
Ever since reading about how the Trump administration ordered Microsoft to block Outlook access to certain members of the ICC, I’ve been thinking about how few protections the US has around citizen privacy and their access to our data. And I’m looking at the EU’s efforts to enact digital sovereignty, and I’m thinking it’s time for me to make similar moves.
On February 6, 2025, Microsoft allegedly blocked the Outlook email account (and associated services) for ICC prosecutor Karim Khan, reportedly due to sanctions Trump imposed after the ICC issued arrest warrants for Israeli Prime Minister Benjamin Netanyahu and former Defense Minister Yoav Gallant over alleged war crimes in Gaza. Microsoft president Brad Smith disputed the “blocked” framing, telling reporters the company never stopped or suspended services to the ICC — he described it instead as a “disconnection” of Khan’s individual account, with Microsoft staying in contact with the ICC to keep other services running. Whatever you call it, Khan was locked out and had to switch to Proton Mail. Trump was upset because the ICC was investigating people he wanted protected. The CLOUD Act gives the US government the right to compel handing over the personal data of anyone it desires, even if the data is stored outside the US. The Trump administration will tell you not to worry, to trust them that they’re only going after the bad guys. Do you believe that? Given how they’ve been treating people exercising their constitutionally protected rights to free speech, and how they’re trying to declare people who support trans rights as terrorists, I don’t trust them one bit.
The EU has a comprehensive data protection framework primarily through the General Data Protection Regulation (GDPR), which emphasizes strict consent, transparency, and accountability, imposing heavy fines for violations. The GDPR mandates that anyone storing data on an EU resident must come with a minimal amount of guarantees. The EU issues certifications for those who do. It should not be a surprise to learn that the US does not meet the EU’s requirements. For some time, there was an agreement between the EU and the US called “Safe Harbor,” but when it was shown that intelligence agencies routinely ignored the provisions when spying on EU residents communicating with US residents, that agreement was challenged in court and was overturned. They tried again with something called Privacy Shield, but that too was struck down in the courts. There is another agreement, the EU US Data Privacy Framework, but the recent Supreme Court ruling in Trump v. Slaughter likely means that the FTC, the current guarantor for privacy in the framework, is no longer independent, violating one of the terms of the framework. Maximilian Schrems, the man who successfully sued to strike down the previous two agreements, has indicated he plans to sue over the current one.
The EU has started urging member nations to look into digital sovereignty, to move away from software products and services that are offered by companies headquartered in the US as a way to protect its residents from the vagaries of administrations like the Trump one. Honestly, this sounds like a very good idea, and as my husband and I are working on our move to Spain, it has me contemplating how we could make a similar move.
I’m currently not looking to move away from the Apple ecosystem. At the moment, we are too tied to the ecosystem, and there aren’t many alternatives, none of which interoperate as smoothly as the Apple ones do. But I recognize that as a US company, Apple is subject to the CLOUD Act just like Microsoft is. I am much more comfortable with Apple’s privacy policies and practices than I am with Microsoft or Google (and I can vouch for how privacy is a core value that is discussed with the design of each service and product, having worked there for sixteen years). I think we’ll eventually look at other options, but we’re not ready to make that step yet.
The first step is disassociating ourselves from companies like Microsoft and Google. Microsoft is easy. Neither of us uses Outlook or Teams, and there are plenty of Office replacements in the open-source environment. While Apple’s office products are pretty good, and do a reasonable job at being able to handle Office’s file formats, they’re not awesome. I’m personally looking at OnlyOffice, the Office replacement that forms the basis of EuroOffice, but I’ll probably finalize on LibreOffice, since I much prefer that UI (I hate the “Ribbon” interface that has taken over the various Microsoft Office products). So ditching Microsoft should be simple. Ditching Google is more difficult. So many people depend on Google services like Meet, Drive, and Classroom, and if I’m interacting with them, I need a Google account. Ditching my Google account would also mean losing a lot of the customization features of YouTube. And I haven’t found a good replacement for the Google Flights website. The fact that Google is subject to the CLOUD Act is bad enough, but Google’s focus on packaging and selling user data to advertisers is just beyond the pale. I definitely want to divorce myself from them; I’m just not entirely sure how.
Beyond that, I’m looking at things like moving my web hosting to a company based in the EU and subject to the GDPR. My current hosting provider is Nearly Free Speech .Net, which has been a great service. But they’re based in the US. I’m currently looking at Hetzner. Obviously we’ll be getting phone and cable service from a local Spanish provider, but we’ll maintain a bare minimum plan in the US, probably with Tello, so we can still get 2FA texts. I’m not sure what else I’ll need to do to minimize my use of US-based digital services.
I personally feel that everyone in the US should be looking at the powers retained by the US government and how they intersect with your digital privacy rights. If what the US is allowed to do concerns you, I urge you to take action to protect yourselves as much as you can, especially if you are anything other than a straight, white, heterosexual, cisgender, Christian male. There are plenty of signs that the Trump administration is coming after us. We should all give them the smallest target possible.
Leave a Reply
You must be logged in to post a comment.