When the new European Commission took office last fall, its leaders quickly identified the pursuit of digital, or technological, ‘sovereignty’ as a principal ambition. President Ursula von der Leyen asserted in her Political Guidelines for the next five years that “it is not too late to achieve technological sovereignty” in areas including algorithms, blockchain, and quantum computing. Commissioner for Internal Market and Services Thierry Breton similarly supported a Euro-centric technology agenda, insisting that “this is not a protectionist concept, it is simply about having European technological alternatives in vital areas where we are currently dependent.”
Fast-forward six months into the age of COVID-19, and these sovereigntist goals have taken on new resonance. A serious debate is beginning in Brussels on lessening European dependence on foreign suppliers, principally in China, for medical equipment, supplies, and pharmaceuticals. Rethinking global supply chains for health care goods could easily reinforce the nascent EU questioning of globalization in digital services.
At the same time, European governments have embraced global digital services as never before in their efforts to understand and overcome the virus. Normally stern data protection authorities across the Union have readily invoked emergency provisions in privacy laws in order to enable enhanced analysis of sensitive personal health data, but without abandoning core protections. Data scientists in Europe are scrambling to devise techniques for using location data to trace infected persons’ social contacts—a potentially crucial step in the continent’s gradual emergence from severe economic and social restrictions. Meanwhile, misinformation and disinformation about COVID-19 has flourished in the current anxious climate, with the European Commission once again insisting that internet platforms step up their policing efforts.
The popularity of video-conferencing technology has grown exponentially during this period as well—accompanied by the bittersweet realization in Europe that the leading service providers in this area are, once again, mostly American. One of the leaders, Zoom, has acknowledged serious privacy and security weaknesses in rolling out its technology for widespread use outside corporate settings—unfortunately reconfirming widespread beliefs in Europe that the United States remains a ‘Wild West’ when it comes to technology regulation. The German Foreign Ministry has gone so far as to discontinue use of Zoom for conducting virtual diplomacy.
All of these virus-related developments—growing skepticism about global sourcing, the deepening threat of disinformation, the centrality of digital services in a return towards normality, and the privacy and security questions that dog them—will have an impact on the EU’s longer-term quest for digital sovereignty.
One of the first digital sovereignty policy ideas to emerge from the von der Leyen Commission was to create a “single European data space,” an EU-designed single market for data to be drawn upon by companies for analytical purposes, as described in the February 2020 European Strategy for Data. Its goal, according to a speech given by Commissioner Breton “is that European data will be used for European companies in priority, for us to create value in Europe.”
What does a European ‘data space’ practically amount to, though? As the strategy explains, it would consist of a “federated cloud architecture” to connect cloud service providers across Europe. Participating providers would agree to use open technical standards, and common privacy and security standards, so that corporate customers could seamlessly move data within the network.
The French and German governments, and a number of those countries’ leading industrial companies, already have set off down the path towards a European cloud, through their GAIA-X project launched last fall. The Commission’s data strategy promises to “foster synergies” between its proposed cloud federation and the GAIA-X initiative, and to contribute 2 billion euros towards a goal of raising 4-6 billion euros overall for this work. The magnified importance of health care data analysis—and the political appeal of keeping such data in Europe—might well give the single data space idea a political push.
The Commission’s new and equally ambitious plans for promoting and regulating artificial intelligence (AI) could similarly benefit. AI is a collection of technologies, such as machine learning, that combine data, algorithms, and computing power to yield insights of value to business, government, and consumers. It is an indispensable ingredient in virus-related location tracking applications under development, for example.
In recent years, diverse AI regulations have begun to spring up in EU member states, leading the Commission in February to propose harmonizing them across the Union. Projected EU legislation would focus on specific sectors and applications, such as facial recognition technology, that are deemed particularly high risk. High-risk AI products would have to undergo testing for safety, fairness, and privacy before being released onto the European market.
As the EU redefines sovereignty, including its digital and technological dimensions, in the post-COVID-19 environment, the impact will be felt beyond its borders. Foreign companies doing business in Europe will be obliged to comply with new rules on AI and a single European data space. Will the Union’s push for expanded digital sovereignty exacerbate its already-tense regulatory differences with the United States? Will the United States manage to set aside its suspicion of EU regulation in order work together towards needed global digital norms, or will it instead miss an opportunity to combat expanded Chinese regulatory influence?
The Council’s forthcoming issue brief, The European Union and the Search for Digital Sovereignty: Building ‘Fortress Europe’ or Preparing for a Brave New World? will explore these questions in greater detail.
Kenneth Propp is a nonresident senior fellow in the Atlantic Council’s Future Europe Initiative.
Fri, Feb 21, 2020
Putting privacy limits on national security mass surveillance: The European Court of Justice intervenes
In a little-noticed set of opinions issued on January 15, the European Court of Justice (ECJ) put forward a bold and unprecedented proposition—mass surveillance conducted by European Union (EU) member state national security services should operate within the bounds of the Union’s privacy laws.
New Atlanticist by Kenneth Propp
Thu, Dec 19, 2019
This focus on digital policy is embedded in a new economic strategy that represents a return to thinking in traditional European terms about an industrial strategy, one that would ensure that European companies face a “level-playing field” on their own continent but that also makes room for innovative European start-ups.
Blog Post by Frances Burwell
Wed, Dec 11, 2019
European leaders are feeling besieged again. Having spent the past several years building up Europe’s physical defenses against migrants, they now see themselves faced with a less tangible sort of invasion—US technology companies dominating their markets and vacuuming up the personal data of their citizens. And so the cry has gone up from Berlin, Brussels, and Paris: “Digital sovereignty!”
New Atlanticist by Kenneth Propp