Your WhatsApp group chat, your Gmail inbox, and the files you park in the cloud can feel like digital plumbing. You barely notice them until something breaks, or until you wonder who can legally demand access to what you stored.
Dutch tech commentator Ben van der Burg is pushing that question into everyday life, urging Europeans to move away from U.S.-owned platforms like WhatsApp and Gmail and toward European alternatives.
His argument is not just about privacy settings, but about jurisdiction, especially as governments and defense planners talk more about “strategic autonomy.”
From personal privacy to strategic autonomy
Van der Burg is not a typical security scold. He is a former elite speed skater who later became a technology analyst and a commercial director at the Dutch digital agency Triple.
That concern is no longer limited to niche circles. In January 2026, the European Parliament said the EU relies on non-EU countries for “over 80%” of digital products, services, infrastructure, and intellectual property.
The defense world is making the same point in its own language. The European Commission’s Directorate-General for Defence Industry and Space says GOVSATCOM is now operational, and Reuters recently reported that OVHcloud is setting up a defense unit to serve European militaries seeking more independence from non-European vendors.
The legal friction behind the headline
The U.S. CLOUD Act became law in March 2018. It clarified that U.S. authorities can compel certain U.S. service providers to produce data even when that data is stored outside the United States, using established legal processes.
Europe’s GDPR takes a different approach when foreign authorities come knocking. Article 48 says third-country court orders and administrative decisions demanding personal data transfers are only enforceable in the EU if they rest on an international agreement, and the European Data Protection Board has published guidance on how organizations should respond.
There is also an attempt at détente through the EU-U.S. Data Privacy Framework. The European Commission adopted an adequacy decision in July 2023, but it still leaves organizations doing risk assessment for sensitive workloads and high-value communications.
Email is where identity and risk collide
Email is not just messages. For most people, it is the master key to banking logins, password resets, and workplace access, which is why Van der Burg points to European providers such as Proton Mail and Tuta, previously known as Tutanota.
Both services lean hard on encryption. Proton highlights that it runs key infrastructure in Switzerland, including a data center housed in a former Swiss military bunker, while Tuta says it encrypts emails end to end and also encrypts subject lines and contacts.
Gmail’s privacy story is more nuanced than many people realize. Google announced in 2017 it would stop scanning consumer Gmail inbox content for ad personalization, but using Gmail still links your email identity to a broader Google account ecosystem.
Messaging is not just about encryption
WhatsApp emphasizes that personal messages and calls are protected with end-to-end encryption by default. That helps keep the content of a chat from being read by outsiders in transit.
But the surrounding data still matters. WhatsApp says it shares certain information with other Meta companies, and it can still generate valuable metadata, such as who contacted whom and when, even if the content remains locked.
That is where tools like Switzerland-based Threema fit into this argument. Threema says users can communicate without providing a phone number or email address, relying instead on a randomly generated Threema ID.
Storage and search are quieter leak points
For companies, the biggest exposure often sits in shared folders, contracts, engineering files, and customer records. Nextcloud, an open-source platform rooted in Germany, pitches itself as a self-hosted collaboration layer where an organization can keep data on its own infrastructure or with a chosen provider.
Search is also a daily privacy trade. Ecosia says it uses its profits for climate action and publishes financial reports, while also stating it partners with Microsoft Bing and Google to deliver search results.
If you want Google-grade results without handing Google your identity directly, Startpage sells the middleman idea. Startpage says it sends queries to Google in a way designed to reduce identifying data and can open results through its Anonymous View proxy.
Hardware and procurement are catching up
Van der Burg also points to Fairphone, a Dutch company that designs modular devices meant to be repaired rather than replaced at the first cracked screen. It is a reminder that “secure by design” sometimes starts with simple things, like being able to swap a battery instead of buying a whole new phone.
Organizations are starting to use procurement to make these choices normal. Radboud University in Nijmegen said in January 2026 that it selected Fairphone as its standard smartphone for employees, and recent reporting says France plans to move government desktops from Windows to Linux with migration plans due by autumn 2026.
The real tradeoff is convenience and cost
Van der Burg does not pretend the switch is painless. He argues that European services can be less frictionless, and that paying cash for tools that Big Tech subsidizes with data is part of the deal.
In practical terms, a smart migration is incremental. Start with one high-impact swap, such as moving work email to an encrypted provider or shifting sensitive files to a controlled Nextcloud instance, then document what breaks and fix it before the next change. At the end of the day, “digital sovereignty” is not a slogan if it changes what people actually deploy.
The official statement was published by the European Commission.
