As data sovereignty comes under scrutiny the more chimera-like it looks, but ventures like Google’s S3NS in France show potentialIn the early days of April, Chi Onwurah, the esteemed chair of the Science, Innovation and Technology Select Committee, voiced some sharp criticisms regarding the UK government’s approach to technology, or rather, the apparent absence of a coherent strategy. Her critique was primarily focused on the UK’s reliance on a handful of dominant tech giants, most notably Microsoft and AWS. Palantir also came under scrutiny due to its contracts with the NHS and the military. Onwurah also raised valid concerns about the UK’s dependence on foreign supply chains.
There was a great deal of substance in Onwurah’s commentary that resonated with many. However, one aspect that seemed out of sync was her interpretation of sovereignty. She suggested that sovereignty is a concept that can be moulded to fit one’s personal perspective, stating, “it means exactly what you want it to mean.” While this may be a convenient political soundbite, it dangerously oversimplifies the complex and critical issues of digital and data sovereignty.
While politicians may occasionally opt for vagueness, it is crucial to be unequivocal when discussing digital sovereignty. This concept necessitates that the only laws governing a piece of sovereign data should be those of its country of origin. In other words, the laws a country accepts to provide judicial primacy.
Despite this, Onwurah’s commentary served as a wake-up call on a subject that many readers may not have realised was a pressing issue. Sovereignty is not just a theoretical concept; it is a live digital battlefield for Big Tech and hyperscalers. It is poised to become the defining factor in the delivery of technology in the UK, Europe, and indeed, the world over the coming years.
The issue of digital sovereignty has largely emerged from the rise of public cloud services and high-profile court cases such as Schrems II. This case aimed to regulate the transfer of personal data to jurisdictions deemed less protective than our own. Before the advent of public hyperscale cloud, almost all domestic and government data processing was conducted within in-country data centres.
Non-sovereign IT or software providers occasionally required remote engineer access for support, but access to your data was primarily physically, logically, and digitally confined within the country. The adoption of cloud services, particularly those headquartered in the US, has eroded these sovereign boundaries.
Previously mandated sovereign processes and contracts have been replaced by as-a-service models. Supplier-defined terms of service have allowed data offshoring, leading to widespread calls for digital sovereignty across Europe.
While it is often suggested that sovereignty is primarily a hyperscaler issue, the reality is more complex. All non-sovereign service providers, primarily those based in the US, must adapt. Therefore, the term ‘hyperscaler’ is not a useful framework for these discussions. Other companies, such as IBM, Oracle, and HPE, also need to adapt. The various approaches to sovereign cloud and IT services can be categorised into three types that do not neatly fit into the hyperscaler-or-not classification.
In conclusion, the focus on hyperscalers when discussing sovereign cloud and IT services is too narrow. The issue of digital sovereignty is a broad and complex one that requires a comprehensive and nuanced approach. As we move forward, it is crucial that we develop a clear and unambiguous understanding of digital sovereignty and its implications for our increasingly interconnected world.
