Bernard Benhamou was the keynote speaker at “The importance of safeguarding your data”, an event organised by LuxTrust, DEEP by POST Group, and Thales, and held on 14 November 2024 at the new headquarters of POST Luxembourg. Addressing the audience from a European perspective, he painted a stark picture of the challenges surrounding data security and proposed strategies for improving protection.

Data security as a political issue

Bernard Benhamou argues that with the advent of artificial intelligence (AI) and quantum computing—technologies expected to become widespread in the coming years—the challenges to data security will only intensify. He advocates for the concept of digital sovereignty, a paradigm shift that frames data security not merely as a technical challenge, but as a political one. "Security and protection are essential, but we also need to develop an industrial policy," he emphasised.

While popular culture, especially science fiction, has long speculated that AI might one day decide who lives and who dies, such concerns are no longer purely hypothetical. Benhamou insists that AI policies inherently carry cultural values. For example, AI in autonomous vehicles must be programmed to prioritise human life, but the ethical choices in such algorithms can vary. In Europe, there is a consensus that the life of a child should be prioritised, whereas in some other countries, the elderly may be prioritised instead.

A broader perspective on data protection

Benhamou stresses the need to broaden our understanding of data security threats. Cyberattacks, for instance, are no longer limited to financial theft or the theft of military secrets. Increasingly, hackers—often in coordination with state actors—are seeking massive amounts of data to train AI models. This data mining poses a significant threat to privacy and sovereignty.

Another concern for data protection in Europe is the extraterritorial reach of law enforcement agencies, particularly those in non-EU countries. Benhamou highlights the example of major American platforms, which have confirmed that, under the U.S. Foreign Intelligence Surveillance Act (FISA), they are compelled to hand over data when requested by the U.S. National Security Agency. Such practices undermine European digital sovereignty and create vulnerabilities in the protection of personal data.

AI-driven microtargeting, often employed in foreign disinformation campaigns, represents another emerging threat. These campaigns can manipulate public opinion, influence policy decisions, and undermine democratic processes. For example, Facebook deactivates billions of fake accounts each year, many of which are involved in orchestrating these campaigns. In fact, certain companies now offer disinformation services, helping political candidates for a fee to manipulate public perception.

How data is being used

Benhamou draws on Shoshana Zuboff’s 2018 book "The Age of Surveillance Capitalism" to illustrate the growing surveillance economy. "You don’t search Google; Google searches you," he quotes, emphasising how companies collect and analyse data from online behaviours to derive insights about individuals. This pervasive tracking, though some tech giants have recently allowed users to opt out of certain features, remains a significant privacy concern. However, Benhamou insists that individual action is not enough; political action is essential to address privacy issues on a broader scale.

Technology as a political actor

AI is not only a tool but has increasingly become a political actor in its own right. Quoting Kate Crawford and echoing Clausewitz, Benhamou argues that "AI is politics by other means." According to Yuval Harari, AI may even "hijack the cultural path of humanity," taking over the creation of religion, culture, and art.

Benhamou also highlights the potential for AI to enable mass surveillance and social credit systems, citing the example of China’s automated system of rewarding good behaviour and penalising bad behaviour. "We do not want this in Europe, and that is why we need robust laws regulating AI," Benhamou states.

The need for a unifying law to ensure sovereignty

Looking ahead, Benhamou speculates that the incoming U.S. presidential administration may adopt a more lenient stance toward Big Tech, potentially ignoring privacy and regulatory concerns. While Europe has enacted several laws to protect data security, such as the Digital Services Act (DSA), Digital Markets Act (DMA), and Data Governance Act (DGA) and the Artificial Intelligence Act (AIA) Benhamou argues that more is needed. He calls for a unifying legal framework: "We need to move from the concept of privacy by design to ethics by design. We have been too cautious, and we need to change that, reconnecting industrial policy with regulatory policy."

Finally, Benhamou stresses the need for Europe to achieve digital independence. Currently, 80 percent of digital technology in Europe is imported, and only four of the top 50 tech companies are European. To ensure the EU remains sovereign and competitive, he points to the Draghi Report, which proposes that five percent of European GDP be directed toward technology development. Without such investments, he warns, Europe risks becoming a technological colony of other continents and a footnote in industrial history.

Discover the other key takeaways shared during the event here and here.