If anyone were in doubt of the impact that the misuse of data can have on businesses and nation states, they’d need to look no further than the recent investigations surrounding Team Jorge in Israel, the disinformation unit that allegedly worked to disrupt elections in countries worldwide.
Five years on, the Cambridge Analytica scandal is a reminder of how data is increasingly woven into the fabric of modern society and the dangers when it is weaponised.
While arguably it was Edward Snowden’s 2013 whistle-blowing of National Security Agency activities that triggered global discussions on data sovereignty, the Cambridge Analytica events accelerated it.
Just a year later, aware of the growing importance of cloud computing as the backbone of modern technology, governments in Germany and France came up with a cunning plan.
Today, that plan has evolved into what is called Gaia-X, an association of governments, technology firms, academics, public bodies and not-for-profits that is working to define a common way to solve Europe’s digital sovereignty conundrum. The need, according to Francesco Bonfiglio, CEO of Gaia-X, is being driven by the fact that big tech platforms are controlling everything.
“It’s time for a change,” he says, adding that this change has to be in the direction of “a distributed, decentralised, federated, transparent, interoperable cloud that is orthogonal to the model of the top hyperscalers”.
Interestingly, all the cloud hyperscalers rank among the association’s 373 members. Bonfiglio says that despite stories suggesting “this was to destroy the initiative or to condition our decisions,” these businesses (which are all US-based except for China’s Alibaba Cloud) need the European market and understand that currently, the region is “missing a common definition of trust for digital services”.
Gaia-X needs the hyperscalers
Figures from Synergy Research Group in September last year put the big three cloud providers firmly in the driving seat in Europe, with a 72% market share. It’s difficult not to feel a power struggle brewing, which is why Gaia-X needs critical mass. The member list is impressive but far from comprehensive.
While Bonfiglio talks about “a monopoly of a handful of private commercial operators,” the reality is that the hyperscalers are dominating for a reason. He’s clear, though, that this cannot be an ‘us or them’ scenario. Gaia-X is, he says, a sort of bridge, to help any cloud provider solve data trust issues within European sovereign boundaries.
“Gaia-X or not, Europe cannot do without the hyperscalers,” says Dario Maisto, senior analyst at Forrester. “These companies invest some $40bn in new services every year. Furthermore, the hyperscalers can build partnerships with local providers to ensure that their offering stays compliant with sovereignty requirements, which does help in overcoming some of the European organisations’ concerns.”
Maisto adds that some SaaS vendors deploy their solutions on the hyperscalers’ infrastructure and take a federated approach to data. This data, he says, is anonymised before leaving the sovereign environment to be processed by the external AI or machine learning solutions sitting in non-sovereign environments.
While this ticks a few data-sovereignty boxes, Bonfiglio’s point that Europe still needs a trusted, federated system, whereby data is shared regardless of the cloud provider, still stands tall. In many respects, he is advocating a future-proof framework for data that is cloud agnostic and acts as a gateway to European organisations and markets.
This is why the hyperscalers are involved. Chris Drake, senior research director at IDC, points out that data sovereignty is increasingly a key factor in the selection of cloud service providers.
“This partly reflects the growing importance of regulation, including GDPR, which emphasises the importance of personal data protection and provides specific rules about data storage and transfer,” says Drake.
Can Gaia help Europe win the fight for data sovereignty?
For Bonfiglio, the key to solving the sovereignty issue lies within the Gaia-X digital clearing house (GXDCH), described as “the one-stop place to be verified against the Gaia-X rules and obtain compliance in an automated way”. The GXDCH is built on a framework of “fundamental bricks to build the data economy”, says Bonfiglio. This consists of federation, data exchange and compliance. Where much of this concerns the practicalities of data management and exchange, it is underpinned by the need for trust. Everything is measured against a set of compliance rules, such as GDPR.
This month, we will get to see what this all means at the Market-X event in Vienna, Austria. Bonfiglio admits that 2023 is a big year for Gaia-X and Vienna represents the first showcase of what it is all about. There are already trials, or what Gaia-X calls Lighthouse projects underway. Everything from automotive to manufacturing, tourism, transportation, agriculture and smart cities is being explored, using Gaia-X’s principles and components.
Bonfiglio says they have already learnt some lessons here, a key one being that the federative approach is now proven to be “a necessary economical element to create resilient value chains, that can resist unplanned dramatic events, and compete in a market where no single operator can survive alone.” The idea is that no single business can operate without sharing data with the others in the chain.
What, then, would a world without Gaia-X look like? Bonfiglio has no hesitation in saying that countries would be “scared of sharing data due to a distrust of monopolist platforms or giving data to platforms without insurance of trust”. This, he says, would run the risk of losing value and competition, where the major technology players would act as de facto regulators.
While the current generation of cloud services is hypercentralised and hyperscalable, Bonfiglio believes Gaia-X is needed for these providers to stay relevant. The new generation of cloud and digital services must be distributed, federated and interoperable by definition, he says.
“This is the edge revolution, the data gravity concept is driving it, and Gaia-X is the only concrete initiative addressing a need not satisfied yet by any of the large cloud operators. We are doing something the market needs,” he says.
He may have a point. Last year, French vendor OVHcloud sued Microsoft for unfair commercial practices and objected that the personal data of French healthcare patients should not be stored on Azure but in the data centre of a native French cloud provider, to grant EU standard privacy rights. This one is still in the hands of the EU’s competition department. Meanwhile, the future of our data, businesses and societies may be in the hands of the data goddess Gaia-X.