Digital sovereignty also includes self-determination

June 9, 2023

By Holger Dyroff, Co-Founder and COO of ownCloud

In a position paper, Germany’s top data protection officials outline how they envision sovereign clouds. Their demands are welcome, but do not go far enough, regrets Holger Dyroff, Co-Founder and COO of ownCloud.

Recently, the Conference of Independent Federal and State Data Protection Authorities (DSK) published a position paper defining criteria for Sovereign Clouds. The paper is divided into the categories of traceability, data sovereignty, openness, predictability and regular auditability and lists the respective criteria, distinguishing between must and should criteria. Among other things, it lists as mandatory criteria that there is no access by third countries, that applicable law can be effectively enforced, that the providers are based in the European Economic Area and that the data processing also takes place there.

With this position paper, our top data protection officials declare the cloud platforms of the big US players practically unusable: they all do not meet the mandatory criteria. At the same time, the DSK probably gives the green light for the cloud offerings that SAP is planning with Microsoft and Telekom with Google. With the “Delos Cloud”, SAP wants to make Microsoft 365 available to the public administration in the future, among other things, and the “T-Systems Sovereign Cloud” is to provide authorities and companies with the services of the Google Cloud in the future. The management of the services and the operation of the clouds will be under the control of German subsidiaries of SAP and T-Systems. As a kind of trustee, they are to ensure that no data flows into the USA and thus eliminate the deficits of the current US clouds.

The DSK’s position paper is welcome. It makes an important contribution to the discussion on digital sovereignty, which the European Union and also the German government repeatedly state is a desirable goal. However, the paper does not go far enough. Its mandatory criteria undoubtedly guarantee more digital sovereignty than is given with today’s public clouds. However, this is only a medium level of sovereignty. It corresponds pretty much to the level that authorities and companies get with classic on-premises implementations in their own data centres.

For a high level of digital sovereignty, more is needed. It also includes the possibility of self-determination, and this requires transparency and independence. However, the guarantors of this, namely open source and open standards, are only listed in the DSK’s position paper as target criteria. This is regrettable, because open source enables organisations to check the software they use themselves or have it checked by external service providers and thus decide for themselves whether they can use it to comply with data protection regulations. And open standards allow organisations to exchange software for an alternative solution at any time because they can transfer their data to it without obstacles. This is what real sovereignty looks like.

Related Articles

Smart Cities market predicted to top $1,100 billion by 2028

Smart Cities market predicted to top $1,100 billion by 2028

The adoption of smart cities has witnessed a remarkable surge in recent years, driven by advancements in technology, growing urbanisation, and increasing recognition of the benefits of smart solutions.  This market is, according to the latest research from...

One year of Cell Broadcast in Baden-Württemberg

One year of Cell Broadcast in Baden-Württemberg

Minister Thomas Strobl: "The last 12 months have shown that cell broadcasting enables us to reach a large number of people quickly and easily in an emergency" "In the event of imminent danger or damage, it is crucial that we warn the population and give people...

Swiss employees worried: survey reveals fears of takeover by AI

Swiss employees worried: survey reveals fears of takeover by AI

Almost a fifth (19%) of Swiss employees fear that AI will have a negative impact on their job. Skilled workers in the information and communication technology sector (28%) are most worried about being replaced by AI. The sector that is least afraid of AI taking over...

Share This