When Germany took over the EU Council presidency last year, the German government announced a lofty goal: greater digital sovereignty. By creating a European digital ecosystem, the European single market was to be freed from dependence on the large US tech corporations. According to the figures currently making the rounds, however, this announcement seems like mere lip service. A question from a parliamentary inquiry to the German government revealed that federal spending on Microsoft products has almost quadrupled since 2015. The federal ministries transferred a whopping 178.5 million Euros to Microsoft in 2020.
US Cloud Act impedes Digital Sovereignty
This is despite the fact that the data protection problems associated with the use of US software have been known for a long time – and that the European Court of Justice determined in July 2020 that the US Cloud Act is not compatible with European data protection law. Europe’s highest court ruled that the EU-US Privacy Shield could no longer be used to justify the transfer of personal data to the US. The US Cloud Act, it was argued, allows US intelligence agencies virtually unrestricted access to data of EU citizens – even if the servers of the US providers are located in Europe. However, all of this evidently won’t stop the German federal government from lightheartedly purchasing Microsoft products.
Particularly problematic is the widespread use of the Microsoft cloud for storing and exchanging files in public administration. Since Microsoft cannot rule out the possibility of data being transferred to the USA, this simply violates applicable European data protection law. In addition, a so-called lock-in effect is quickly created. Since it is extremely time-consuming and costly to get large amounts of data out of the cloud again, the authorities are more and more trapped in it. They make themselves increasingly dependent on one of the major US players, which is impressively demonstrated by the sharp rise in federal government spending on Microsoft products. This is both incomprehensible and unnecessary, since fully-featured, digitally sovereign private cloud solutions are readily available. While the private sector more and more uses hybrid cloud infrastructures to avoid dependencies, public administrations seem to largely ignore this problem.
Open source offers secure solutions
If the German government is really serious about digital sovereignty, it must set a good example and also rely on sovereign alternatives itself. Otherwise, it will undermine its own goals and its Gaia-X project to create a trustworthy European data infrastructure. And there is certainly no lack of European alternatives. European solutions, particularly those coming out of the open source ecosystem, do not fall behind in terms of functionality and usability. We hope that they will be taken into consideration for future procurements, despite the huge lobbying and ad budgets of the US tech companies – actions speak louder than words.