• How the squeeze works
• What Rubio’s cable actually says
• What’s happening inside the US
• Why these are the same thing
• This has happened before
• What this means for actual people
• Why nobody sees the full picture
• What to watch for
  • Sources

On February 18, 2026, Secretary of State Marco Rubio signed an internal cable ordering every American diplomat in the world to fight foreign data sovereignty laws. The cable described data localization measures as threats to artificial intelligence services, global data flows, and, in a phrase that would have seemed satirical five years ago, civil liberties.

Seven days later, the Trump administration moved to hand intelligence agencies access to a law enforcement database containing 770 million records on American citizens.

These are not contradictory moves. They are two sides of the same mechanism.

§How the squeeze works

In one direction, American diplomats pressure foreign governments to eliminate data protection laws. In the other direction, American intelligence agencies absorb domestic law enforcement databases that were previously walled off by decades of privacy restrictions.

The result is a system where data flows freely into American government hands from every direction, while the legal protections that other countries built to prevent exactly this are dismantled as trade barriers.

I’m calling it the Sovereignty Squeeze. Most people experiencing it can’t see the full shape, because the two halves look like separate policy decisions made by separate agencies for separate reasons.

§What Rubio’s cable actually says

The cable, reported by Reuters on February 25, instructs US diplomats to “regularly engage” with foreign governments to “counter” data sovereignty initiatives. It targets data localization requirements, the laws that require companies to store citizens’ data within a country’s borders.

The framing tells you everything. The cable describes these laws not as privacy protections, which is how the countries that wrote them would describe them, but as threats to AI development and civil liberties. A country requiring that its citizens’ medical records stay within its borders is somehow threatening the civil liberties of those citizens.

This isn’t a new American position. But the bluntness is new. Previous administrations used trade negotiations and gentle diplomatic pressure. The Trump administration has moved to active confrontation.

In December 2025, the State Department sanctioned former European Commissioner Thierry Breton, the man who helped write the EU’s Digital Services Act, along with other European officials. They were accused of censorship. The European Parliament formally objected, filing a parliamentary question about what it called a “US government lobbying campaign to eliminate the Digital Services Act.”

The target list runs from the EU’s General Data Protection Regulation to India’s Digital Personal Data Protection Act to Brazil’s LGPD. The message going out through American embassies worldwide: any law requiring data to stay within a country’s borders is an obstacle to be removed.

§What’s happening inside the US

While diplomats work to tear down data borders abroad, something related is happening at home.

ProPublica reported on February 25 that the Trump administration is loosening restrictions on intelligence agencies’ access to a database called Compass. It’s the only central, searchable repository of drug trafficking and organized crime case files in the federal government. It contains 770 million records contributed by more than 20 law enforcement agencies, including the FBI and DEA. Until now, the records were only accessible under elaborate rules agreed to by the agencies that shared their information.

The National Counterterrorism Center, under its new director Joe Kent, has been pushing to manage Compass directly. Kent is a former CIA paramilitary officer who served as chief of staff to Director of National Intelligence Tulsi Gabbard before taking the NCTC role. According to ProPublica, government officials said the changes could give intelligence agencies access to everything from FBI case files and banking records to criminal investigations of labor unions. Records that touch on the activities of law-abiding Americans.

The FBI and DEA have strongly opposed this. Their argument: it makes no sense for an intelligence agency to manage sensitive information that comes almost entirely from law enforcement. The concern is simple. A database built to track drug cartels becomes a database that tracks anyone the intelligence community finds interesting.

§Why these are the same thing

The Sovereignty Squeeze works because each half provides cover for the other.

Abroad, the justification is economic freedom. Data localization laws really do increase costs for American companies. Fortune Global 500 companies spent $7.8 billion preparing for GDPR compliance. The EU has levied over 4.5 billion euros in GDPR fines, including a 1.2 billion euro penalty against Meta. When India requires payment data to stay within Indian borders, American fintech companies have to build local infrastructure. Real money. Real friction.

At home, the justification is national security. Intelligence agencies need access to law enforcement databases to connect dots on terrorism and drug trafficking. The 9/11 Commission identified the “wall” between intelligence and law enforcement as a failure. Tearing down that wall sounds like common sense.

But combine them and the picture shifts. American companies get access to data held in other countries because data sovereignty laws have been weakened. American intelligence agencies get access to data held by law enforcement because internal walls have been torn down. Data flows toward Washington in both cases. The only borders being dismantled are the ones that restrict American government access.

§This has happened before

The pattern repeats.

In 2013, after the Snowden revelations showed the NSA was accessing European citizens’ data through American tech companies, the EU invalidated the Safe Harbor agreement that governed US-EU data transfers. The US negotiated a replacement called Privacy Shield. In 2020, the EU’s highest court struck that down too, finding American surveillance laws incompatible with European privacy protections.

So the US negotiated yet another replacement, the EU-US Data Privacy Framework, adopted in 2023. Privacy advocates predicted this one would also be challenged on the same grounds: American law gives intelligence agencies too much access to data for the arrangement to satisfy European privacy standards. That challenge is coming.

Meanwhile, the CLOUD Act of 2018 gave US law enforcement the power to compel American tech companies to turn over data stored anywhere in the world, regardless of local laws. When the Irish government tried to protect data stored on Microsoft servers in Ireland, Congress legislated that the data’s physical location was irrelevant.

Each time a foreign government builds a privacy wall, the US builds a legal ladder over it.

§What this means for actual people

Consider what the squeeze looks like from Berlin. A woman there has her personal data nominally protected by the GDPR, one of the strongest privacy frameworks in the world. The GDPR says her data can’t leave the EU without adequate protections. It fined TikTok 530 million euros in May 2025 for transferring European user data to China.

But the US is simultaneously pressuring the EU to weaken the GDPR’s data localization provisions. It sanctioned the officials who wrote the EU’s tech regulations. It threatens trade consequences for enforcement against American companies. And it uses the CLOUD Act to compel American companies to hand over European data regardless of where it’s stored.

If that woman’s data reaches the United States through any American service she uses, it enters a jurisdiction where the walls between agencies are being demolished. Data collected for one purpose flows to agencies with different purposes and different oversight structures.

Foreign protections weakened from outside. Domestic protections weakened from inside.

§Why nobody sees the full picture

Here’s the thing that makes the squeeze work. The State Department cable targeting data sovereignty is covered by trade reporters. The Compass database story is covered by national security reporters. They appear in different sections of the same newspaper, written by different journalists with different source networks.

Nobody’s beat is the shape of the whole thing.

§What to watch for

Three things will tell you whether the Sovereignty Squeeze intensifies or runs into resistance.

The EU-US Data Privacy Framework will face a legal challenge. If the European Court of Justice strikes it down, as it did Safe Harbor and Privacy Shield, the US faces a choice between reforming its surveillance laws and escalating trade pressure against Europe.

Watch what happens to Compass. If intelligence agencies get full access to 770 million law enforcement records, the precedent applies to every other database. The real question isn’t whether the NCTC should manage drug case files. It’s whether purpose limitations on government databases mean anything at all.

And watch which countries bend first. India’s DPDPA, Brazil’s LGPD, and Southeast Asian data localization proposals are all targets. You’ll see the pattern as individual countries start to buckle.

The Sovereignty Squeeze isn’t a conspiracy. It’s something harder to fight. A set of individually defensible policy decisions that combine into a system no one voted for and no one agency controls. Each decision makes sense on its own. Free trade is good. National security matters. Removing friction from data flows helps innovation.

But a world where data flows freely toward the most powerful government while every other government’s protections are treated as obstacles is not free trade. It’s an architecture of information dominance. And it’s being built right now, from both sides, in plain sight.

§Sources

• “US directs diplomats to push for open data flows, fight localization efforts,” Reuters (February 25, 2026)
• “State Department cable on data sovereignty signed by Rubio,” TechCrunch (February 25, 2026)
• “Trump administration moves to give intelligence agencies access to Compass database,” ProPublica (February 25, 2026)
• “EU sanctioned Breton and other officials over Digital Services Act,” European Parliament Question (December 2025)
• “TikTok fined 530 million euros for transferring EU user data to China,” GDPR enforcement records (May 2025)
• CLOUD Act of 2018 (H.R. 4943)
• EU-US Data Privacy Framework (adopted July 2023)
• Schrems II ruling, Court of Justice of the EU (July 2020)
• Safe Harbor invalidation, CJEU (October 2015)

Originally published at https://noahaust2.github.io/strategist-dashboard/blog/the-sovereignty-squeeze.html