The COVID-19 crisis has refocused the issues of sovereignty; economic, health and digital. However, the economy can no longer be considered without digital technology. How can we combine the security and economic interests of the European Union while taking part in those of globalization ? This question is the starting point of the reflection presented in this article.
What is digital sovereignty ?
Definition(s)
If there is still, to date, no official definition of digital sovereignty, the report of the Senate’s commission of inquiry circumscribes it in 2019 as “the ability of the State to act in cyberspace”, considered as a “necessary condition for the preservation of our values involving on the one hand an autonomous capacity of appreciation, decision and action in cyberspace, and on the other hand, the control of our networks, our electronic communications and our data. “
On a broader scale, sovereignty is “the supreme power exercised over a territory with respect to its population, by an independent state, free to determine itself.” But our globalized societies are redrawing the contours of this definition. In other words, the interdependence of States coupled with the rise of international organizations, disregard physical borders.
What poses a problem
In three words : Big Data. Or rather, its exploitation. This is megadata or massive data whose characteristics in terms of volume, velocity and variety require the use of specific technologies and analytical methods to generate value. To give you an idea, we generate about 2.5 trillion bytes of data per day ! This information comes from (almost) everywhere : messages, videos posted, commented or watched, GPS information, cookies etc. However, the monopoly of American players poses a problem because they govern the digital spaces of other countries or zones, such as Europe, according to their own rules, while recovering, storing and monetizing the data of European citizens.
It is for these reasons that China and Russia demanded as early as 2012 the restoration of their sovereign rights over the management of the network and the development of an international treaty to better share responsibilities. But the tone hardened in 2013, following the Snowden affair. The facts of widespread spying for economic and political interests (re)questioned in depth the system of governance of digital spaces. Indeed, the control of the digital data of 4.5 billion connected users by the tech giants gives them a power that completely disrupts the modes of government. In this regard, we can only welcome the Danish initiative of 2017, the first country to appoint an ambassador to Silicon Valley firms, considering them as legitimate political interlocutors.
European digital sovereignty and economic growth
When European digital independence becomes essential
If the pandemic has given a serious impetus to the digitalization of companies, the health impact has highlighted the pressing need for French and European sovereignty in terms of technology. However, in the face of Amazon’s rapid expansion into e-commerce, Huawei’s self-proclaimed leadership in 5G, or more generally, in the face of GAFAM and their exponential development thanks, among other things, to an almost total lack of regulation, what place can Europe possibly have left? How can we combine economic growth and digital sovereignty in a cyberspace that is already well occupied and even delimited by certain players?
Data, the essential resource of our digitalized world, would allow the Big Data market to reach no less than 68 billion dollars in 2021, if we follow this prediction by Gartner. However, to give Europe its “true” value, we must not forget that the old continent is the second largest market in the world after the United States, with more than 746 million people and 22% of the world’s GDP.
To be sustainable, the concept of digital sovereignty, whose benefits are no longer to be proven, must benefit individuals and organizations around the world. To do this, we must respond to the challenges of interoperability while keeping in mind European digital values, which are much more oriented towards competitiveness and ethics than towards the American vision, which is entirely dedicated to profit. The term “digital sovereignty” should not represent anything but a protectionist doctrine, advocating the establishment of borders 4.0 to say the least. An exclusively defensive European attitude would open the door to the “besieged citadel” syndrome, thus further reducing the old continent’s chances of having a say in the digital economy of tomorrow. As we know, if Europe has some catching up to do in this area, digital technology has its speed as its primary strength. Let’s not forget either that our European know-how, as well as our values, can write the future of this digitalized world in which we too often remain stunned by the ill-anticipated consequences, when they do not take us by surprise. On this subject we could quote Eric Schmidt and Jared Cohen, in their book The New Digital Age: “The Internet is one of the few creations of man that he does not fully understand […]. It is the greatest experiment in anarchy in history […], a source of both enormous benefits and potentially terrifying evils, the effects of which we have only begun to measure in the global theater. “
No withdrawal, but a controlled complementarity of players
Once again, it is not a question of erecting protectionist barriers to the European digital space by banning the GAFAMs, but rather of allowing digital growth for the Union’s companies. And this, in order to create a fair competition to perpetuate our economy of the future, which already makes digital a central issue. For this, regulation of international players to European standards is required. In this perspective, the promotion of France as a land of excellence for data is to be put forward. For if we have put in place an exemplary scientific and ethical framework that guarantees reliable and rigorous studies, we are on the way to becoming, if we give ourselves the means, a model to follow in terms of digital navigation management. This will allow data to be used in conditions of trust and security, reassuring both individuals and companies. France could become a kind of digital paradise by redefining the framework of online activity, which is currently more subject to the goodwill of a foreign firm than to French or European legislation.
Still with the aim of making digital sovereignty cohabit with economic growth, Europe must give the necessary space to the entrepreneurial ambitions that are born within it. This logically requires encouraging the creation and growth of start-ups and guaranteeing fair competition. And to do this, the regulation and adoption of a European framework applied to the current digital giants, which make their money thanks, in part, to the European market, must take place.
European digital sovereignty and IT security
It is therefore to regulate the scope of the tech giants within the European cyberspace that the Union of 27 has drafted and put into force several texts and organizational bodies.
European texts
GDPR
This regulation is the reference text for personal data protection. It strengthens and unifies data protection for individuals in the European Union. The European Parliament definitively adopted this regulation on April 14, 2016, and its implementation was effective from May 25, 2018. Increasing the protection of individuals with regard to the processing of their personal data and strengthening the accountability of the actors of this processing are the main objectives of the GDPR.
DMA-DSA
The Digital Markets Act and the Digital Services Act are two new regulations that aim to better control the European digital space and limit the abuses of tech giants perpetrated within the Union’s cyberspace. Read our article about these two texts: The DMA and the DSA, the two new regulations of the European Commission.
Gaia-X project
The Gaia-X project is about the development of an efficient and competitive, secure and reliable data infrastructure for the European Union. Born from a Franco-German initiative, the Gaia-X project is officially launched on June 4, 2020, initially supported by 22 companies.
Organisations
CNIL
This is the Commission Nationale de l’Informatique et des Libertés (CNIL). This organization’s mission is to ensure that information technology serves the citizen and does not infringe on human identity, human rights, privacy, or individual or public liberties. The CNIL is an independent administrative authority that acts on behalf of the State but without being placed under the authority of the government or a ministry. This commission is composed of 18 elected or appointed members. Its role is to alert, advise and inform the public, but the CNIL also has the power to control and sanction.
ANSSI
The National Agency for the Security of Information Systems is a department attached to the Prime Minister, attached to the General Secretariat for Defense and Security. The ANSSI is the national authority in charge of supporting and securing digital development. It is a major player in cyber security, providing expertise and technical assistance to government agencies and companies, with a reinforced mission concerning Vitality Operators. Watch, detection, alert and reaction are its daily missions regarding computer attacks.
ENISA
ENISA is the European agency in charge of network and information security. It was created in March 2004 and is based in Greece, in Heraklion. The mission of this European agency is to ensure a high level of network and information security by acting in different ways :
- By intervening as an expert to national authorities and European institutions,
- By promoting the exchange of best practices,
- By facilitating contact between institutions and companies.
Digital innovations, whether technological, legal or educational, must be European. Our continent has to measure up to its ambitions, because we have the skills. Europe must take the path of the perfect combination between sovereignty, respect for international standards and global competitiveness. The reinforcement of data traceability and their security must carry our values as a new and inseparable attribute of tomorrow’s economy.