Europe must ‘prioritise investments’ in cloud, EU digital chief says

Roberto Viola, Director-General, Directorate-General for Communications Networks, Content and Technology (DG CONNECT), European Commission [European Commission]

This article is part of our special report Finding digital freedom in a crowded world.

Europe’s global standing in the cloud infrastructure market has long come under scrutiny for a lack of investment and presence compared with global players. EURACTIV has caught up with DG Connect’s Roberto Viola to analyse the importance of the EU’s data economy and examine how Europe can achieve a greater level of independence in its cloud services.

Roberto Viola is the director-general at the European Commission’s Directorate-General for Communications Networks, Content and Technology (DG CONNECT). He responded to questions from EURACTIV’s Digital Editor Samuel Stolton.

It has recently been claimed that data is now widely considered a more valuable resource than oil. How have we got to this stage?

Over the last two years, 90% of data in the world was generated by the development of digital technologies and the Internet of Things. Around 2.5 quintillion bytes of data is created every single day.

Data has become an infrastructural resource whereby the same data can be used and re-used to open up significant growth opportunities, or to generate benefits across society in ways that could not have been foreseen when the data was created. We are making our best efforts to boost data-driven innovation and to develop AI solutions in the EU to benefit our economy and societies.

In terms of Europe’s data-driven economy, what can be done to ensure that the EU makes the most of this landscape, while also bearing in mind the importance of data protection standards?

The EU boasts a large market for online content and databased services. Cloud can deliver an almost unlimited and scalable capacity of computing and storage that underpins all digital activity of large and small businesses as well as public administrations.

It is essential to implement the existing European consumer and data protection rules in order to ensure that developments in the digital age are compatible with European values and strategic interest. These rules and standards must be applicable and enforceable across the Union’s territory and on all actors accessing our market in order to ensure a level playing field and free and fair competition and to see the emergence of a strong European GDPR compliant industry.

In addition, we are discussing with member states, industry and other stakeholders the creation of common European data spaces in a number of sectors. If we can scale up the existing data sets in member states to the European level, we can compete on a global scale. Our proposal for a Digital Europe Programme will help finance these activities.

Can you give some concrete examples of how Europe’s cloud initiative is helping research and development across numerous sectors?

The European Open Science Cloud enables researchers to combine multiple datasets and services, developed by different organisations in Europe, to predict the spread of dangerous and invasive species in the Mediterranean Sea and to highlight the high-risk zones for fisheries and health security in the area.

Another example is the use of Cloud’s resources, together with high-performance computing and Artificial Intelligence methodologies, to foresee and manage natural hazards and extreme events that have led to over one million fatalities and three trillion euro of economic loss over the last 20 years. There are similar stories in other sectors such as the observation of the carbon cycle, molecular imaging with photos and neutrons, or digital cultural heritage.

In addition, the EU has invested no less than €200 million in research and innovation in cloud computing technologies since 2014. Some interesting research such as the ‘SUNFISH project’ led to the development of federations of public sector clouds using blockchain for sharing sensitive data such as criminal records, taxpayer details and data on healthcare among European public administrations.

There are many risks associated with the concentration of Big Data. In terms of cybersecurity, what measures are being taken to ensure that Europe’s cloud initiative has the appropriate safeguards in place to stop data from being used for malicious means?

Secure cloud infrastructures and services are indispensable to the provision of any big data analytics, artificial intelligence, blockchain services. Since December 2017, the Commission has been facilitating the self-regulatory work of the European Cloud Service Provider Working Group, that is composed of various stakeholders such as national cybersecurity authorities, cloud service providers, private certification bodies, universities and end- users.

In June 2019, the group achieved its objective to present its final recommendations for a European cloud certification scheme. On 27 June 2019, the Cybersecurity Act entered into force, on which basis the European Commission, supported by European agency for cybersecurity (ENISA), can establish a European cybersecurity certification scheme for cloud.

A specific example of a potential risk came up recently when it transpired that German data protection officials consider Amazon’s cloud hosting services to be unsafe for the storing of German police data because they could be subject to US spying. How much does the US’s cloud act, which compels US tech firms to hand over data to the government – regardless of where it is located – compromise the EU’s high standards of data protection?

We understand the concerns among European citizens, businesses and authorities around the handing over of their data to foreign authorities. To address these concerns in the context of criminal investigations, the Commission is going to engage in negotiations with the US on the EU-US agreement on the exchange of electronic evidence in criminal matters. The Commission already obtained a mandate from the Council in June this year.

This agreement will clarify the conditions under which law enforcement authorities from both sides of the Atlantic may require access to the data of individuals or businesses stored by cloud service providers in each other’s jurisdiction, while ensuring appropriate safeguards for the protection of fundamental rights and freedoms, including data protection.

The European Data Protection Board published an impact assessment in mid-July, in which they stated that the Cloud Act conflicts with GDPR. Do you agree with this assessment?

It is worth noting that this document only contains an initial assessment and recognises that further analysis is required. According to this document, transfers in response to a Cloud Act request may be validly based on the GDPR in certain circumstances. More importantly, while we may not necessarily agree on every detail of this analysis, we certainly agree with the conclusion of this document that an EU-US agreement on access to electronic evidence is the best instrument to ensure both a high level of data protection for Europeans and legal certainty for businesses.

This is precisely why the Commission has obtained a mandate from the Council to negotiate such an agreement and is looking forward to starting soon the negotiations with the US.

Currently, the UK has many more data centres than anywhere else in Europe. How will Brexit impact Europe’s data economy?

Continental Europe hosts all the necessary data infrastructure including data centres for a healthy data economy. For instance, all large (cloud) service providers have a local presence in continental Europe with multiple data centres.

In general, it is our intention to build a framework for international data flows with third countries that safeguards the protection of EU citizens’ data and ensures data security.

While the Commission does not speculate on the possible economic implications of different scenarios, it is clear that a withdrawal of the United Kingdom without an agreement would have a serious negative economic impact, and that this impact might be proportionally much greater in the United Kingdom than in the EU27 Member States. While we clearly prefer a withdrawal of the UK with an agreement, we are prepared for all other outcomes as well.

According to recent estimates from the International Data Corporation (IDC), Europe’s public cloud market is expected to grow at a 22% rate for the next three years, with US companies taking full advantage of the lack of EU mega cloud providers. Is this an issue for the bloc?

Yes, that is why we are monitoring closely the global cloud market developments. We consider cloud to be an essential and strategic enabling technology that Europe needs to master to ensure digital leadership. By 2022, IDC also estimates that storage deployment modes to manage cognitive and AI workloads will grow at a yearly rate of 36% and it will be based on public, private and hybrid cloud infrastructures.

For Europe to lead the next technological race we need to prioritise investment towards strengthening the existing European cloud infrastructure and service industrial basis. That is why we have proposed more EU funds for cloud under the next multi-financial framework 2021-2027. We invite all to participate in the open public consultations on the new programmes.

What is the future for Europe’s cloud infrastructure and what practical improvements will people see in their everyday lives as a result of the EU’s developments in the field?  

While energy-efficient interconnections of existing cloud infrastructures across the EU territory together with cross-border cloud service offerings are surely important, it is too early to say what the future Commission priorities in this area will be.

The federations of cloud infrastructures and services will enhance Europe’s competitiveness and security, with clear advantages for SMEs and citizens.

[Edited by Zoran Radosavljevic]

Subscribe to our newsletters