There are debates on digital sovereignty at the centre of companies’ digital strategies. Sovereignty is not just a protectionist buzzword to compensate for Europe’s digital lag. It aims to ensure the prosperity and independence of companies by protecting their data, customers and fellow citizens.
Businesses can meet three major challenges by choosing a sovereign digital solution. Here are some explanations.
Sovereignity to keep control of your data
The awareness in Europe has accelerated since the RGPD came into force in 2018. Indeed, not all countries and not all legislations offer the same level of data protection. It is necessary to map them, to ensure that they are protected and inaccessible to malicious individuals.
Organisations can use several solutions to protect their data:
- Host them on a sovereign cloud that is located in Europe and is managed by companies that follow European law. This can be certified by various labels, such as SecNumCloud, which is the most demanding certification for hosting in France.
- Opt for open-source software and/or European software
- Train employees in the various data protection regulations.
- Raising employee awareness of the importance of appropriate data management.
Sovereign hosting protects your data from hostile access legally. It is the foundation of a good control strategy for companies that want to capture value from their data while ensuring confidentiality for their customers.
Sovereignity to counter the cloud act
The Cloud Act has been in effect in the United States since 2018. It states that US authorities can request communication service providers subject to US law to provide them with data under their possession, care or control, regardless of the location of the data. This poses a serious threat to the data of European companies that are hosted by US providers, including in data centres based in Europe. Under the Cloud Act, these service providers can exploit data, even confidential data, beyond the initial intended use.
Europe’s digital sovereignty aims to put in place safeguards against unlawful access by certain countries, to regulate access requests by foreign authorities, and to prevent transfers of non-personal data.
Two European regulations are currently being considered for this:
- The data governance act: adopted in May 2022, it will be applicable in September 2023. It aims to facilitate the sharing of personal and non-personal data by setting up intermediation structures.
- The data act was presented in February 2022 and aims to ensure a better distribution of the value from the use of personal and non-personal data between the players in the data economy, particularly in relation to the use of connected objects and the development of the Internet of Things.
Sovereignity to counter the expansion of GAFAM
The GAFAM* represents a major threat to digital sovereignty. There is a considerable economic weight to these American digital giants: “the cumulative stock market valuation of the GAFAM reached “5,853 billion dollars” in 2020, i.e. a value greater than the GDP of Japan, the 3rd largest economy in the world”**.
This domination is not only economic, but also concerns digital dependency. These companies are, in fact, in a position to process and store the data of citizens and companies from all over the world (datacenters, messaging systems, clouds, etc.), which are “transferred” to them in a more or less conscious manner when using services or applications. Incidentally, it should be remembered that the GAFAM are subject to American legislation. They are subject to the Cloud Act, which allows them to transmit data in their possession to third parties.
Therefore, the rest of the world, and especially Europe, must counter this power by creating a truly sovereign ecosystem. How can this be done? By changing the regulations on this subject, encouraging the use of open-source software, and talking about the challenges of digital sovereignty.
* Google, Amazon, Facebook, Apple, Microsoft