Further Reading: Cross-Border Data Flows and Digital Sovereignty

The sources below provide deeper engagement with the themes introduced in Chapter 23. They cover the legal, political, technical, and geopolitical dimensions of cross-border data governance.

The Schrems Decisions and Transatlantic Data Transfers

Court of Justice of the European Union. Data Protection Commissioner v. Facebook Ireland Ltd and Maximillian Schrems. Case C-311/18. July 16, 2020. The full text of the Schrems II decision, essential reading for anyone working on cross-border data transfers. The judgment's analysis of US surveillance law, its articulation of the essential equivalence standard, and its imposition of transfer impact assessment obligations are the foundation of current EU transfer policy.

Schwartz, Paul M. "The EU-US Privacy Collision: A Turn to Institutions and Procedures." Harvard Law Review 126, no. 7 (2013): 1966–2009. Written between Schrems I and Schrems II, this article provides the best academic analysis of the structural incompatibility between EU data protection law and US surveillance law. Schwartz argues that the conflict cannot be resolved through substantive harmonization (the systems are too different) but may be addressable through institutional mechanisms — a prediction partially borne out by the Data Privacy Framework's Data Protection Review Court.

European Data Protection Board. "Recommendations 01/2020 on measures that supplement transfer tools to ensure compliance with the EU level of protection of personal data." Adopted November 10, 2020. The EDPB's official guidance on conducting transfer impact assessments and implementing supplementary measures post-Schrems II. This document translates the CJEU's judgment into practical compliance guidance, including a step-by-step assessment methodology and examples of effective and ineffective supplementary measures.

Data Localization and Digital Sovereignty

Chander, Anupam, and Uyen P. Le. "Data Nationalism." Emory Law Journal 64, no. 3 (2015): 677–739. A critical analysis of data localization requirements, arguing that they often serve protectionist rather than privacy-protective purposes. Chander and Le examine localization mandates across multiple countries and assess their economic costs, privacy benefits, and geopolitical motivations. Essential reading for the chapter's analysis of why localization is not a neutral governance tool.

Aaronson, Susan Ariel, and Patrick Leblond. "Another Digital Divide: The Rise of Data Realms and Its Implications for the WTO." Journal of International Economic Law 21, no. 2 (2018): 245–272. An analysis of how data localization and digital sovereignty assertions are fragmenting the global digital economy into competing "data realms" organized around the US, EU, and China. The authors examine the implications for international trade, the WTO, and the future of digital globalization.

Couture, Stephane, and Sophie Toupin. "What Does the Notion of 'Sovereignty' Mean When Referring to the Digital?" New Media & Society 21, no. 10 (2019): 2221–2240. A conceptual analysis of what "digital sovereignty" actually means — distinguishing between state sovereignty (government control over digital infrastructure), popular sovereignty (citizens' collective self-determination in the digital domain), and indigenous data sovereignty (indigenous peoples' rights over data about their communities). Provides the theoretical vocabulary for evaluating sovereignty claims in the chapter.

The CLOUD Act and Government Access

Daskal, Jennifer. "Law Enforcement Access to Data Across Borders: The Evolving Security and Rights Issues." Journal of National Security Law & Policy 8, no. 3 (2016): 473–530. A pre-CLOUD Act analysis of the jurisdictional challenges that the Act was designed to address, including the Microsoft Ireland case. Daskal examines the competing interests — law enforcement access, individual privacy, national sovereignty — and evaluates potential solutions. Essential background for understanding why the CLOUD Act was enacted and what problems it creates.

Swire, Peter, and Justin D. Hemmings. "Mutual Legal Assistance in an Era of Globalized Communications: The Analogy to the Visa Waiver Program." NYU Annual Survey of American Law 71, no. 4 (2017): 687–750. An analysis of the mutual legal assistance treaty (MLAT) system and its inadequacy for modern cross-border law enforcement data requests. The authors propose reforms that would streamline government-to-government data sharing while maintaining judicial oversight — an approach the CLOUD Act partially adopted through its executive agreement mechanism.

Woods, Andrew Keane. "Against Data Exceptionalism." Stanford Law Review 68 (2016): 729–789. Woods argues that the legal rules governing government access to data stored abroad should follow the same principles as government access to physical evidence abroad — challenging the assumption that data's intangibility requires fundamentally different legal treatment. A provocative counterpoint to the data exceptionalism that underlies much of the current debate.

The Global Internet and Fragmentation

Drake, William J., Vinton G. Cerf, and Wolfgang Kleinwachter. "Internet Fragmentation: An Overview." Future of the Internet Initiative White Paper. World Economic Forum, January 2016. A comprehensive overview of internet fragmentation — technical, governmental, and commercial — from three of the most prominent figures in internet governance. The paper identifies the forces driving fragmentation and assesses their implications for the global internet's architecture, governance, and utility.

Soldatov, Andrei, and Irina Borogan. The Red Web: The Kremlin's Wars on the Internet. New York: PublicAffairs, 2015. An investigative account of the Russian government's relationship with the internet — from its earliest days through the development of SORM surveillance systems to modern internet control mechanisms. Provides essential context for the Russia case study and for understanding how data governance can be co-opted for authoritarian purposes.

Mueller, Milton L. Will the Internet Fragment? Sovereignty, Globalization, and Cyberspace. Cambridge: Polity Press, 2017. Mueller argues that while sovereignty pressures are real, the economic and technical logic of a unified global internet is powerful enough to resist full fragmentation — though a "bordered" internet with varying degrees of national control is increasingly likely. A nuanced analysis that avoids both techno-utopian and dystopian extremes.

European Digital Sovereignty

Bradford, Anu. Digital Empires: The Global Battle to Regulate Technology. New York: Oxford University Press, 2023. Bradford (author of The Brussels Effect) examines how the US, EU, and China are competing to shape the rules of the digital economy. Her analysis of the EU's regulatory approach — including the GDPR, AI Act, Digital Services Act, and Digital Markets Act — provides the broader context for the EU's digital sovereignty ambitions discussed in this chapter.

Bendiek, Annegret, and Magnus Ronn. "European Digital Sovereignty: A Coherent Concept for a Fragmented Policy Landscape." German Institute for International and Security Affairs (SWP), December 2022. An analysis of what European digital sovereignty means in practice — beyond the rhetoric. The authors map the EU's sovereignty initiatives (Gaia-X, European Chips Act, data spaces) and assess whether they form a coherent strategy or a fragmented collection of disparate policies.

European Commission. "A European Strategy for Data." COM(2020) 66 final. Brussels, February 2020. The Commission's vision for a European data economy — including common European data spaces, cloud sovereignty initiatives, and data governance frameworks. Provides the policy context for the EU's digital sovereignty ambitions and the tension between data sharing for economic growth and data protection for individual rights.

These readings extend the chapter's coverage from legal mechanisms to geopolitical strategy. As the textbook continues with sector-specific governance (Chapter 24) and enforcement (Chapter 25), the cross-border dimensions examined here will intersect with every governance domain — from health data crossing borders for clinical trials to financial data flowing through global payment networks.