Altmaier’s cloud initiative and the pursuit of European digital sovereignty

German Minister of Economy and Energy, Peter Altmaier tries headphones during a visit to the electronic company Sennheiser in Wedemark, northern Germany, 29 August 2019. [EPA-EFE/DAVID HECKER]

This article is part of our special report Finding digital freedom in a crowded world.

In October, German Economy Minister Peter Altmaier is set to reveal more detailed plans for the establishment of a  landmark European Cloud initiative known as ‘Gaia-X.’

Up until now, the European cloud marketplace has been dominated by US firms and many in Brussels are concerned that American involvement in the industry is compromising EU data protection standards and by extension, the concept of Europe’s ‘digital sovereignty.’

Earlier this year, Altmaier said “Germany has a claim to digital sovereignty. That’s why it’s important to us that cloud solutions are not just created in the U.S.” Following these remarks, delivered in July, the Frankfurter Allgemeine Zeitung leaked an internal government paper in August that revealed Altmaier’s plans, with the German economy minister conceding that “cloud industry is currently largely dominated by US corporations such as Amazon.”

This is a line echoed by the Former German Foreign Minister Joschka Fischer, who said in a recent op-ed that in order to safeguard it digital sovereignty, “Europe will need to make massive investments in cloud-computing capacity.”

Speaking to EURACTIV recently, a spokesperson from the German Federal Ministry for Economic Affairs said that “data sovereignty and broad data availability can only be really achieved with a data infrastructure that complies with ‘made in Europe’ security standards.”

The official also confirmed that the Federal Ministry intends to “push ahead with the construction of such a data infrastructure” in order to pursue this objective of achieving sovereignty in the field.

The concept of digital sovereignty on the bloc is founded on the principle that the EU should be afforded due autonomy in building up its tech industry, and therefore the ability to effectively implement regulatory frameworks that foster its digital development, rather than hinder it.

Digital Sovereignty

EURACTIV caught up with an expert in the field, Chief Technology and Digital Innovation Officer for the City of Barcelona, Francesca Bria, in order to get to the bottom of what digital sovereignty means in practice.

“Digital sovereignty means that digital technologies can facilitate the transition from today’s digital economy of surveillance capitalism and data extractivism – whereby a handful of US and China-based corporations battle for global digital supremacy -to a people-centric digital future promoted by Europe based on better workers, environmental, and citizens’ rights, to bring long-term social innovation,” she said.

Bria added that the areas in which the EU currently falls short include dependencies on companies managing large data flows. “Europe should tackle the dependence on external technologies: most hardware and software EU critical national infrastructure are built outside of the EU, including companies managing large data flows,” she said.

“Since data is the raw material of the digital economy and fuels AI, we need to take back control of data, and recognise data as a public good, as a public infrastructure, where the terms of data control need to be defined by citizens themselves. If you see who owns the software, the hardware, the chips, the 5G network in Europe and the data which is consumed on top of it, it’s mainly foreign multinationals. So we need to tackle dependence on external technology.”

Bria concluded by saying that unless Europe does not pursue a proactive approach towards obtaining its own digital sovereignty, “we could lose our competitiveness in key industries of the future and become a sort of a digital colony”.

She added that data sovereignty should be a starting point, “to take back the control of data and use city data to tackle our big urban and social challenges: climate, sustainable mobility, healthcare, education.”

And US investment into the EU’s cloud infrastructure is a case in point with respect to the EU’s reliance on foreign services.

The apprehension in this respect in the cloud market is understandable. According to recent estimates from the International Data Corporation (IDC), Europe’s public cloud market is expected to grow at a 22% rate for the next three years, with US companies taking full advantage of the lack of EU megacloud providers.

December 2018 saw Amazon’s AWS opening new data centres in Sweden, while Microsoft announced plans last year to build data centres in Norway, Germany and Switzerland.

US Cloud Act Vs GDPR

But of course, the question is not only an economic one. There are potential legal conflicts in the offing, too. An industry source has informed EURACTIV that due to American investments into the EU’s cloud marketplace, the EU’s high-quality data protection standards are in danger of being compromised.

Earlier this year, following a question from the European Parliament’s Committee on Civil liberties, the European data protection board released an analysis of the potential impacts of the US Cloud Act on GDPR, in which they highlighted potential points of conflict between the two legislations.

Controversy with regards to the American framework revolves around the fact that the Cloud Act gives US law enforcement agencies the legal right to force the release of customer data outside the US, resulting in an “extraterritorial reach of powers”, according to the European Data Protection Board.

“Service providers controlling personal data whose processing is subject to the GDPR or other EU or member states’ law will be susceptible to facing a conflict of laws between US law and the GDPR and other applicable EU or national law of the member states,” the EDPB opinion stated.

Effectively, the EDPB opinion is that the Cloud Act is not legally watertight in bypassing GDPR to justify personal data transfers to the US.

EURACTIV recently took this issue up with the Director General of the European Commission’s DG Connect, Roberto Viola, who said that according to the opinion of the EDPB, “transfers in response to a Cloud Act request may be validly based on the GDPR,” but only “in certain circumstances.”

Industry lead

Any potential legal conundrum that could impact the integrity of the bloc’s high data protection standards, is likely to be received with frustration in the EU. And the Germans believe that industry should lead the way in pursuing an independent cloud infrastructure.

The German Minister of Education and Research, Anja Karliczek, recently said that in order for Gaia-X to be a success, a commitment from industry players is required.

EURACTIV spoke to Frank Leibiger, Spokesperson for Cloud Computing at Deutsche Telekom, in order to get a sense of the response in the industry for the plans coming out of the German government.

Unsurprisingly, Leibiger said that DT is fully behind the plans and that “it’s about enabling secure data flow between different cloud platforms based on well-structured, close cooperation between government and industry to support the globally connected economy and enable new, innovative business models.”

Leibiger added that the real driving force behind any future cloud infrastructure development in the EU will be a “strong public demand.”

France also backs the plans for a European-wide cloud infrastructure service, with Finance Minister Bruno Le Maire publicly confirming it.

In addition, the French Ministry of Interior is now preparing a roll-out of an internal cloud service known as Nextcloud, a move also made by the Swedish government, who have highlighted the concerns of the “ability of other countries to access, manipulate or deny access to information handled by a service provider.”

Europe’s bid for digital sovereignty is likely to commence with a concerted effort to build its own cloud infrastructure service. The task at hand however, is by no means easy. A senior EU Commission official told EURACTIV recently that Altmaier’s Gaia-X plans “are good in theory, but in practice much more challenging to implement.”

Nevertheless, despite the pushback from certain US firms on Europe’s cloud initiative, the Gaia-X plans are regarded as central to fulfilling incoming Commission President Ursula von der Leyen’s objective of achieving strategic autonomy and digital sovereignty.

The plans are very much being billed as a civil liberties issue, something that former German minister Joschka Fischer regards as to be decided by European citizens, by putting “data at the service of the people,” in the words of Francesca Bria.

[Edited by Zoran Radosavljevic]

Subscribe to our newsletters