- Thierry Spanjaard
Where is European sovereign cloud?
The ongoing health crisis has revealed the obligation for each nation to master at least its essential needs. Many who had been supporting globalization for long have started to realize its limits when many countries have been struggling to ensure delivery of an object as simple as a face mask, medicines or medical equipment for their population. Same fights can be anticipated when a cure or a vaccine will be in sight for the COVID-19. As a result, one may expect governments will in the near future build strategies to ensure their basic medical needs are covered by domestic production.
However, if the ongoing crisis is medical, many other issues may and will happen. Governments, peoples and corporations need to be concerned not only about medical supplies but also about data ownership. We have already witnessed the explosion of data volumes over the last years, and with IoT and more automation, data collection is bound to increase exponentially leading to always more dependence on organizations able to collect and manage them.
Some of the data are explicitly strategic: just think of what relates to government operations, military, nuclear, airspace or weapons industries. However, the accumulation of data in other fields is proving equally strategic. For instance, data coming from IoT devices such as autonomous cars are constituting an essential source of information for entities having access them.
Coming back to the ongoing health crisis, citizens health-related information is also strategic! At the end of 2019, the French government has passed a regulation creating its “health data hub,” a public-private partnership allowing to collect and manage health data of the French population. The decision has been made to host all these data on Microsoft Azure cloud platform regardless whether these information may include personal data in the meaning of GDPR. Let’s not forget that even if data are anonymized, it has been demonstrated that the combination of a limited set of data may allow to identify a person. In addition, the US Cloud Act allows US Federal Authorities to compel technology companies to give access to the data that are stored in the US soil.
However, what are the available large and reliable cloud service providers? Number one is AWS, Amazon Web Services, followed by Google Cloud Platform, Microsoft Azure, IBM Cloud, Oracle Cloud,…. The latest new entrant in this business is Chinese leader Alibaba Cloud. European citizens are wondering why they have to choose between hosting their data in the United States or in China while Europe has organized itself with regulations such as GDPR to protect the rights of its citizens and enterprises. Let’s hope the health crisis will lead decision-makers to understand that sovereignty is not only needed for face masks but also for other aspects of our life, and data is probably one the most essential ones!
Over the last few years, there has been a few projects for a “European Sovereign Cloud” or some national sovereign clouds such as in Germany or in France, or even a European cloud network called Gaia-X, but none of these projects has come to maturity. Our governments were probably not conscious enough of the stakes linked to where strategic data are hosted, or were they just complacent and ready to give in to the siren calls of the GAFA?