EU digital sovereignty is of paramount importance in the face of the rapid technological evolution currently taking place globally.
A call for EU digital sovereignty had been brought to the forefront of many conversations among policy makers, in light of growing concerns over EU citizens losing their control of their data, capacity for innovation and ability to enforce legislation in the digital world. The concept of “digital sovereignty” had recently sprung forth as a means of promoting the idea of leadership and strategic autonomy in the digital world for Europe. There has been major concern over the threat placed on EU citizens by the economic and social influence of non-EU technology companies. This has made very clear the need for Europe to be able to act independently in the digital world.
President of the European Commission, Ursula von der Leyen has named digital policy as one of her key political priorities during her term. The increase in Chinese technological presence in the EU has become a source of concern for the EU Parliament. A need and opportunity to reduce such dependence has presented itself, especially in light of the coronavirus pandemic and its revelations on the essential role of the tech sector on the continuity of social life, businesses and administrations. A recent Commission report highlighted the fact that at times, competition from global tech-driven players disregarded European rules and values, and deeply involved data appropriation and valuation. This has compelled the need for technological sovereignty, and for advancements in developing a secure, competitive and inclusive digital economy built on ethics and with world class connectivity. There has been a call for special emphasis on issues of data security and artificial intelligence.
The present situation highlights the need for EU digital sovereignty, while presenting some concerns and opportunities for improvements in the areas of EU Data economy and innovation, privacy and data protection, cyber security, data control and online platforms’ behavior.
EU data economy and innovation
While the EU has strong acids including a world leading AI research community and a range of innovations such as 5G, artificial intelligence, cloud computing, and the internet of things, the region is behind the United States and China in private investment, and the rate at which AI has incorporated into the society. The two countries also surpass the EU on things like data collection, data access, patent applications and development of essential hardware like supercomputers. The potential dependence on foreign technology presents a risk to Europe’s influence in the digital field.
In response to this the EU has implemented several initiatives to narrow the investment gap. EU policy makers have also been designing tools to adapt EU industrial and technological capacity to the global competitive environment. For example, the European data strategy adopted in February of this year forges the path for the creation of European data spaces to ensure that more data becomes available for use within the European economy and society.
Privacy and data protection.
The Cambridge Analytica scandal showed how online platforms can extract personal data for Political profiling purposes. In addition, the economic model of large tech companies like Google, Apple, Facebook, Amazon and Microsoft are largely based on the collection and exploitation of online users’ data for advertising purposes. Trends like these, are often referred to as surveillance capitalism, and are a source of concern in the EU. There is a need for EU citizens to be able to control the digital data in an online environment that is largely dominated by non EU tech companies.
To combat this, the EU has taken on a very stringent approach to privacy and data protection with the GDPR at it’s centre. The European Union is seen as a standard setter in the world of privacy and data protection. As a matter of fact, several other countries outside the EU have incorporated aspects of the GDPR into their own national legislation. While the coronavirus pandemic has added a layer of difficulty to implementing this framework, the member states are looking at adopting location tracking measures to contain the spread of the virus in conjunction with implementing technical solutions to deal with the issues presented by this crisis.
Cybersecurity, data control and online platforms’ behavior
The EU’s reliance on Chinese 5G infrastructure has proved to be a critical weakness for the region. There is also growing concern over the EU Member States’ lack of control over data produced on their territory, with the global public cloud market being largely dominated by us and Asian companies. In addition to this, issues of competition have been raised by the control that large tech companies have, making it hard for others to compete in new and innovative markets.
The EU has taken a multifaceted approach to combating this issue. In addition to several tools adopted within recent years, for example the Network and Information Security Directive (NIS), the European cybersecurity act, and EU-wide cybersecurity certification scheme for ICT products, there have been further advancements in legislation. Following the Huawei debate, the Commission adopted recommendations for a common approach to the security of 5G networks in March of 2019 and this year published an EU tooltbox on 5G cybersecurity.
Further EU Initiatives towards EU Digital Sovereignty
There are several initiatives being brought forward by the EU in order to secure digital sovereignty. For starters, the data framework could be revised to make provisions for EU based cloud storage. With non-personal data regarded as the critical, raw material of the digital economy, and cloud storage expected to overtake local device storage this year, this is seen as an important move. It is expected to not only strengthen Europe’s data sovereignty, but also address the fact that cloud storage is an industry almost dominated by non EU companies. The implications of this could potentially be to the detriment of EU citizens’ security and rights.
In recent times, France and Germany have announced a joint, European cloud initiative; Gaia-X project. While more action could be decided upon at an EU level in order to help implement an EU-wide cloud infrastructure, this latest development is regarded as an important tool to ensure the safety of data for these European citizens, businesses and governments. The proposed EU data framework to facilitate data collection, processing and sharing has the potential to put Europe in the lead in collecting and processing data, and to secure access for innovators to data, particularly in the spheres of B2B (business-to-business) and G2C (government-to-citizens).
There is much more that could be done with regard to investment in frontier technologies, including AI, IoT, blockchain, high performance computing and quantum technologies, which should be encouraged in order to implement the productivity breakthrough that Europe needs. The execution of the 2021-2027 multiannual financial framework currently under consideration is critical to that cause. Likewise, the Digital Europe programme, the first ever EU programme primarily dedicated to digital transformation, among others.
The EU approach to digital matters has become centered around ensuring transparency and trust. There presents a challenge for the EU to introduce new standards and practices ensuring trustworthy and controllable products, whether they are of EU or foreign origin. This will require new tools in the fields of cyber security, AI and data protection.
With regard to cybersecurity, there is a need to influence three main aspects. Changing the EU-wide certification scheme from voluntary to compulsory, especially as the framework for this programme is up for review in 2023. This would be a definite step forward in securing a safe environment, particularly for 5G networks. It could also potentially set the EU apart as a standard setter in the field of cybersecurity. In addition to this, inadequate coordination of cybersecurity is one of the main issues faced by EU policy makers. An important action to combat this would be to finalize the adoption of the Commission proposal to establish European Cybersecurity Competence Centers.
Furthermore, there is a call for security to become an obligatory aspect in every public procurement procedure for relevant infrastructure nationally and throughout the EU. Each EU member state should create specific security requirements for application in the context of public procurement related to 5G networks. This should include mandatory cybersecurity certification requirements.
Competition and Regulation.
In light of recent events, there has been a greater apparent need for update and adaptation regarding the EU’s competition policy and the digital regulatory framework. Recently, we reported on German competition law and Facebook’s breach of it. There are calls for a shift towards more defensive and prudential mechanisms for the entire EU, including regulation to address foreign state ownership and distortive practices by large tech companies. It is important to protect the potential of European tech start-ups and small and medium-sized enterprises. This may involve new tools for more synchronous investment screening mechanisms and for assessing takeovers in high tech EU companies. This, along with the implementation of strategic limits on foreign investment, exceptions to state aid and competition policy, could ensure coordination between EU member states on this matter. This is extremely necessary, especially when considering the swift technological evolution currently taking place. In the end, building a genuinely sovereign EU digital environment will also require addressing the insufficient coordination between regulators in this field. It will take a revamp to the current governance mechanisms both between sector specific regulators and beyond. This is critical to ensuring a coherent approach to EU digital sovereignty.