by Vincenzo Tiani
By now it seems clear to governments around the world that the idea of being able to make the most of the data economy by simply having data move from one end of the world to the other is unfeasible. Without the necessary trust that leads companies to store their data on the cloud offered by foreign companies instead of locally, to share this data with other companies for innovative uses and new business opportunities, there can be no data economy. The missing piece is “data sovereignty” and it can be said that perhaps the person who first and most prominently turned the spotlight on this issue was former President Trump with the war on a number of Chinese companies present in the United States, accused of providing indiscriminate access to Chinese local authorities. Since those proclamations also in Europe eyebrows have been raised regarding the race to grant 5G frequencies to Chinese players, more advanced and economically more appealing, but always shrouded by the doubt raised by Trump.
On the other hand, American companies, big tech in the forefront, have the same problem in China. The social networks we usually use are not accessible in those latitudes and one of the jewel companies present there, Apple, has had to give up a lot on the negotiating table in order to continue selling its products in that huge market: as revealed by the New York Times, even the Cupertino giant, which for years has made privacy protection one of its strong points compared to other big tech, not only had to concede to store the data of its Chinese users in China, but these are accessible by a local Chinese company that in this way can quickly respond to requests for access from the government. Similarly, Tesla has also recently stated that the data of its Chinese customers will be stored locally. In a similar situation When Google years ago tried to bring a different version of its search engine to China to comply with local laws, its employees strongly objected.
India, where Facebook and WhatsApp are widely used by the population, has also been lobbying for years for Zuckerberg to store Indian users’ data locally.
The American Cloud Act
Not that relations between the European Union and the United States are any better. Apart from the recently revealed inter-European government spying operations that have turned the spotlight back on Edward Snowden’s 2013 revelations, it must be remembered that those revelations led to the declaration of invalidity of two agreements between the European Commission and the United States that regulate the transfer of personal data between companies or within the same company between the two sides of the Atlantic. For the Court of Justice of the European Union, in fact, the agreements are invalid if the rights of European citizens are not respected and their data are freely accessible to American law enforcement agencies without due safeguards.
Since 2018, in fact, the United States can use, among other laws, the Cloud Act, which allows them to request from American companies, Big Tech in particular, the data in their possession, even when they are stored on European territory. In this way, they can circumvent international agreements of mutual assistance between allied authorities, which, however, require longer timeframes and more guarantees and controls by the authorities involved.
Storing data in Europe
That’s why recently France, in its national cloud project, is forcing big tech companies that want to participate to license their cloud technology to French companies. Although the hope is to have big players in Europe, for the moment we have to deal with reality. Precisely because of the attention that European institutions pay to the subject of personal data, Microsoft has been trying for years to provide reassurance in this regard. Recently it has announced that it will store data locally in Europe and that it will continue to oppose requests for access from governments, including the American one, and that it will compensate its clients if this is not done.
At the European level, the Gaia X project for a community cloud made up of many local providers, although born as a response to giants such as Google, Microsoft, Amazon and Alibaba, has foreseen their entry at the table on the condition of not having decision-making power and of respecting a series of rules.
Data Governance Act
Meanwhile, in November, Europe presented the Data Governance Act, its proposed regulation to address and foster the circulation and reuse of data between public administration and private companies, as well as between companies themselves, for new business opportunities. If the ultimate goal is to ensure maximum data circulation while guaranteeing maximum control, it remains to be understood where this data will be available, what infrastructure will be used and whether the protection of personal data, as well as trade secrets, will be sufficiently guaranteed given the multiple interests at stake.