U.S. President Donald Trump displays a signed executive order as U.S. Sen. Ted Cruz, Commerce Secretary Howard Lutnick and White House AI and crypto czar David Sacks look on in the Oval Office of the White House in December, 2025.Alex Wong/Getty Images
Vass Bednar is the managing director of the Canadian Shield Institute and co-author of The Big Fix.
Last month, an internal diplomatic cable signed by U.S. Secretary of State Marco Rubio, reportedly circulated to American diplomats worldwide, ordered them to resist attempts to regulate U.S. tech companies’ handling of foreigners’ data.
The leaked memo was revealed at a time when some countries are trying to push back on how Silicon Valley firms process and store their citizens’ personal information – initiatives often described as “data sovereignty.”
The note argued that new data sovereignty laws would “threaten the advancement of AI services and technology.”
In other words, when countries attempt to govern their own data, Washington sees a problem.
The Trump administration appears willing to thwart other countries’ ability to regulate their own digital economies in order to protect an extractive business model: surveillance.
Opinion: AI is practising medicine without a licence
The sovereignty question for this generation’s reckoning with strategic autonomy is fundamentally tied to the invisible economy of information. As it stands, existing U.S. legislation allows American authorities to reach Canadian-held data through U.S.-controlled platforms in ways that would be unconstitutional if conducted by Canadian authorities domestically. We’re already digital serfs, and it sucks.
One key way to improve data governance is through strong privacy standards, and Canada is anticipating a long-overdue update to federal privacy law.
Privacy law is more than consumer protection. In the digital economy, it is also industrial policy.
Now, it’s table stakes in contemporary geopolitics. We should anticipate that these forthcoming efforts to set new boundaries for data and information will be antagonized by Americans. That should not deter Canada from standing up for the market governance we need, even if privacy legislation alone cannot eliminate extraterritorial access risks.
The broader context is that surveillance itself has changed. We’ve gone from state-on-state “targeted” spying to something more ambient; an always-on data collection embedded in everyday commerce. Simple software that we trust for corresponding or socializing leverages our information to train AI products that, in turn, reinforce the dominance of the same firms collecting the data.
These consequences are already materializing.
OpenAI has shown it cannot be trusted. Canada needs nationalized, public AI
Meta sold seven million pairs of their camera-based Ray-Ban glasses last year. It has since been reported that those glasses generate training data that flow through human eyes located in Kenya. These workers told Swedish journalists that they see people undressing, using bathrooms, having sex and accidentally filming bank card details. One worker said, “We see everything, from living rooms to naked bodies.” We don’t have reliable recourse for this kind of voyeurism.
When people realize that excessive information is being collected, they tend to reject it. Public anxieties often focus on foreign threats – such as fears that Chinese electric vehicles might collect sensitive data. But research from the Mozilla Foundation’s Privacy Not Included series suggests modern cars are a “privacy nightmare” and the absolute worst product category they have ever tested. They found that 84 per cent of the 25 car brands they surveyed sell or share customer data acquired through sensors, microphones and connected apps.
Backlash is becoming more visible. Consider how spectacularly Ring’s recent Superbowl ad backfired after the firm attempted to rebrand surveillance as a community service (their partnership with Flock was cancelled). Or the subsequent launch of Spectre 1, a smart device to stop unwanted audio recordings – a reminder that there is a growing market for products that thwart surveillance instead of perpetuating it.
These developments all matter because of how closely the largest American technology firms have aligned with the Trump administration. In a way, these companies are now natural extensions of the diplomatic community that Mr. Rubio messaged.
When Washington pressures countries to keep data flowing, it’s also actively protecting market power; because data scale entrenches incumbents and raises barriers to domestic challengers. And many American firms boast membership at Canadian business councils, which could influence these organizations to echo Mr. Rubio’s memo during privacy debates.
Our fundamental failure to effectively protect data and information presents an opportunity to double down on data sovereignty as a strategy to strengthen our own economy. We tend to treat data as if it’s something to guard. We should reframe it as a productive asset with rules and standards that ensure its value is captured domestically instead of extracted abroad.
Controlling data is a first step toward digital sovereignty. The next question is what we do with it.
Canada should be able to run low-cost inference on Canadian-held data without paying rent to private platforms. Switzerland’s Apertus is a fully open and editable language model designed to be publicly auditable instead of privately governed. As a blueprint for sovereign AI development, it’s exactly the kind of public digital infrastructure Canada should be debating now.
We were already in a privacy nightmare before Donald Trump’s trade war, but the current context changes the stakes.
Too often dismissed as a consumer protection issue, data governance is a core condition of economic competitiveness and national security. Data sovereignty is ultimately about self-respect, and it’s way overdue (we just need to finally get the memo).