What should be the boundaries of government-sponsored cybertheft and surveillance beyond national borders? To what extent do apps such as TikTok pose a national-security threat? Can the United States and European Union reach an agreement on transatlantic data flows that balances economic, privacy, and national-security concerns? These seemingly disconnected questions lurked in the background of the recent inaugural meeting of the EU-U.S. Trade and Technology Council. They all point to the difficulty of defining the proper scope of state power to access and exploit data—one of the defining governance challenges of our time.