Is US Big Tech Stealing Our Data? Colonial Patterns
Nobody picked your pocket. You signed the terms. The question is what kind of arrangement millions of such signatures add up to.
Stealing is legally the wrong word: the data flows under consent screens and terms of service. Structurally, scholars call the pattern data colonialism, raw material extracted from populations, processed abroad into the most valuable assets on earth, with the value accruing elsewhere, and Europe's courts keep finding the legal arrangements wanting. The deeper dependency is cognitive: when a region's search, memory, and now reasoning all run on foreign infrastructure, sovereignty is rented. The response that scales from individuals up: own your data where it matters, support sovereign infrastructure, and build the biological intelligence no platform holds.
Stealing is the wrong word, and in a way it is too kind: theft would at least be illegal. The data flows from European phones to American servers under consent screens, terms of service, and contracts, which is precisely what makes the arrangement durable. The sharper description comes from scholarship: data colonialism, a structure in which populations supply raw material, human life rendered as data, while the processing, the profit, and the resulting power concentrate elsewhere. The Build First Brain reading adds the layer that matters most by 2026: the extracted resource is no longer just personal information but cognition itself, search, memory, drafting, reasoning, run on rented foreign infrastructure. The response has to work at two levels, and the personal one is available immediately: own what cannot be extracted.
Why is stealing the wrong frame?
Because consent is the mechanism, not the obstacle. Every major platform operates on agreement: you clicked, the lawyers papered it, and privacy advocates have documented for years how that consent is manufactured, sprawling terms, dark patterns, take-it-or-leave-it access to social and economic life. Calling it theft misses the design; the system’s genius is that nothing is taken, everything is given, under conditions where declining means exclusion. An extraction you sign for is harder to fight than one you can prosecute, which is why the structural vocabulary earns its place.
| Frame | What it captures | What it misses | Verdict |
|---|---|---|---|
| Theft | The scale of value transfer | The consent machinery; nothing is illegal | Rhetorically loud, analytically wrong |
| Fair exchange for free services | Real utility delivered | The asymmetry of information and power | The industry’s preferred fiction |
| Data colonialism | Extraction, processing abroad, dependency | Analogy has limits; no conquest | Best available description |
What does the colonial analogy actually claim?
A repeating economic structure, not a moral slogan. Couldry and Mejias’s data colonialism framework argues that the data economy reruns colonialism’s core move: declare a resource freely available, human experience, appropriate it at scale, process it in the metropole, and sell the finished goods back to the territory that supplied the raw material. The fit is uncomfortable in the right places: the consent screens play the role treaties once did; the value asymmetry, trillions in market capitalization built substantially on behavioral data from populations who received targeted ads in return, is the part theft-talk gestures at and this framework explains. The honest limits belong in the same paragraph: no gunboats, genuine services rendered, and the analogy can anesthetize where it should sharpen. It names a structure, not a crime.
Has European law actually changed the structure?
Constrained it, not changed it, and the gap teaches. GDPR remains the strongest general privacy law in force, with real rights, access, deletion, consent, and real fines, and it has genuinely raised the cost of careless extraction. But the structural verdict keeps coming from the courts: the Schrems II ruling struck down the EU-US Privacy Shield because European data on American infrastructure cannot be insulated from American surveillance law, the second such framework invalidated, with each replacement re-papering the same dependency. Law is constraining flows on infrastructure someone else owns, which is regulation of the colony’s port, not ownership of the ships, the deeper layer mapped in the GDPR of the mind.
What changed when the exocortex moved abroad?
The resource being extracted became cognition. The first extraction era took your social graph and your clicks; the current one takes your queries, drafts, documents, and reasoning patterns, the working contents of your extended mind, and uses them to train the models your economy then rents back at the API. A region whose search, memory, and increasingly judgment all run on foreign infrastructure has outsourced its thinking layer, the dependency this site calls the global exocortex, and at national scale that is a strategic posture, not a consumer choice, the argument of cognitive sovereignty as national security. The mistake I see most often in the European debate is fighting yesterday’s extraction, cookies and ad-tracking, while signing next year’s, wholesale dependence on foreign cognition infrastructure for government, education, and industry.
What is the sovereign response, at each level?
At the collective level: enforcement with teeth, procurement that builds rather than rents, sovereign and open infrastructure for the cognitive layer, the unglamorous work of owning ships instead of regulating ports. At the personal level, available tonight: shrink the extraction surface, end-to-end encryption for what is private, local-first tools that keep primary copies under your control, services chosen with jurisdiction in mind, free treated as a price quote. And at the level underneath both: build the asset that no terms of service reaches. A trained, structured, internal mind, dense enough to think without the rented layer, is the one form of capital the extraction economy cannot appropriate, because its contents are never transmitted. Sovereignty, like its loss, compounds from the inside out.
Key takeaways: big tech, data, and the colonial pattern
The extraction is consented, legal, and structural, which makes stealing the wrong word and data colonialism the better one: raw material from the many, processing and profit to the few, dependency deepening by the year, now extended from personal data to cognition itself. European law constrains the flows without yet owning the infrastructure, as two struck-down transfer frameworks attest. Respond at every level you can reach: support the sovereign-infrastructure fight, shrink your personal surface, and build the unextractable core, the biological intelligence that is the subject of Building Your First Brain, free for the first 1,000 readers.
Frequently asked questions
Is US big tech stealing our data?
Legally, no: the data moves under consent screens and terms of service you accepted. Structurally, the arrangement deserves the harder word scholars use, data colonialism: populations supply the raw material, the processing and the profit concentrate elsewhere, and the dependency deepens with every service added. The Build First Brain response works at both levels: support sovereign infrastructure and real legal protection, and reduce your personal extraction surface by owning your memory, files, and judgment, the assets no platform can hold.
What is data colonialism?
An academic framework, developed by scholars Nick Couldry and Ulises Mejias, arguing that today’s data extraction repeats colonialism’s core move: appropriating a resource, human life rendered as data, treating it as freely available raw material, processing it in the extractor’s economy, and returning finished products to the extracted population at a price. It is an analogy with documented limits, no armies, formal consent, but it names the structure better than theft does.
Doesn’t GDPR protect Europeans’ data?
Partially, and the gap is instructive. GDPR is the world’s strongest general privacy law, granting rights of access, deletion, and consent, with real fines attached. Yet the structural flows persist: enforcement lags, consent fatigue turns rights into clickwrap, and transatlantic transfers keep being struck down and re-papered, the Schrems rulings invalidated two successive frameworks. Law constrains the extraction; it has not yet changed who holds the infrastructure.
Why does it matter where my data is processed?
Because jurisdiction follows infrastructure. Data processed abroad lives under foreign surveillance law, foreign court orders, and foreign commercial incentives, which is exactly what European courts found intolerable in the Schrems cases. And the stakes have risen: it is no longer just your photos but your queries, drafts, and reasoning patterns, the cognitive exhaust that trains the next generation of models you will then rent back.
What can individuals actually do about data extraction?
Shrink your surface and own your core. Use end-to-end encrypted and local-first tools for what matters, keep primary copies of your knowledge and files under your control, prefer services with European or self-hosted processing where practical, and treat free as a price. Then build the asset no terms of service touches: a trained internal mind. Collective fixes, enforcement, sovereign infrastructure, need votes and procurement; personal sovereignty starts tonight.
Dive deeper in
Best Offline PKM Apps 2026? The Mind Comes First
Offline-first apps win data sovereignty: your notes live on your device, not a server. But if your brain can't think without the feed, you're still online.
How to Write Notes in Code: Metaphor Beats Cipher
Ciphers slow you down and crack under pressure. The stronger private notation is idiosyncratic metaphor, notes whose key is the structure of your own mind.
What Is the Slow Tech Movement? A European Defense
Slow tech means using technology on human terms: deliberate, private, and paced for thought, against an attention economy built to keep you fast.