By now it seems clear to governments around the world that the idea of being able to make the most of the data economy by simply traveling data from one end of the world to the other is unattainable. Without the necessary trust that leads companies to keep their data on the cloud offered by foreign companies instead of locally, to share this data with other companies for innovative uses and new business opportunities, there can be no data economy. The missing piece is the “data sovereignty“, the sovereignty over that data and it can be said that perhaps the figure who first and most explosively turned the spotlight on this issue was the former President Trump with the war on a series of Chinese companies present in the United States accused of providing indiscriminate access to Chinese local authorities. From those proclamations, even in Europe, eyebrows have raised in relation to the race to grant 5G frequencies to Chinese players, more advanced and economically more interesting, but always shrouded by the doubt raised by Trump.
On the contrary, American companies, big tech in the first place, have the same problem in China. The social networks we usually use are not accessible at those latitudes and one of the jewel companies present there, Apple, had to give up a lot on the negotiating table to be able to continue selling its products in that huge market: as revealed by the New York Times , even the Cupertino giant, which for years has been one of its strengths in the protection of privacy compared to other big techs, not only had to allow to keep the data of its Chinese users in China, but these are accessible from a a local Chinese company that can respond quickly to access requests from the government. Similarly, Tesla also recently stated that its Chinese customer data will be stored locally. In a similar situation When Google tried to bring a different version of its search engine to China years ago to comply with local laws, its employees strongly opposed it.
Even India, where Facebook and WhatsApp are widely used by the population, has been lobbying for years for Zuckerberg to keep Indian user data locally.
The American Cloud Act
Not that relations between the European Union and the United States are getting any better. Aside from the recently revealed inter-government spying operations that rekindled the spotlight on Edward Snowden’s 2013 revelations, it should be remembered that those revelations led to the declaration of invalidity of two agreements between the European Commission and the United States governing the transfer personal data between companies or within the same company across the Atlantic. For the European Court of Justice, in fact, the agreements are not valid if the rights of European citizens are not respected and their data are freely accessible to American law enforcement without the necessary safeguards.
In fact, from 2018 the United States can use the Cloud Act, among other regulations, which allows American companies, primarily Big Tech, to request the data in their possession, even when these are on European soil. In this way they can circumvent the international mutual assistance agreements between the allied authorities, which however require longer times and greater guarantees and controls by the authorities involved.
Store data in Europe
This is why France recently, in its national cloud project, is forcing big techs who want to take part to license their cloud technology to French companies. In fact, if the hope is to have big players in Europe, for the moment we have to deal with reality. Precisely because of the attention that the European institutions reserve to the issue of personal data, Microsoft has been trying for years to provide reassurance in this regard. It recently announced that it will store data locally in Europe and that it will continue to oppose access requests from governments, including the US, and will otherwise compensate its customers.
In Italy, Minister Colao in an interview with this newspaper said that the Italian cloud on which public administration data will be stored will be very advanced and “will keep all data in Italy or in EU countries and will be subject to our jurisdiction. security will be reinforced “.
At the European level the Gaia X project for a community cloud made up of many local suppliers, with a hub also in Italy, although born as a response to giants such as Google, Microsoft, Amazon and Alibaba, it has foreseen their entry to the table on the condition of not having decision-making power and of respecting a series of rules.
Data Governance Act
Meanwhile, in November, Europe presented the Data Governance Act, its proposed regulation to regulate and encourage the circulation and reuse of data between the public administration and private companies, as well as between companies themselves, for new business opportunities. If the ultimate goal is to ensure maximum circulation of data while ensuring maximum control, it remains to be understood where this data will be available, what infrastructures they will use and whether the protection of personal data, as well as trade secrets, will be sufficiently guaranteed given the multiple interests at stake.
.