05 Jun Eperi: Data Sovereignty means Competitive Advantage | Cybersecurity series Part 1
In this series, thanks to our experts, we will report and evaluate the latest developments in Cybersecurity from a European point of view. Access the introduction (ECA), part two (ECA) and part three (Systancia).
Data Sovereignty means Competitive Advantage
Done right, implementing the new Data Strategy by the European Commission can lead to a competitive advantage for European companies: Data Protection is one of the most important topics these days – many companies are ready to spend a little more money on a solution that ensures the protection of their customers’ data. They now see this as a clear confidence advantage when selling their services and products to consumers.
The EU Commission should, however, keep the following points in mind when developing their Data Strategy further:
- This should not become a doomed investment in a technical race with the US technology giants.
- Clear definition of critical and sensitive data and their corresponding protection through anonymization and pseudonymization.
The strategy paper already rightly stresses that Europe must not become dependent on a few, mostly US-based, companies. In view of the public debate of recent months, it is not surprising that mind games about a European cloud, keyword Gaia-X, are once again playing a prominent role.
However, I believe that the idea of trying to catch up with the US technology giants in terms of infrastructure and services is unpromising from the outset. In this area, the US technology pioneers are simply too far ahead of us. A few billion euros of investment will not make up for this gap.
Fortunately, such a catch-up race is not even necessary: After all, the resources for secure and trustworthy use of the existing cloud services have long been available, which basically makes the investments described above superfluous. Here I am referring, for example, to the possibility of anonymizing and pseudonymizing data before it ends up in the cloud. As long as the data owners generate and manage the encryption process themselves, they retain control of the data at all times. Why? Because the cloud provider never (not even for a short period of time) gets access to the data in cleartext.
In principle, I welcome the data strategy of the EU Commission presented on the 19th of February 2020. It is commendable that work is being done at European level to promote the data economy and create reliable framework conditions for the use of new technologies. Even though not all the details are known at present, I have considerable reservations and fear that the final development of the forthcoming directives and legislation will have wrong priorities. As far as I am aware at present, I consider the above-stated facts and considerations to be underrepresented, which in my view must, in any case, be incorporated into the final decrees and legislation. If this does not happen, I do not only expect the EU initiative to be doomed to failure, but it would also mean malinvestment of many billions of euros.
Founder and CEO of eperi GmbH