Recent breakdowns in talks between the United States and the European Union on data sharing practices and the criticism of artificial intelligence (AI) misuse in facial recognition technology around the democratic world are at a geopolitical fault line. Democratic governments must align so they can innovate and keep citizens safe.

Transatlantic data flow is critical for both the U.S. and the EU. It enables the free exchange of data that underpins economic, diplomatic, social and cultural interactions between the two regions. Sharing data underpins cross-border trade and investment, as well as collaboration in all areas covering research, technology and innovation. This helps drive economic growth, creates jobs, and fosters pioneering thinking on both sides of the Atlantic. It’s also central to cybersecurity and cyber threat intelligence sharing.

To put the level of importance into a figure: The free and secure data transfer relationship between the U.S. and EU is worth over $7 trillion, according to the U.S. Chamber of Commerce’s own estimation.

This means it is a serious problem that, despite shared democratic values of open and competitive markets, human rights, fundamental freedoms and liberty, the EU and the U.S. cannot agree on data practices that will help embody and embed those same democratic values.

In pursuit of an EU-U.S. Framework

Hopes were renewed for cross-Atlantic data cooperation at the start of the year with President Biden’s executive order to implement the EU-U.S. Data Privacy Framework (DPF). The DPF will replace the Privacy Shield, which previously allowed personal data to be transferred freely from the EU to over 5,300 U.S. companies but was invalidated over security concerns, many around the issue of pervasive U.S. surveillance.

Since then, we’ve seen the latest setbacks in the powers’ efforts to cooperate on data handling. The European Parliament’s Committee on Civil Liberties, Justice and Home Affairs rejected the latest version of the proposed framework in February. It was still judged to not fully comply with the EU’s General Data Protection Regulation (GDPR), and despite some “substantial improvements,” still “concerns remain.’”

Missteps in AI and visual data handling

The challenge comes with the background of AI-centered technology coming under scrutiny on both sides of the Atlantic. Today’s news is littered with stories of the misapplication or questionable use of AI-powered surveillance technology across sectors. Two recent examples from public safety cases are particularly revealing of both widespread concern and the differences between EU and U.S. approaches.

The French National Assembly’s decision to allow the use of mass AI-powered video surveillance throughout the 2024 Olympics, which it is hosting, received wide criticism. It’s the first time the use of AI-powered surveillance has been legalized in the EU, and there are fears it will undermine the EU’s ongoing efforts to regulate AI and protect fundamental rights through the AI Act.

In the U.S., facial recognition firm Clearview AI revealed it has 30 billion images scraped from platforms such as Facebook and other social media sites, taken without their or the users' permission. U.S. police have used the organization to run nearly 1 million searches. Capturing the personally identifiable information of potentially thousands of individuals creates a huge cache of data that could be misused by threat actors. Without Federal legislation around data privacy, the onus is on the backs of individual police units to act and handle private data responsibly. This mass-scale collection of biometric information poses a data security risk.

Across the world, people, parents, citizens and human rights organizations have voiced concern. And while these examples can be seen as separate case studies, they highlight legitimate ethical, legal and privacy debates around private data handling, as well as a disparity that corroborates the EU’s concerns over U.S. surveillance practices.

Adequate regulations for transatlantic business and diplomacy

These sorts of stories must not continue to dominate our headlines. It’s essential that the major democratic powers get on the same page with data and privacy law. A fragmented regulatory landscape will bring about more confusion for companies, so they will invest less, reducing competition and innovation — and it’s in that dynamic process that our greatest strength lies.

The need is particularly urgent given our current global economic and security climate. With the proliferation of digital technologies and the rise of cyberattacks, it has become more important than ever to ensure the safety and privacy of our data.

Data sharing, security and privacy are also elements of techno-politics. There are opportunities and threats to power, profit and cyber-sovereignty in how and where the world’s data flows. Recent actions by the U.S., the EU and the UK to curb TikTok, owned by Chinese company ByteDance, highlight this and shows that stopping the capture and potential exploitation of data by authoritarian regimes is a priority.

But we cannot afford to miss the forest for the trees here. Western powers’ ability to work together to make safe data flow happen could have implications for cybersecurity, societies, innovation and enterprise for years to come. The EU-U.S. DPF offers a suitable way forward, but the EU, U.S. and other Western powers need to get on the same page — and quickly.

Simon Randall is a data privacy expert and the CEO of Pimloc, which creates video security and data privacy applications that allow private businesses and public organizations to protect and responsibly analyze sensitive and personal data.