The European Data Strategy is aimed at making Europe a leader in a data-driven society. Europe aims to create a single market for data that will allow it to flow freely within the European Union (EU) and across sectors for the benefit of business, research and public administration. We expect that the European Data Strategy will have a major positive impact on the EU data landscape because – significantly – the strategy is built on a new approach to handling data. Under the new strategy, public and private-sector organisations will have not only legal but also functional control of their data. This concept is also referred to as ‘data sovereignty’. The topic is gaining momentum, and not least because of the European Data Strategy, which provides a valuable framework for existing and new data-sharing initiatives that have data sovereignty as a design principle.
The European Data Strategy gives extra impetus to various initiatives that are driving data sovereignty. Although many of them are in the early stages and conceptual, the first concrete use cases – and tangible results – are already emerging and the wheels of adoption are gradually starting to turn. Some of the most prominent data-sharing initiatives that drive data sovereignty include:
GAIA-X is a German/French project which aims to unite cloud and edge services from European providers in a federated data infrastructure: a club of clouds whose members have to comply with a set of common rules, standards and technologies when supplying their services in order to create a level playing field from a legal, operational, technical and functional perspective.
Data sovereignty is a particular challenge for organisations in the context of the shift to cloud services as part of their digital transformation. When it comes to data sovereignty and cloud providers, legal jurisdiction is an important aspect; data is subject to the laws of the country in which it is physically stored. Therefore, data subjects may receive different levels of privacy and security protection depending on where the data centres are located. Some nations even stipulate local storage and tightly regulate whether, how and for what reasons data may be moved out of the country.
GAIA-X’s goal is to create a new cloud ecosystem that will offer organisations alternatives to the currently dominant Chinese or US tech giants. Its members – which have included big-name companies and institutions such as Atos, SAP, Deutsche Telecom, Siemens and Fraunhofer from the start – may have to provide certain guarantees about data sovereignty, including data privacy, localisation and so on. The standards, rules and agreements that form the basis for GAIA-X have not yet been finalised. However, there is no doubt that the aim of GAIA-X – enabling the EU, its Member States, public and private-sector organisations and citizens to regain and maintain control over their data – will be leading in its further development. The initiators of the project plan to found their own European organisation in mid-2020.
International Data Spaces Association (IDSA)
As an international virtual network of industry and research, IDSA is actively involved in designing a trustworthy architecture for the data economy, with data sovereignty as a key design principle. It aims to facilitate the worldwide exchange of data between data providers and data users in business ecosystems in such a way that data providers stay in control of their data.
Ever since the foundation of IDSA in 2016, more than 100 companies and institutions from 20 countries and various industries, including several Fortune 500 companies, globally active medium-sized companies and software and system houses, have made progress in building the IDS architecture.
Dutch Data Sharing Coalition
The Dutch government has been quick to realise the importance of data sovereignty for the future of the transactional internet. In 2019, the Dutch cabinet presented its vision on data sharing between companies. This ultimately led to the formation of the Dutch Data Sharing Coalition, which is aimed at stimulating decentralised cross-sectoral data sharing while ensuring that data owners maintain full control of their data. Some 25+ organisations from different industries have already signed up for the coalition.
Dutch AI Coalition
The Dutch AI Coalition (AIC) is a public-private partnership which brings together organisations representing government, business, education and society. The AIC’s goal is to stimulate, support and where necessary facilitate Dutch activities related to artificial intelligence (AI). Data sovereignty is a key design principle.
Additionally, various sectors are working on their own industry-specific initiatives that revolve around data sovereignty. Examples include the data-sharing schemes MedMij (Healthcare), Join Data (Agri), iSHARE (Logistics), Smart Connected Supplier Network (Manufacturing) and SBR Nexus (Finance). All these initiatives were started by public private partnerships in the Netherlands, but have since been extended to a European level.
Many of these initiatives are gaining serious traction in the market, with the first signs of adoption visible. For instance, more than 30 healthcare providers already comply with the strict requirements of the MedMij scheme.
Meanwhile, in the logistics sector, the number of iSHARE participants continues to grow steadily. One such participant is Hutchison Ports ECT Rotterdam (ECT) – one of Europe’s leading container terminals – which has developed an app with a log-in system based on iSHARE identities that is used by numerous transport companies every day. As a result, ECT and its customers can share data more easily and securely than before.
And in the manufacturing industry, wholesaler MCB and Tata Steel have gone live with Smart Connected Supplier Network (SCSN) for a number of materials. This means that the ERP system automatically places Tata Steel’s orders for those materials directly in the wholesaler’s ordering system. In turn, MCB exchanges data with TataSteel via the SCSN network. Both parties are able to continue using their own ERP system and internet platform because the SCSN standard ensures interoperability between the systems.
Impact on the data landscape and cloud architectures in the EU
We expect that the topic of data sovereignty will become an ever-more important factor for organisations when defining their data strategy – alongside the existing considerations of flexibility, innovation, costs, connectivity and IT management.
Although the EU-funded initiatives aimed at advancing data sovereignty are largely conceptual, they will help to overcome the data sovereignty challenges that businesses are facing, for instance when working with cloud architectures needed to deploy new or upgrade existing process/manufacturing software. We are encouraged by the positive results that are already emerging and believe that many more initiatives will soon follow, providing the focus continues to be on adoption and commercialisation of the available technology.