Digitalisation has long been the backbone of our network-based information society, something that the year of crisis triggered by the pandemic has only served to throw into sharp relief. The various lockdowns and the imposition of social distancing rules mean that more and more new models for working from home are required that are reliant on more powerful IT – just like the continued digitalisation of the healthcare sector, including electronic contact tracing to curb infection numbers. And the advances made in the biochemical labs, mapping the virus’s genome and developing a safe and reliable vaccine, would not have been possible without the hefty computing power and networks of the pharmaceutical industry.
From this global crisis, we can draw some important conclusions as regards the long-term refocusing of our digitalisation-reliant society. Europe has seized this opportunity, even if many of the change processes initiated have not been picked up on across the board in the constant media hubbub surrounding Covid-19.
New system of regulations for the European internet
Shortly before Christmas, the EU Commission unveiled its two ground-breaking draft laws for regulating the internet of the future: the Digital Services Act and the Digital Markets Act. These rulebooks are the long-overdue answer to the dominance of overseas internet platforms, and a way of preserving digital sovereignty and fair market conditions for social media, online marketplaces and, particularly, intermediary digital platforms in Europe.
Nevertheless, there is a significant amount of explosive material hidden in the regulatory agenda that has now been introduced, especially with regard to removing illegal services and content and incorporating safeguards against content that platforms delete incorrectly. Who, in the future, is to rule on what is illegal? Or, put another way, how is publicly inciting hatred and violence being balanced against guaranteeing freedom of speech? The Portuguese presidency of the Council has a rocky path ahead of itself with the implementation of the Digital Services Act. However, it would seem crystal clear that, in the future, platforms will have to introduce tougher transparency measures for online advertising and the algorithms used in content recommendation systems. The Digital Services Act classifies all providers that reach over ten per cent of the EU’s total population as “systemic”. Going forward, these companies are to be monitored by a board made up of national Digital Service Coordinators, who will also be able to punish them for violations.
The Digital Markets Act, meanwhile, tackles the negative consequences of certain behaviours on the part of platform operators. How important these two draft laws are for Europe is highlighted by a landmark decision by Facebook that has now become public knowledge. In contrast with the customary protestations by the internet giant that it takes European data protection seriously, when Brexit was completed Facebook brought its UK customers – who had previously been administered under Irish contract law – under the terms and conditions applicable at its Californian headquarters, in order to evade European privacy requirements.
GAIA-X to bring infrastructural sovereignty
For over a year now, Europe has also been working on a secure and reliable European data ecosystem in order to reduce the EU’s dependencies on the global internet structure with its dispersed routing nodes, and on data held outside Europe. The brainchild of Germany and France, the GAIA-X cloud initiative is now being tackled by over 300 companies from various European countries and further afield, including Fabasoft.
The goal is to take existing centralised and decentralised data infrastructures in Europe and develop them into a homogeneous and transparent software platform that offers data protection in accordance with European values and maximum security. Several GAIA-X hubs have already started work. The technical specifications for this sovereign digital infrastructure are now being devised in these distributed centres of the European data cloud.
Breakthrough on the EU Cloud Code of Conduct
The EU Cloud Code of Conduct (CoC) for Cloud Service Providers (CSPs), which was initiated by the European Commission and has been formulated in minute detail over several years, is still today the only comprehensive set of rules for processing customer data in the cloud in compliance with the provisions of the EU General Data Protection Regulation (GDPR).
The code defines maximum data protection standards in line with the European value concept that apply to both technical and organisational implementation. Within a short period of time, it has developed into a widely accepted bona fide “brand” in the European cloud industry. Voluntarily recognising and applying the terms of the code allows European CSPs to provide transparent proof that their services comply with rigorous data protection and security standards. The EU Cloud CoC is currently being examined by the European Data Protection Board (EDPB) and will shortly be approved as a comprehensive set of regulations for European cloud services. This genuine milestone reflects how unique the European cloud strategy is compared with other countries, a strategy that is to be transformed into real international market success in the future.
My next blog post, “Europe as a digital hub needs genuine entrepreneurship”, will explain why Europe also needs a more developed understanding of entrepreneurship alongside this pioneering legislative groundwork in order to ensure fair and uniform market conditions, especially in the platform industry.
Here’s to getting back on the path towards normality in 2021! If anything good is to come of the coronavirus, then let it be real digitalisation.