Skip links

Long Way to Europe’s Digital Sovereignty

Analysis. Digital sovereignty is something quiet a few Europeans are working hard towards. It means keeping all European data under the control of European regulation and thus in Europe. It will loosen mainly the US’s grip on Europe, but there’s a very long way to go. But some signs in the Nordics support the trend from especially France and Germany

The French were probably the first Europeans to worry about our dependence on big tech. They were quick to disdain ‘GAFA’ (Google, Amazon, Facebook, Apple). And they are trying out alternative solutions, e.g. the French police is using the Firefox-browser and the European search engine Qwant. Many schools use open-source based software – as in Germany – so their youngsters don’t get sucked into the surveillance industry that way.

France and Germany are pushing together for Europe to one day become digitally sovereign and thus independent of big tech. And there is some evidence of a nascent trend in that direction in the Nordic countries too.

In November, Esam, an association of 35 Swedish authorities, wrote in a report that public bodies should not use US ‘collaboration services’ because of the legal grey area created by the Schrems II ruling, which outlaws data transfers from the EU to companies with legal headquarters in the US. The report pointed to a number of secure alternatives such as Icewarp, Nextcloud, Element, Jitsi, BigBlueBotton, Wire and Stage.

In January, the Norwegian Data Protection Authority held a conference entitled ‘Is the public sector too dependent on techno-giants?’ Technology advisor to the Norwegian government Tore Tennøe advised the public sector to ‘pay with money, not data’ because he believes the public sector should not share citizens’ data with the tech industry.

Denmark is also on board. Although most politicians still launch their policies on Facebook – something not seen to the same extent in other countries – there was good news in February when the we,, published a study on the use of Google Analytics, GA, in the Danish public sector. It showed that only 4 out of 98 municipalities and 18% of government websites still use GA.

In January, the Austrian Data Protection Authority declared Google Analytics illegal because of Schrems-II. Both the Netherlands and France quickly followed suit. The decision, likely coordinated with the joint European Data Protection Board (EDPB), which helps ensure a uniform application of our privacy laws, is also a small step towards a digitally sovereign Europe.

In 2020, Commission President Ursula von der Leyen defined digital sovereignty as a Europe that can ‘make its own decisions based on its own values and respect for its own rules’.

Even Mette Frederiksen, the Danish prime minister of Facebook, argued last year in a letter with the leaders of Germany, Estonia and Finland that the EU should step up the pace to achieve digital sovereignty.

With a European Data Strategy, a Data Governance Act, a Digital Service Act, a Digital Markets Act and, more recently, a Chips Act, EU politicians are trying to pave the way for Europe’s digital sovereignty.

Also the draft of a Data Act, which proposes how to regulate non-personal data – or industrial data – and keep it in Europe, is a step towards digital sovereignty. The Financial Times states:

The act’s requirements for companies to protect data from foreign government surveillance could make life harder for US tech companies, even if they store and process all the data of their European customers in Europe. The requirements are partly a response to the US Cloud Act, which made it easier for the American authorities to reach across borders to demand data held by American companies abroad.

And while there is a long way to go from words to action, the above examples give hope that it can be done.

Part of this analysis was first published in Danish in Prosabladet

Translated with (free version)