World has come alive to the power of reclaiming digital sovereignty
The world’s most valuable resource is no longer oil, it’s data. However, unlike oil, data is highly mobile – and an individual’s personal information can be stored on servers in a myriad of locations around the world.
Now Beijing has started to impose its “Great Firewall of China” on Hong Kong, concerns are mounting about the security of information held in the former British territory – particularly over pressure on technology companies to hand over information to Chinese security services.
The physical location where data is stored is about to become a major battleground as digital sovereignty becomes more important by the day. Digital sovereignty is the idea that parties must have ownership, or sovereignty, over their own digital information and refers to both individuals and countries. It’s not just worries about an assertive Beijing that are driving calls for data to be repatriated around the world – the ubiquitous power of US big technology companies is also a major cause for concern.
This week, the Australian government said it was considering new sovereignty rules for government data that would force certain data sets to be hosted in approved Australian data centres. This followed significant controversy in the country over data from its CovidSafe virus contact tracing app, which is held on Amazon’s servers. Concerns were raised that the data of ordinary Australians was not secure because of the US Cloud Act, which extended US authorities’ global reach over data stored on servers.
The US Clarifying Lawful Overseas Use of Data (Cloud) Act was introduced two years ago and extends criminal warrants served on a US-based provider to all emails regardless of where in the world the servers are located. It was introduced following a legal case in which it was argued that US laws did not apply to emails stored on a server in Ireland.
Digital sovereignty is not only about increasing the security of individual and government data. China and US are the two major technology leaders and other regions – especially Europe – have been left behind in the area that is shaping the economy of tomorrow.
The European Union is in a consultation period over its own digital sovereignty rules as part of its Digital Services Act (DSA) – and there are hopes that ring-fencing data from the eurozone will allow the bloc to turbocharge its own technology companies to compete on the world stage. But some argue that the EU proposals are not really about security at all, they are aimed at giving European companies a platform to compete with the strong position of US and Chinese digital companies in EU markets.
The EU is proposing the creation of a single market in EU data that will allow European companies access to large data sets through “common European data spaces”. It is hoped this will allow continental companies to develop artificial intelligence-based applications to boost its lacklustre technology sector. Europe has lagged the US and China in technological leadership – and this is a drag on its economy and equity markets.
The EU’s cloud infrastructure initiative is called Gaia-X. Last week, Peter Altmaier, Germany’s economy minister, said that Gaia-X will play a “central role” in the EU’s digital transition. “This project is the cradle of an open, transparent digital ecosystem, where data and services can be made available, collated and shared in an environment of trust,” the EU says.
Gaia-X is set to offer European cloud data storage alternatives to US companies such as Microsoft or Amazon, where most European users and businesses currently have their data stored. Mr Altmaier said he wants to “further the digital sovereignty of Europe” through strengthening “competencies in key technologies” and push the development of a “potent gigabit-infrastructure”.
The European data ecosystem will initially feature 11 French and 11 German firms, including Orange, EDF, BMW and Siemens – but will also be open to US companies that adhere to the project’s transparency terms.
India is starting to flex its muscles over its own data security too. On Tuesday, Ravi Shankar Prasad, the country’s IT and telecoms minister, said India will not compromise on its data sovereignty.
The comments came days after the country blocked 59 Chinese apps on concerns around “sovereignty and security” following border skirmishes between the two countries last month. This is a key policy area for the government because India has more than 560 million internet users, making it the second largest online market in the world behind China.
So, what does this mean for investors? It highlights the areas where significant spending will be directed, with large investment in the software and infrastructure that drives the cloud, as well as cybersecurity systems to protect valuable information from external actors.
The problem for the Europeans, Indians and Australians is that the US and China are so far ahead that it will be extremely difficult to catch up – no matter what rules or regulations they introduce. The EU’s cloud infrastructure project is part of “a European Strategy for Data”, which was launched by the European Commission in February this year. The strategy wants the data single market to ensure that the EU’s share of the data economy by 2030 matches that of the US and China.
But with the US administration determined to preserve the power of its own technology majors and China using fair means or foul to get an advantage, catching up looks near impossible. The EU has a difficult task on its hands.
‘The problem for the Europeans, Indians and Australians is the US and China are so far ahead’
‘Now Beijing has started to impose its “Great Firewall of China” on Hong Kong, concerns are mounting’