On the January 29, 2020, the European Commission (EC) released the “Commission Work Programme 2020″. Under the second priority, “A Europe fit for the digital age” – the EC announced its intention to put forward for consultation a rich array of strategic documents outlining Europe’s digital strategy, writes Secure Chorus founder Elisabetta Zaccaria.
As part of the same body of work, the EC intends to publish a rich array of additional documents in the future, some will be new and some a revision of existing ones. The EC is planning to review the ‘Directive on Security of Network and Information Systems’ and the ‘Digital Education Action Plan’.
New upcoming frameworks for digital will include inter alias the ‘Digital Services Act’, an ‘Industrial Strategy for Europe’, a ‘SME Strategy’, a report on the ‘Single Market Barriers’, a proposal for a ‘Single Market Enforcement Action Plan’, and a ‘White Paper on an Instrument on Foreign Subsidies’. Finally, it will publish an updated ‘Communication on the Future of Research and Innovation and the European Research Area’.
The leitmotif of this set of documents sticks close to what are by now familiar themes for government digital strategies – a declaration of digital independence.
In fact, not only the EU but also other governments are looking to develop sovereign digital infrastructure and regulatory frameworks governance mechanisms to control data in alignment with their political, national security and economic agendas.
Data, a matter of geopolitics and geoeconomics
In the space of just a few years, data has become a matter of geopolitics and geoeconomics. Figuring out how to govern the complex data ecosystem, both enabling its potential and managing its risks, has become for governments a matter relating to politics, national security and economy.
Just as the allies gathered at Bretton Woods in 1944 with the principal goal of regulating the international monetary and financial order after the conclusion of World War II, governments are now negotiating, at international level, data and digital infrastructure sovereignty, territoriality and governance.
The EU is hardly the only one issuing a new strategy to enhance its digital sovereignty. Many countries have issued similar strategies and bodies of legislation; for example, in China and Russia the role of the state in data protection and cloud infrastructure has been placed at the epicentre of regulation.
A closer look at the EU plans on digital sovereignty
Following up on the EU Lisbon Strategy’s objective to become the ‘most dynamic and competitive knowledge-based economy in the world by 2010’, in 2015 the EU adopted its Digital Single Market Strategy (DMS) – an ambitious set of actions mainly focused on legislative and policy reforms addressing inter alias issues related to e-commerce, copyright, telecoms, audio-visual media, online platforms, big data, protection of personal data, and cybersecurity, as well as standardisation and e-government.
In 2018 the EU issued a landmark piece of legislation – the General Data Protection Regulation (GDPR) – regulating personal data protection of EU citizens, regardless of which part of the world the data handler is in.
Nonetheless, in the wake of a global digital ‘cold war’, the EU appears to have come to the realisation that its normative approach is no longer sufficient to protect its political, national security and economic interests and that it needs to develop its own digital sovereign capability. This is to, first, become less reliant on foreign technologies which is a concern from a defence and national security perspective. Second, data sovereignty is important for the EU to be able to boost its domestic digital economy as well as compete at global level.
In response, the EU has recently published its Digital Strategy 2020 – 2025, which is a mix of both legislative and non-legislative initiatives. I am providing below an overview of the most noteworthy initiative.
Perhaps the most notable non-legislative part of ‘A European Strategy for Data‘ is the development of Common European Cloud Infrastructure and the creation of Common European Data Spaces.
Europe’s motivations for wanting its sovereign Common European Cloud Infrastructure comes from its long-standing concern for its overdependency on foreign cloud providers.
First, the EU is worried that its regulatory frameworks will no longer be sufficient to protect its data which are being processed outside its territory; to prevent foreign nations from implementing their own legal frameworks over such data, the EU has realised it needs to build its own sovereign cloud capability.
Second, overeliance on foreign tech firms also poses a concern from a defence and national security perspective especially in relation to domestic critical national infrastructure.
Third, the development of sovereign cloud capability meets the EU ambition to grow a robust domestic market of cloud providers.
Another important cornerstone of its data strategy is the creation of Common European Data Spaces, recognising that access to data is a prerequisite for strong Artificial Intelligence (AI) systems for the benefit of EU economy. The aim is to create a genuine single market for data where public and private sectors have easy access to huge amounts of high-quality data to create and innovate.
The white paper also aligns with the Guidelines on Trustworthy AI, namely human agency and oversight, technical robustness and safety, privacy and data governance, transparency and accountability, diversity, non-discrimination and fairness, societal and environmental wellbeing.
Digital Services Act
Later this year, the EU will also present a Digital Services Act (DSA) which aims to reinforce the single market for digital services. The act will place greater transparency and compliance obligations for digital platforms as well as provide a stronger anti-trust framework to ensure a fair and competitive digital market, especially for smaller businesses. The final goal is to ensure that EU legal rules apply online as they would offline. The legislation will be the first of its kind globally to monitor content on digital platforms at scale and require removal of misinformation and illegal content or face fines.
Although the EU remains open for business with foreign tech, its digital strategy has made a clear statement outlining its firm intention to build sovereign digital capability in order to better protect its national security and take full economic advantage of the data economy. Second, foreign participation in EU digital market will be on EU terms from now onwards.