev said. “But if they do that, the internet won’t be the main problem anymore.”

DUBLIN — TikTok on Tuesday began a defense of how it handles Europeans’ privacy and data in a court case that will define how Chinese-owned companies in Europe deal with Beijing’s spying laws. The popular social media app is going head to head with the Irish Data Protection Commission — Europe’s most powerful privacy regulator, which oversees tech giants including Meta, X and Google. At stake in the Irish court battle is whether TikTok is allowed to transfer personal data of Europeans to China. The company, which is owned by Chinese giant ByteDance, is challenging a €530 million fine by the Irish regulator last year, when officials found it had allowed Chinese staff to access Europeans’ data — but failed “to verify, guarantee and demonstrate” that the data was properly protected. The Irish regulator wants TikTok to shut off data flows to China, unless it can prove its user information is safe from Beijing’s invasive surveillance and intelligence laws. The case is a major test for Europe’s privacy rulebook, the General Data Protection Regulation (GDPR), and how it protects Europeans when their data is transferred to China. It comes as Europe is facing transatlantic pressure, forcing the bloc to revisit trade ties with Beijing, despite long-held security concerns over the Chinese government’s data snooping practices. Lawyers faced off Tuesday in Dublin’s top courts building, for the start of a grueling 10-day hearing, sparring over how to interpret the limits of Chinese laws and the merits of TikTok’s data practices. “The consequences of [the Irish regulator’s] decision are immense, even for a very large organization like TikTok,” the firm’s senior counsel Paul Gallagher told the court, estimating the cost of complying with the Irish order to run as high as €5 billion. If judges side with the Irish regulator, that could ultimately force TikTok to unplug from China entirely to continue serving European users — just months after it split off its U.S. operation into a new app, under the control of a group of investors led by Silicon Valley giant Oracle and investment firms Silver Lake and MGX, to alleviate long-standing American data security concerns. TikTok has estimated that it would cost billions for it to comply with the Irish regulator’s demand to cut off data flows, and would involve relocating thousands of its workers outside of China. DATA ACCESS WOES The Irish regulator slapped TikTok with the privacy fine last May after it found the platform couldn’t guarantee the data of its 159 million monthly users in Europe were safe from China’s “problematic” surveillance laws. “This is all about what TikTok have described as the relevant laws, and what the [Data Protection Commission, or DPC] have described as the problematic laws,” said TikTok’s senior counsel Gallagher, who is also a former attorney general for the Irish government. “We don’t think they are problematic, because we think they don’t apply. The DPC thinks they are problematic, because it thinks they do apply.” The fine was one of the highest the Irish regulator has handed out since it started enforcing the GDPR in 2018. It followed years of scrutiny from security and privacy authorities, as Western governments increasingly viewed TikTok as a threat. TikTok is owned by Beijing-based ByteDance, and staff in China have remote access to some European user data stored outside the country. In details shared with the Irish regulator during the investigation, TikTok said that the kind of data accessed by staff in China could include usernames and account holder details, interaction and activity data, and other personal data. It said the company didn’t intend to collect sensitive data about users, but it “may be collected incidentally or uploaded” by users, and staff needed to have “restricted and limited” access for research, security, analytics and other services. TikTok has said Chinese laws don’t apply to its data, which it stores outside of China, and has said it has never been asked to hand over data to Beijing’s authorities.  The firm already launched a massive campaign to alleviate European politicians’ security concerns in 2023, when it presented what it called “Project Clover,” a €12 billion plan designed to store data in Europe, overseen by a European security company. It mimicked a U.S. campaign called “Project Texas,” which promised similar controls to the U.S. in 2020. But the moves failed to persuade politicians. The EU already cracked down on TikTok for its own officials when it banned the app on their phones in 2023, a move that was followed by many governments across Europe. CHINA VS. US The TikTok case is also forcing Europe to deal with a blind spot: data flowing to China has, so far, been left largely unscrutinized. The EU has skirmished with American authorities for years over how to protect Europeans’ personal data from mass surveillance programs uncovered by whistleblower Edward Snowden in 2013. Data transfer agreements crafted by the EU and U.S. have been repeatedly wiped out by Europe’s top court over surveillance concerns. For data flowing to China, though, few cases have tested how companies protect Europeans’ data when it comes within reach of Beijing’s surveillance authorities. The Irish regulator’s decision to fine TikTok meant the “screw is turning” on data flows to China, Joe Jones, research director at the International Association of Privacy Professionals, said after the decision came out. “We’ve had over a decade of EU-U.K., EU-U.S. fights and sagas on [data flows]. This is the first time we’ve seen anything significant on any other country outside of that transatlantic triangle — and it’s China,” Jones said.

BRUSSELS — The European Parliament has disabled AI features on the work devices of lawmakers and their staff over cybersecurity and data protection concerns, according to an internal email seen by POLITICO. The chamber emailed its members on Monday to say it had disabled “built-in artificial intelligence features” on corporate tablets after its IT department assessed it couldn’t guarantee the security of the tools’ data. “Some of these features use cloud services to carry out tasks that could be handled locally, sending data off the device,” the Parliament’s e-MEP tech support desk said in the email. “As these features continue to evolve and become available on more devices, the full extent of data shared with service providers is still being assessed. Until this is fully clarified, it is considered safer to keep such features disabled.” The European Union has beefed up its data security policies in recent years, in part due to concerns around foreign technology vendors. A group of lawmakers in November urged the Parliament to ditch internal use of Microsoft software in favor of a European alternative, POLITICO reported. The institution in 2023 also banned the use of social media app TikTok on staff devices and recommended that MEPs delete it from their phones. The latest move to switch off AI tools concerns built-in features like writing and summarizing assistants, enhanced virtual assistants and webpage summaries in both tablets and phones, an EU official said, granted anonymity to disclose details of the security policy. Apps, email, calendar, documents, and other day-to-day tools are not affected, the email to lawmakers said. In a written statement to POLITICO, the European Parliament press service said it “constantly monitor[s] cybersecurity threats and quickly deploys the necessary measures to prevent them,” but wouldn’t comment on specific security or cybersecurity matters due to their “sensitive nature.” The Parliament declined to clarify what exact built-in AI features have been disabled, or what systems the work devices operate on. The email also urged lawmakers to “consider applying similar precautions” for their own, private devices, especially those being used for work-related tasks. Members should avoid exposing work emails, documents or internal information “to AI features that scan or analyze content,” be “cautious” with third-party AI apps and “avoid granting broad access to data,” the email said.

BRUSSELS — The European Union is pressing ahead with talks to grant United States border authorities unprecedented access to Europeans’ data, despite growing concerns about American surveillance. The European Commission is brokering a deal to exchange information about travelers, including fingerprints and law enforcement records, so the U.S. can determine if they “pose a risk to public security or public order,” according to official documents. Commission officials flew to Washington last week for the first round of negotiations, according to two people familiar with the matter. The Trump administration’s request for deeper access comes after the U.S. border agency in December proposed reviewing five years of social media history. Talks are happening as the U.S. Immigration and Customs Enforcement (ICE) service is under heavy scrutiny for its use of surveillance technology against protesters in cities such as Minneapolis. The negotiations should be “put on hold” until the security and privacy of citizens in the EU and U.S. can be guaranteed, liberal European Parliament member Raquel García Hermida-van der Walle said in an interview. Romain Lanneau, a legal researcher with surveillance watchdog Statewatch, said police databases in Europe could contain information on anyone from protesters to journalists who might be considered a “threat,” and that — under the deal being discussed — this information would be at the fingertips of U.S. border authorities who could refuse those people entry to the United States or even detain them. European regulators are “very cautiously looking at what’s happening in the United States,” Wojciech Wiewiórowski, the EU’s in-house data protection supervisor, told POLITICO. Europe “has to be careful” about how it allows the data of Europeans to flow to the U.S., he said.  Hermida-van der Walle in January co-signed a letter by six prominent lawmakers calling on the Commission to stand down given the “current geopolitical context,” despite Washington’s admonition that failure to reach a deal will mean Europeans lose access to its visa waiver program. UNPRECEDENTED ACCESS The U.S. is seeking access to information including biometric data such as fingerprints that is stored on national databases in European countries, according to an explanatory note sent to national experts. The data would be used to “address irregular migration and to prevent, detect, and combat serious crime and terrorist offences,” the note said. In an earlier opinion on the deal, the European Data Protection Supervisor (EDPS) — a watchdog that advises the Commission on privacy policies — noted the deal would be the first of its kind to enable “large-scale sharing of personal data … for the purpose of border and immigration control” with a non-EU country. The Commission would negotiate a framework deal that would serve as a template for bilateral agreements called Enhanced Border Security Partnerships (EBSPs), which national governments agree with Washington. EU countries in December signed off on the Commission’s request to start talks with the U.S. Washington is pressuring its EU counterparts by imposing a deadline for the bilateral deals to be agreed by the end of 2026. If countries fail to reach a deal with the U.S. they risk being cut from the latter’s visa waiver program. The U.S has made it mandatory for all countries that are part of the visa waiver program to have an EBSP in place. “The pressure which the United States is extorting on our member states, the threats that if you don’t agree with this we will cancel your access to the visa waiver program, that is an element of blackmail that we cannot let go,” Hermida-van der Walle said. The EDPS watchdog has cautioned that the scope of data sharing should be as narrow as possible, with clear justifications for every query; transparency around how the data is used; and judicial redress available in the U.S. for any person. Commission spokesperson Markus Lammert emphasised at a recent press briefing that the framework being negotiated will involve “clear and robust safeguards on data protection,” and will ensure “a non-systematic nature of the information exchange and that the exchange is limited to what is strictly necessary to achieve the objectives of this cooperation.”  US PRIVACY UNDER PRESSURE Access to the data is the latest issue putting pressure on a troubled relationship between the U.S. and the EU on data privacy. Since whistleblower Edward Snowden in 2013 revealed U.S. mass surveillance practices affecting Europeans, the EU has tightened controls on how Washington handles Europeans’ data. Since the return of Donald Trump as president last year, officials and rights groups have deplored a move by the U.S. administration to gut a key privacy watchdog tasked with overseeing privacy safeguards in place to protect Europeans. The Trump administration has also been ramping up mass surveillance of citizens by federal agencies like ICE, including through contracts with Israeli spyware company Paragon, surveillance giant Palantir and other firms. Capgemini, a prominent French IT firm, on Sunday said it was selling off its American activities after it faced political backlash from the French government that its software was being used by ICE authorities. Civil rights groups, lawmakers and other watchdogs fear the new EU-U.S. data sharing deals would add to backsliding on privacy rights.    “The current initiatives are being presented as toward counter-terrorism, but a lot of them are actually adopted for the chilling effect [on political activism],” Statewatch’s Lanneau said. Hermida-van der Walle, the liberal lawmaker, warned: “If people have to go to the United States, if it’s not a choice but something that they have do, there is a risk of self-censoring.”  “This comes from an administration who claims to be the biggest defender of free speech. What they’re doing with their actions is curtailing the possibility of people to express themselves freely, because otherwise they might not get access into the country,” she said.

The Trump administration is lashing out at foreign laws aimed at clamping down on online platforms that have gained outsized influence on people’s attention — while trying to avoid launching new trade wars that could threaten the U.S. economy. Over the past month, U.S. officials have paused talks on a tech pact with the United Kingdom, canceled a trade meeting with South Korean officials and issued veiled threats at European companies over policies they believe unfairly penalize U.S. tech giants. Several tech policy professionals and people close to the White House say the recent actions amount to a “negotiating tactic,” in the words of one former U.S. trade official. As talks continue with London, Brussels and Seoul, the Office of the U.S. Trade Representative is pressing partners to roll back digital taxes on large online platforms and rules aimed at boosting online privacy protections — measures U.S. officials argue disproportionately target America’s tech behemoths. “It’s telegraphing that we’ve looked at this deeply, we think there’s a problem, we’re looking at tools to address it and we’re looking at remedies if we don’t come to an agreement,” said Everett Eissenstat, who served as the director of the National Economic Council in Trump’s first term. “It’s not an unprecedented move, but naming companies like that and telegraphing that we have targets, we have tools, is definitely meaningful.” But so far, the administration has shied away from new tariffs or other aggressive actions that could upend tentative trade agreements or upset financial markets. And the new tough talk may not be enough to placate some American tech companies, who are pressing for action. One possible action, floated by U.S. Trade Representative Jamieson Greer, would be launching investigations into unfair digital trade practices, which would allow the administration to take action against countries that impose digital regulations on U.S. companies. “I would just say that’s the next level of escalation. I think that’s what people are waiting for and looking for,” said a representative from a major tech company, granted anonymity to speak candidly and discuss industry expectations. “What folks are looking for is like action over the tweets, which, we love the tweets. Everyone loves the tweets.” Trump used similar investigations to justify raising tariffs on hundreds of Chinese imports in his first term. But those investigations take time, and it can be years before any increases would go into effect. Greer has also been careful to hedge threats of new trade probes, stressing they are not meant to spiral into a broader conflict. Speaking on CNBC’s “Squawk Box” last week, he floated launching a trade investigation into the EU’s digital policies, but said the goal would be a “negotiated outcome,” not an automatic path to higher tariffs. “I don’t think we’re in a world where we want to have some renewed trade fight or something with the EU — that’s not what we’re talking about,” Greer said. “We want to finish off our deal and implement it,” he continued, referring to the trade pact the partners struck over the summer. Greer also raised the prospect of a trade probe in private talks with South Korea earlier this fall, saying the U.S. might have to resort to such action if the country continues to pursue legislation the administration views as harmful to U.S. tech firms. But a White House official clarified that the U.S. was not yet considering such a “heavy-handed approach.” Even industry officials aren’t certain how aggressive they want the Trump administration to be, acknowledging that if the U.S. escalated its fight with the EU over their tech regulations, it could spark a digital trade war that would ultimately end up harming all of the companies involved, according to a former USTR official, granted anonymity to speak candidly. President Donald Trump has long criticized the tech regulations — pioneered by the European Union and now proliferating around the globe. But he’s made the issue a much more central part of his second-term trade agenda, with mixed results. While Trump’s threat to cut off trade talks with Canada got Prime Minister Mark Carney to rescind their three percent tax on revenue earned by large online platforms, his administration has struggled to make headway with the EU, UK and South Korea in the broader trade negotiations over tariffs. The tentative trade deal the administration reached with the EU over the summer included a commitment from the bloc to address “unjustified digital trade barriers” and a pledge not to impose network usage fees, but left the scope and direction of future discussions largely undefined. The agreement fleshed out with South Korea this fall appeared to go even further, spelling out commitments that regulations governing online platforms and cross-border data flows won’t disadvantage American companies. But none of those governments have so far caved to U.S. pressure to abandon their digital regulations entirely, and the canceled talks and threatening social media posts are a sign of Trump’s growing frustration. “You won’t be surprised to know that what we think is fair treatment and what they think is fair treatment is quite different and I’ve been quite frankly disappointed over the past few months to see zero moderation by the EU,” Greer said Dec. 10 at an event at the Atlantic Council. Last week, Greer’s office amped up the rhetoric further, threatening to take action against major European companies like Spotify, German automation company Siemens and Mistral AI, the French artificial intelligence firm, if the EU doesn’t back off enforcement of its digital rules. The threat came a week after the EU fined X, the company formerly known as Twitter, $140 million for failing to meet EU transparency rules. Greer’s office also canceled a meeting planned for last Thursday with South Korean officials, as South Korean lawmakers introduced new digital legislation and held an explosive hearing on a data breach at Coupang, an American-headquartered e-commerce company whose largest market is in South Korea. The South Korean Embassy denied any relationship between the Coupang hearing and the cancellation of the recent meeting. “Neither Coupang’s data breach, the subsequent investigation by the Korean government, nor the National Assembly’s hearing played a role in the scheduling of the KORUS Joint Committee,” said an embassy official. The canceled meetings and frozen talks are significant — delaying implementation of bare bones trade agreements and investment pledges inked in recent months. But the Trump administration has shown little interest in blowing up the deals its reached and reapplying the steep tariffs it threatened over the summer, which could trigger significant retaliation and, as concerns about affordability and inflation continue to simmer in the U.S., prove politically dicey. Launching trade investigations at USTR or fining specific foreign companies could be a less inflammatory move. “What is happening is that these issues are starting to come to a head,” said Dirk Auer, a Director of Competition Policy International Center for Law & Economics, who focuses on antitrust issues and recently testified before Congress on digital services laws. “At some point the administration has to put up or shut up. They need to put their money where their mouth is. And I think that’s what’s happening right now.” Gabby Miller contributed to this report.

BRUSSELS — A fresh proposal by European Commission President Ursula von der Leyen to reform digital laws on Wednesday was welcomed by lawmakers on the right but shunned on the left. It signals a possible repeat of a pivotal parliamentary clash last week in which von der Leyen’s center-right European People’s Party sided with the far right to pass her first omnibus proposal on green rules — sidelining the centrist coalition that voted the Commission president into office last year. The EU executive on Wednesday presented plans to overhaul everything from its flagship General Data Protection Regulation to data rules and its fledgling Artificial Intelligence Act. The reforms aim to help businesses using data and AI, in an effort to catch up with the United States, China and other regions in the global tech race. Drafts of the plans obtained by POLITICO caused an uproar in Brussels in the past two weeks, as everyone from liberal to left-leaning political groups and privacy-minded national governments rang the alarm. Von der Leyen sought to extend an olive branch with last-minute tweaks to her proposal, but she’s still a long way away from center-left groups. The Progressive Alliance of Socialists and Democrats, Greens and The Left all slamming the plans in recent days. Tom Vandendriessche, a Belgian member of the far-right Patriots for Europe group, said the GDPR is not “untouchable,” and that there needs to be simplification “to ensure our European companies can compete again.” He added: “If EPP supports that course, we’re happy to collaborate on that.” Charlie Weimers a Swedish member of the right-wing European Conservatives and Reformists, welcomed the plan for “cleaning up overlapping data rules, cutting double reporting and finally tackling the cookie banner circus.” Weimers argued von der Leyen could go further, saying it falls short of being “the regulatory U-turn the EU actually needs” to catch up in the AI race. Those early rapprochements on the right are what Europe’s centrists and left fear most. The digital omnibus “should not be a repetition of omnibus one,” German Greens lawmaker Sergey Lagodinsky told reporters on Wednesday. Lagodinsky warned EPP leader Manfred Weber that “there should be no games with anti-democratic and anti-European parties.” BIG REFORMS, SMALL CONCESSIONS The Commission’s double-decker digital omnibus package includes one plan to simplify the EU’s data-related laws (including the GDPR as well as rules for nonpersonal data), and another specifically targeting the AI Act. A Commission official, briefing reporters without being authorized to speak on the record, said the omnibus’ impact on the GDPR was subject to “intense discussion” internally in the run up to Wednesday’s presentation, after its rough reception from some parliament groups and privacy organizations. Much in the EU executive’s final text remained unchanged. Among the proposals, the Commission wants to insert an affirmation into the GDPR that AI developers can rely on their “legitimate interest” to legally process Europeans’ data. That would give AI companies more confidence that they don’t always have to ask for consent. It also wants to change the definition of personal data in the GDPR to allow pseudonymized data — where a person’s details have been obscured so they can’t be identified — to be more easily processed. The omnibus proposals also aim to reduce the number of cookie banners that crop up across Europe’s internet. To assuage privacy concerns, Commission officials scrapped a hotly contested clause that would have redefined what is considered “special category” data, like a person’s religious or political beliefs, ethnicity or health data, which are afforded extra protections under the GDPR. The new cookie provision will also contain an explicit statement that website and app operators still need to get consent to access information on people’s devices. SEEKING POLITICAL SUPPORT The final texts will now be scrutinized by the Parliament and Council of the European Union. Von der Leyen’s center-right EPP welcomed the digital simplification plans as a “a critical boost for Europe’s industrial competitiveness.” Parliament’s group of center-left Socialists and Democrats came out critical of the reforms. Birgit Sippel, a prominent German member of the group, said in a statement the Commission “wants to undermine its own standards of protection in the area of data protection and privacy in order to facilitate data use, surveillance, and AI tools ‘made in the U.S.’” On the EPP’s immediate left, the liberal Renew group cited “important concerns” about the final texts but said it was “delighted” that the Commission backtracked on changing the definition of sensitive data, one idea in the leaked drafts that triggered a backlash. Renew said it would “support changes in the digital omnibus that will make life easier for our European companies.” If von der Leyen goes looking for votes for her digital omnibus among far-right groups, she will find support but it might not be a united front. German lawmaker Christine Anderson of the Alternative for Germany party, part of the far-right Europe of Sovereign Nations group, warned the digital omnibus could end up boosting “the ability to track and profile people.” Weaker privacy rules would “enable enhanced surveillance architecture,” she said, adding her party had “always opposed” such changes. “On these issues, we find ourselves much closer to the groups on the left in the Parliament,” she said. Pieter Haeck contributed reporting.

BRUSSELS — European Union officials are ready to sacrifice some of their most prized privacy rules for the sake of AI, as they seek to turbocharge business in Europe by slashing red tape.  The European Commission will unveil a “digital omnibus” package later this month to simplify many of its tech laws. The executive has insisted that it is only trimming excess fat through “targeted” amendments, but draft documents obtained by POLITICO show that officials are planning far-reaching changes to the General Data Protection Regulation (GDPR) to the benefit of artificial intelligence developers.   The proposed overhaul will come as a boon to businesses working with AI, as Europe scrambles to stay economically competitive on the world stage. But touching the flagship privacy law — seen as the “third rail” of EU tech policy — is expected to trigger a massive political and lobbying storm in Brussels. “Is this the end of data protection and privacy as we have signed it into the EU treaty and fundamental rights charter?” said German politician Jan Philipp Albrecht, who as a former European Parliament member was one of the chief architects of the GDPR. “The Commission should be fully aware that this is undermining European standards dramatically.” Brussels’ shift on privacy comes as it frets over Europe’s waning economic power. Former Italian Prime Minister Mario Draghi namechecked the General Data Protection Regulation as holding back European innovation on artificial intelligence in his landmark competitiveness report last year. European privacy regulators have already been spoiling Big Tech’s AI party in recent years. Meta, X and LinkedIn have all delayed rollouts of artificial intelligence applications in Europe after interventions by the Irish Data Protection Commission. Google is facing an inquiry by the same regulator and was previously forced to pause the release of its Bard chatbot. Italy’s regulator has previously imposed temporary blocks on OpenAI’s ChatGPT and Chinese DeepSeek over privacy concerns. Those same tech giants are racing ahead in the U.S., without an equivalent blanket privacy law barring them from feeding AI with citizens’ data. UNLEASH THE LOBBYISTS The General Data Protection Regulation’s initial drafting in 2012-2016 triggered one of the biggest lobbying efforts Brussels has ever seen. Since taking effect in 2018, the EU has steered clear of amending it, fearing it would reignite the vicious lobbying war.  In past months, Commission officials have sought to preempt worries that it was overhauling the privacy rulebook. It insisted that its simplification proposals wouldn’t touch the underlying principles of the GDPR.  Now that draft plans are out, civil society campaigners have begun sounding the alarm. The Commission is “secretly trying to overrun everyone else in Brussels,” said Max Schrems, founder of Austrian privacy group Noyb — and Europe’s infamous privacy campaigner who was behind court cases that brought down major data transfer deals with the United States in the past. “This disregards every rule on good lawmaking, with terrible results,” he said. “Is this the end of data protection and privacy as we have signed it into the EU treaty and fundamental rights charter?” said German politician Jan Philipp Albrecht. | Heiko Rebsch/picture alliance via Getty Images One line of attack from privacy groups is to poke holes in what they say is a rushed omnibus process. While the GDPR took years to negotiate, public consultation on the digital omnibus only ended in October. The Commission has not prepared impact assessments to accompany its proposals, as it says the changes are only targeted and technical. The Commission’s tunnel vision on the AI race has resulted in a “poorly drafted ‘quick shot’ in a highly complex and sensitive area,” said Schrems. LOOSENING PRIVACY RULES The draft proposal obtained by POLITICO shows how far the European Commission is willing to go to placate industry on AI. Draft changes would create new exceptions for AI companies that would allow them to legally process special categories of data (like a person’s religious or political beliefs, ethnicity or health data) to train and operate their tech. The Commission is also planning to reframe the definition of such special category data, which are afforded extra protections under the privacy rules.   Officials also want to redefine what constitutes as personal data, saying that pseudonymized data (where personal details have been obscured so a person can’t be identified) might not always be subject to the GDPR’s protections, a change that reflects a recent ruling from the EU’s top court. Finally, it wants to reform Europe’s pesky cookie banner rules by inserting a provision into the GDPR that would give website and app owners more legal grounds to justify tracking users beyond simply obtaining their consent. The draft proposal could still change before the Commission officially unveils its plans on Nov. 19. Once presented, the omnibus package has to pass muster with EU countries and lawmakers, who are already sharply divided on whether to touch privacy protections.   But Finnish center-right lawmaker Aura Salla said she would “warmly” welcome the proposal “if done correctly,” as it could bring legal certainty for AI companies. | Alexis Haulot/European Parliament Documents seen by POLITICO show that Estonia, France, Austria and Slovenia are firmly against any rewrite of the General Data Protection Regulation. Germany — usually seen as one of the most privacy-minded countries — on the other hand is pushing for big changes to help AI. In the European Parliament, the issue is expected to divide groups. Czech Greens lawmaker Markéta Gregorová said she is “surprised and concerned” that the GDPR is being reopened. She warned that Europeans’ fundamental rights “must carry more weight than financial interests.”  But Finnish center-right lawmaker Aura Salla — who previously led Meta’s Brussels lobbying office — said she would “warmly” welcome the proposal “if done correctly,” as it could bring legal certainty for AI companies. Salla emphasized that the Commission will have to “ensure it is European researchers and companies, not just third country giants that gain a competitive edge from our own rules.” 

Enrico Letta is president of the Jacques Delors Institute and a former prime minister of Italy. Pascal Lamy is vice-president of the Paris Peace Forum and a former European commissioner for Trade. Kolinda Grabar-Kitarović is co-chair of the Global Preparedness Monitoring Board and a former president of Croatia. They are all members of the Governing Board of the new Jacques Delors Friends of Europe Foundation. For too long, the European project has been treated like an à la carte menu. Leaders cherry-pick advantages, blame Brussels for the compromises they’ve accepted, and leave citizens to bear the consequences of watered-down decisions and years-long delays. This habit of the political dodge, of agreeing in public and unraveling at home, has dented public trust, and it must stop. By 2028, Europe must complete the single market — not in slogans but in the concrete areas that shape everyday life, like energy, telecommunications, savings and investments, and the free circulation of knowledge and innovation. A real single market in these fields will deliver tangible benefits for citizens: Harmonized energy markets mean cross-border trade of electricity and gas, stabilized supplies and lower bills when markets work properly. Unified telecoms will reduce roaming and domestic price monopolies, improve service and widen access. Integrated capital markets will give savers better returns, channel funds to growing firms and make loans cheaper for small businesses. And removing barriers to research and data flows will allow students, scientists and entrepreneurs to collaborate and scale up without coming up against national borders. In short: more choice, lower costs, better opportunities and faster innovation. Alongside these priorities, Europe must also adopt what Enrico Letta and others call the “28th regime” — a mechanism that allows individuals and businesses to operate under uniform EU standards when national rules obstruct progress. Voluntary pioneers shouldn’t be hostage to vetoes from lone capitals. Where national foot-dragging denies benefits to citizens elsewhere, European law should offer an alternate path to deliver those benefits. This is about fairness and security. The fragmented status quo leaves households overpaying for energy, students facing unequal digital access and entrepreneurs boxed into tiny domestic markets. It also weakens Europe geopolitically: Fragmented energy systems increase vulnerability to hostile suppliers; disjointed capital markets amplify financial shocks; and splintered telecoms and digital rules hamper our ability to control critical infrastructure and data flows. Deadlines force choices and sharpen political will — without them, the default remains delay. Europe’s leaders thus need to set a clear, nonnegotiable deadline to complete the single market in energy, telecoms, capital and knowledge by 2028. And here are the concrete steps they must take: First, they must institutionalize the fifth freedom — the free circulation of knowledge and innovation — by removing regulatory barriers to research collaboration, data exchange, university partnerships and mobility for knowledge workers. Next, they need to adopt EU-wide rules where national governments block progress. Activating the 28th-regime concept will allow willing member countries and their citizens to benefit, even if one or two vetoers refuse to move. Then, break energy silos by fast-tracking cross-border interconnectors, harmonizing grid and wholesale market rules, and prioritizing joint procurement to prevent costly duplication. Also, unify telecoms by eliminating burdensome national licensing, promoting Pan-European operators, and creating a regulatory environment that rewards competition and coverage. Europe’s leaders thus need to set a clear, nonnegotiable deadline to complete the single market in energy, telecoms, capital and knowledge by 2028. | Thierry Monasse/Getty Images Finally, complete the capital markets union through the Savings and Investments Union, linking finance to the real economy and fostering investments in the common goods that Europe needs, such as innovation and digital, security, and the fight against climate change. Completing the single market must also go hand in hand with security and resilience. If Europe is to spend billions on defense, those investments must translate to more than trophies for national procurement agencies. We need a single market for defense, with interoperable equipment, joint procurement, shared standards and industrial cooperation. Defense purchases need to build common capabilities — not 27 bespoke systems that can’t communicate with each other. Societal resilience matters too. Authoritarian and malign actors weaponize disinformation, exploit social divisions and erode trust in institutions. Fighting disinformation is as much about strengthening communities as it is about policing platforms, and Europe must invest in civic resilience. We must also be clear-eyed about enlargement. Ukraine’s and Moldova’s resilience have shown democratic determination in the face of Russian aggression, and their efforts should inspire concrete progress. Former European Commission President Jacques Delors called enlargement “our duty” — and he was right. Widening the single market to include the Western Balkans, Ukraine and Moldova, while rigorously enforcing rule of law and democratic standards, is not charity. It’s a strategic investment in Europe’s security and prosperity. Europe now faces a stark choice: Inertia on the one hand, meaning fragmented markets, stranded talent, fragile societies and rising illiberalism; or integration on the other — a single market that lowers costs, boosts competitiveness, enhances security and renews citizens’ trust. The 2028 deadline shouldn’t be seen as a slogan. It’s a contract with Europeans who want results, not reassurances. And leaders must treat it as such. Delors said Europe needs a soul. Today, it needs delivery. Let’s strengthen our defenses and societies, meet our duty to our neighbors and finish the job. Let’s do it by 2028.

A corporate lawyer who has worked for Big Tech played a key role in picking a former lobbyist for Facebook and WhatsApp as one of Europe’s most powerful privacy regulators. Niamh Sweeney will take up her role as one of three chief regulators at Ireland’s powerful Data Protection Commission (DPC) next week. Her previous experience as a lobbyist for Facebook and WhatsApp has reignited concerns that Ireland’s top data regulator is too close to Big Tech. Now, new details about her appointment process seen by POLITICO show that a lawyer representing tech giants at a prominent law firm in Ireland was a member of a small panel that picked Sweeney. The inclusion of that lawyer on the panel triggered a conflict of interest complaint by a candidate that competed with her for the job earlier this year. The Irish Data Protection Commissioner enforces Europe’s mighty General Data Protection Regulation (GDPR) on many of the world’s largest technology companies, including Meta, X, Google, TikTok and others that have their European headquarters in Ireland. For years, the Irish authority has faced criticism for being too soft on tech giants, with critics pointing to Ireland’s heavy reliance on Big Tech for its domestic economy. After the GDPR took effect in 2018, it took years before the DPC started imposing sizable fines on tech giants. Commissioners at the Irish DPC are appointed by the Irish government on the advice of the Public Appointments Service, the authority that provides recruitment services for public jobs. The authority is known as publicjobs. In a confidential letter dated May 14 and seen by POLITICO, publicjobs said it had assembled a selection panel of five people to pick the newest privacy chief. According to the letter, that panel included consultant Shirley Kavanagh as chair, Department of Justice Deputy Secretary Doncha O’Sullivan, the head of Ireland’s ComReg communications watchdog Garrett Blaney, publicjobs recruitment specialist Louise McEntee, and Leo Moore, a partner at law firm William Fry. Moore heads the firm’s technology group. He has advised domestic and multinational companies, including “several ‘Big Tech’ and social media companies,” the law firm’s own website states. The law firm advised Microsoft in a landmark court case where U.S. authorities wanted to access data on Irish servers, it said in a 2016 press release. Irish media also reported that the firm had advised the Irish government in a case in which the government pushed back on collecting almost €14 billion in back taxes from Apple. Moore did not respond to POLITICO’s requests for comment. William Fry did not provide a comment in time for publication. The Irish Data Protection Commissioner enforces Europe’s mighty General Data Protection Regulation (GDPR) on many of the world’s largest technology companies, including Meta, X, Google, TikTok and others that have their European headquarters in Ireland. | Artur Widak/NurPhoto via Getty Images The chair of the panel, Kavanagh, has previously worked in senior leadership roles in the pharma, financial services, retail and public sectors, including with Inizio, Axa, Primark and Ireland’s central bank, she stated on her website. The site said she has also worked with “technology companies” as a “coach and senior team facilitator.” Kavanagh declined POLITICO’s request for comment, directing questions to the publicjobs service and the Irish justice department. REVOLVING DOOR COMPLAINT Sweeney is set to take office Oct. 13 alongside co-Commissioners Des Hogan and Dale Sunderland. The DPC switched to having three top commissioners after former Data Protection Commissioner Helen Dixon (who carried out the role alone) left office in 2024. Sweeney worked as Facebook’s head of public policy in Ireland from 2015-2019, then as EMEA director of public policy for WhatsApp until 2021, followed by a year working as head of communications for financial technology firm Stripe. She was a director at lobby firm Milltown Partners until this summer, her LinkedIn page showed. Sweeney’s appointment as co-commissioner raised concerns among privacy activists when it was announced in September. Austrian privacy group Noyb described it as Ireland’s “kissing US Big Tech’s backside” and said it left companies like Meta to regulate themselves. A candidate competing with Sweeney for the commissioner role submitted a complaint about the process in April, publicjobs’ May letter seen by POLITICO showed. The complainant’s name was redacted from the documents. The complainant questioned the inclusion of tech lawyer Moore on the panel that selected the former Meta official. They alleged that Moore had a conflict of interest given his role “as a corporate lawyer who represents clients whose business practices are regulated by the very agency this role oversees,” according to the letter, which responded to the complaint. Publicjobs in the letter defended the independence and expertise of the board that it had assembled and said it was “assured that Mr Moore’s professional role was not considered to conflict with his role on the Board.” The complainant also argued that no member of the panel had enough technological expertise to make a fair assessment of applications.   In the letter, publicjobs highlighted the “extensive” expertise of Moore in data protection and cybersecurity. GOVERNMENT STANDS BY APPOINTMENT Publicjobs said in the letter that it found “no evidence that the Board convened was inappropriate, or incapable of assessing candidates against the key requirements of the role in question.”  In a written comment to POLITICO, a spokesperson for publicjobs said the authority has “full confidence in the composition, independence, expertise and qualifications of the chosen Assessment Board” to recruit a third data protection commissioner, and that the complaint submitted about the competition had been “fully addressed” by the service’s review process.     A corporate lawyer who has worked for Big Tech played a key role in picking a former lobbyist for Facebook and WhatsApp as one of Europe’s most powerful privacy regulators. | Samuel Boivin/Getty Images They said publicjobs works to ensure assessment boards for senior roles are “balanced, diverse and not conflicted, with all panelists required to complete a confidentiality agreement and a conflict-of-interest form.” Boards at this level are approved by the service’s Chief Executive Margaret McCabe and Head of Recruitment Talent Strategy Michelle Noone, the spokesperson added. A spokesperson for Ireland’s Department of Justice, Home Affairs and Migration told POLITICO the ministry is “fully satisfied with the appointment process.” The Irish Data Protection Commission declined to comment, saying it was not involved in the appointment process. Blaney declined to comment, directing POLITICO to publicjobs and Ireland’s justice department. McEntee did not immediately respond to a request for comment.

Microsoft has cut off services it was supplying to Israel’s Defense Ministry, after finding that they were being used for mass surveillance of Palestinians. In August, The Guardian reported that the Israeli military is conducting mass surveillance of Palestinians, by gathering troves of phone call data from civilians in Gaza and the West Bank, and storing it on Microsoft servers in Europe. In a blog post Thursday, Microsoft President Brad Smith said that an internal review has “found evidence that supports elements of The Guardian’s reporting,” including details relating to Israel’s use of Azure storage in the Netherlands and use of AI services. Smith said that Microsoft’s terms of service prohibit the use of its tech for mass surveillance of civilians. He said the company has therefore ceased and disabled certain subscriptions and services it was supplying to Israel’s Defense Ministry, including their use of specific cloud storage, and AI services and technologies. The Guardian investigation said the storage of Palestinians’ phone records on Microsoft’s Azure cloud platform had facilitated deadly airstrikes and shaped military operations in Gaza and the West Bank. After a previous internal review in May, Microsoft said there was “no evidence” that its technologies have been used to target or harm people during the conflict in Gaza. On Thursday, Smith noted that Microsoft has a policy of respecting customer privacy, and that the company does “not access our customers’ content in this type of investigation.” He expressed “appreciation” for The Guardian report which revealed information that couldn’t be accessed in light of those “customer privacy commitments.” Microsoft said the decision will not impact its work protecting the cybersecurity of Israel and other countries in the Middle East, including under the Abraham Accords. Privacy advocates have been ratcheting up pressure on the EU in recent months to reconsider its data-sharing relationship with Israel, partially over concerns about its surveillance activities. The European Commission renewed an adequacy decision for Israel last year, meaning that the EU executive deems Israel’s privacy safeguards to be on par with the EU’s General Data Protection Regulation.