Data sovereignty is currently one of the most discussed digital policy issues. The new German federal government also attaches great importance to data sovereignty in the coalition agreement and explicitly declares its intention to secure data sovereignty. There is no generally accepted, fixed definition for the term ‘data sovereignty’, but its goal is unambiguous – society, business and the state should be empowered to use digital systems independently and in a self-determined manner.
Freedom from external control of data is guaranteed only if individuals, companies and authorities are in full control of their own data at all times. Full user control of data demands two prerequisites: Firstly, users who can access your data must be under your exclusive control. On the other hand, they must be able to easily move their data to another system at any time if desired or necessary.
Protect trade secrets and intellectual property
Protection of intellectual property, sensitive data and trade secrets is vital for any organization. Failure to comply with data protection regulations such as GDPR might lead to the abuse of personal data belonging to employees, customers and citizens, and consequently result in disastrous losses in terms of finances and goodwill. In extreme cases, data breach might even endanger the very existence of organizations. In case of loss of state secrets, a full-blown public crisis is not at all impossible.
If it is difficult to take data out of one system and transfer it to another, companies and authorities often shy away from a system change, even when it is actually urgently needed. As a result, they become more and more dependent on the system provider, which sooner or later results in increased costs. This is clearly exhibited by the federal expenditure trend on Microsoft products. As an enquiry to the federal government revealed, this expenditure has almost quadrupled since 2015 and amounted to a whopping 179 million euros in 2020.
The right technology approaches
With the right technologies, companies and authorities can achieve unlimited data sovereignty. Your software systems should fulfil three central characteristics:
Software systems shouldn’t be running on public clouds:
Public cloud services usually represent a black box in which it is not possible to trace who is accessing the data. IT security often plays only a subordinate role for the large cloud players, as proven by the numerous data scandals that have occurred around large cloud platforms in the recent past. Moreover, the US Cloud Act poses further problems.
This law enables US authorities to access data stored by the providers of the American cloud platforms relatively easily. As a result, organizations cannot completely control access to their data. Therefore, most organizations prefer software systems that they can operate in a private cloud – either in their own data center or with a trusted IT service provider of their choice to enjoy full control over data access.
Software systems should support open standards:
If a software system is easily accessible to all market participants and allows all types of data to be freely shared with others without modification, it is interoperable and can easily work with systems from other manufacturers that follow the same approach. This gives companies and authorities the freedom to exchange software for an alternative solution at any time, because they can transfer their data without any obstacles.
Software systems should be based on open source:
Open source software is a guarantee for data sovereignty and thus for digital sovereignty. It offers maximum transparency, control and openness, enabling organizations to handle their data in a self-determined manner. You can see for yourself in the code that the software does not contain any backdoors through which data can be passed unnoticed to third parties.
In contrast to closed-source solutions, the auditability of the source text means that companies and authorities can also find and fix vulnerabilities themselves before they are exploited by malicious players. In contrast to proprietary software, open software is also mostly platform-independent. The freedom of choice for hardware and service providers is therefore significantly greater.
Build data sovereign workspaces
Private cloud, open standards, open source: This triad, among other factors, enables organizations to design a digital workplace for their employees to carry out regular operations with data sovereignty.
There have long been open-source alternatives for every conceivable application, be it OpenXChange and Kopano as groupware, Rocket Chat and Matrix as chat systems, Big Blue Button and Jitsi for video chats, Only Office and Collabora for office applications, Kanboard for project management or OwnCloud for file management.
Organizations can implement all of these solutions as a private cloud. They also offer modern, open interfaces, enable any integration and allow individual applications to be used at any time if necessary.
In this way, companies and authorities can create a digitally sovereign workplace without compromising on performance or functionality. Contrary to popular belief, an open-source ecosystem can match or even surpass proprietary platforms on these counts.
For self-hosted solutions that are integrated with each other, organizations understandably need a competent IT team, either in-house or with a service provider. If a dedicated IT team is beyond the scope of an organization, the SaaS solutions from trusted European hosts come to the fore.
In summary, it is perfectly feasible for organizations to set up a simple, efficient and at the same time data-sovereign work environment without their own data center.
Beacon of hope for the European economy
Companies and authorities not only benefit from the use of open-source software, but also support the independence efforts of the pan-European economic area. In terms of digital economy, Germany and Europe are currently far behind the USA and China. The strengthening of open-source ecosystems offers the European economy a great opportunity to create real alternatives to the US and Chinese hyperscalers, to break free from their dependence and to benefit from digital value creation.
Open-source software is also the beacon of hope at the economic level. The new German government sees it the same way and therefore expressly relies on open source in the coalition agreement for digital sovereignty.
Based on this article by Tobias Gerlinger, CEO, ownCloud published in Funkschau.