SENTENTIA. European Journal of Humanities and Social SciencesПравильная ссылка на статью:
“Digital geopolitics” in the regional context: certain challenges and prospects of the European Union on the path towards information sovereignty / «Цифровая геополитика» в региональном контексте: некоторые проблемы и перспективы ЕС на пути к информационному суверенитету
Дата направления статьи в редакцию:25-12-2021
Аннотация: Пандемия COVID-19 и коронакризис ясно продемонстрировали сильную зависимость современных компаний от подходов к управлению данными, стабильности информационных сетей и цифровизации и значительно укрепили убежденность европейцев в необходимости достижения стратегической автономии в разработке собственных цифровых решений. В настоящей статье ставится цель определить место Европейского Союза в международном информационном и коммуникационном пространстве в контексте глобальной политики управления данными. Методологической базой исследования является мультипарадигмальный метод, используемый для экстраполирования некоторых положений теории гегемонистской стабильности Р. Гилпина на современное технологическое соперничество между странами на международной арене в рамках регионального подхода. В статье рассматривается термин «информационный суверенитет» с точки зрения принципов международного права в постоянно меняющейся международной среде, дается анализ актуальных проблем, с которыми сталкивается Европейский Союз при попытках утвердить свой цифровой суверенитет, мер, принятых для их преодоления, а также того влияния, которое современная международная среда оказывает на европейскую политику в этой области. В исследовании проанализированы такие документы, как Новая промышленная стратегия ЕС, Европейская стратегия в области данных и решение Европейского суда относительно трансатлантического соглашения Privacy Shield. В качестве примера цифровой политики ЕС рассмотрен амбициозный проект GAIA-X, призванный создать открытую цифровую экосистему и выработать общие требования к европейской инфраструктуре данных. Статья приводит рекомендации по обеспечению эффективного управления в цифровой сфере и предлагает модель многостороннего участия, которая позволит достичь информационного суверенитета, основанного на европейских ценностях и идеалах.
Ключевые слова:глобальное управление, цифровая геополитика, информационная безопасность, Европейский союз, суверенитет данных, цифровой суверенитет, информационный суверенитет, цифровизация, цифровая трансформация, персональные данные
Abstract: The COVID-19 pandemic and coronacrisis have clearly exposed the strong dependence of modern companies on the approaches towards data management, stability of information networks and digitalization, as well as significantly strengthened the assertion of the Europeans in the need to achieve strategic autonomy with regards to development of the own digital solutions. The article aims to determine the place of the European Union in the international information and communication space in the context of global data management policy. Research methodology leans on the principles of the multi-paradigm method used for extrapolating some provisions of Robert Gilpin’s hegemonic stability theory on the modern technological competition among the countries on the international arena within the framework of regional approach. The article examines the term “information sovereignty” based on the principles of international law in a constantly changing international environment. The research addresses such documents as “New Industrial Strategy for Europe”, “European Data Strategy”, and the decision of the European Court of Justice concerning the Transatlantic Privacy Shield Agreement. As an example of the European digital policy, the author examines the ambitious GAIA-X project intended to create an open digital ecosystem and develop common requirements for the European data infrastructure. The article formulates the recommendations aimed at ensuring effective management in the digital sector, and offers the model of multilateral participation, which would allow reaching information sovereignty based on the European values and ideals.
Keywords:global governance, digital geopolitics, information security, European Union, data sovereignty, digital sovereignty, information sovereignty, digitalization, digital transformation, personal data
In recent years, the European information (or digital) sovereignty has been one of the most discussed topics within the geopolitical agenda of the European Commission, announced by its President Ursula von der Leyen [32, p. 2].
This article’s discussion, that was provoked by the Covid 19 Pandemic, deals with the concept of “digitalization”, which is seen as clearly exposed strong dependence of modern companies on data governance, the stability of information networks and, more generally, on the emergence of new models and practices of the social and political sphere in technologically developed countries [8, p. 30–31; 16].
Such an interpretation is complimentary to a more technical understanding of the phenomenon of digitalization, which implies the implementation of specialized platforms, resources, technologies, solutions and practices into various areas in order to replace traditional analogue means of communications by digital ones [40, p. 8].
The global coronacrisis has significantly strengthened the conviction of most Europeans in the need to achieve strategic autonomy in the development of their own digital solutions as soon as possible [8; 24]. Moreover, such an attitude that fully complies with the fundamental principles and values of the EU, as well as its growing interest in investing in the digital economy and the legal regulation of this area [6; 16; 25; 30]. This trend is also illustrated by the results of research by the Italian Institute of International Affairs (Istituto Affari Internazionali, IAI) carried out between 2019-2021 in the framework of the project, “Geopolitics of digital” (La geopolitica del digitale) headed by Associate Professor of the Côte d'Azur University Jean-Pierre Darnis [5; 15; 20; 32].
Nevertheless, despite the obvious importance of acquiring digital sovereignty for a united Europe, it seems that Brussels has not yet developed a common understanding of political and diplomatic compromises that the European Union may have to make in the short and long term to achieve this goal.
Defining information sovereignty
The term “digital sovereignty” also referred to in this article as information sovereignty (la souveraineté numérique), was first coined by the authoritative French researcher of digital technologies, Pierre Bellanger as a substitute for the obsolete (in his opinion), expression “technological sovereignty”. The former term had been introduced into scientific parlance in the early 1980s [35, p. 99] or even in 1967, when the Science Council of Canada presented the strategy of “technological sovereignty” as a means “to develop and control the technological capability to support national sovereignty” [14, p. 54].
The very definition of “information sovereignty” is problematic [5, p. 3-5; 14; 18; 35; 37, p. 253].
As one of the fundamental principles enshrined in the Charter of the United Nations, traditional state sovereignty is closely related to other principles of international law, such as the principle of non-intervention in the internal affairs of other states and the principle of peaceful settlement of international disputes.
The concept of digital sovereignty is usually understood today as the right of an individual state to independently determine the key areas, priorities, and goals of its policy in the digital sphere, as well as its ability to dispose of the relevant infrastructure and resources and ensure information security. However, this understanding does not yet have broad support of the international community [10, p. 77].
The first problem related to this working definition is formal and concerns the application of international law to the digital sphere. Currently, the issue is actively discussed within the framework of two groups under the auspices of the United Nations – UN Group of Governmental Experts and UN Open Ended Working Group. Using these platforms, interested countries try to develop a system of principles and norms that could effectively regulate their activity in cyberspace. Among the most controversial issues, there is the definition of a “cyberattack”, and the conditions under which such an attack may be qualified as the use of force, and, therefore, in which cases a state may exercise its right to self-defense responding to a cyberattack. However, the discussion is partly hindered by the relative inaction (lack of effort or initiative) of members of the international community in promoting the common agenda. In recent years, the debate on internet governance seems to have stalled due to the inability of states to agree on common goals and set a uniform vector of international cooperation in the digital area [15; 25].
Thus, the digital sovereignty of the EU is implemented within the constantly changing international environment.
Moreover, it should be noted that the quest for digital sovereignty and its achievement may be perceived in completely different ways by EU partners in different regions of the world. In particular, China could see the concept of digital sovereignty differently depending on the sovereign entity, making difference between China’s digital sovereignty (as sovereignty-for-itself) and the digital sovereignty of Europe (as an example of sovereignty-for-others).
Nevertheless, the general trend is that the Chinese priority in the field of digital security and internet governance is traditionally considered to be the desire to balkanise cyberspace so that each state could most effectively control information content and all digital infrastructure in its own territory . The Chinese “White Book”, issued in 2010 introduced the term “Internet sovereignty” and thus declared for the first time an exclusive right of a state to regulate its domestic network. [33, p. 385]
Both Western and Russian studies invariably note the Chinese content filtering system known as Golden Shield Project (the Great Firewall of China) as the most striking example of such a policy [32, p. 3; 37, p. 255]. Its very existence so annoyed US Secretary of State Hillary Clinton that she has repeatedly declared in her speeches Washington’s readiness to help dissidents from China, Iran, Syria and other countries, whose authorities filter content available to citizens, to bypass these restrictions [7, p. 126].
Challenges to Europe’s digital sovereignty
The challenges faced by the European project in creating a “distinctive IT space independent from any external influence” [29, p. 12] are of particular interest for researchers of information sovereignty in the European context. According to Carolina Polito and Jean-Pierre Darnis from the Institute of International Affairs (Rome, Italy), there are two factors that currently impede the successful implementation of European digital sovereignty [16; 32, p. 3-5]: firstly, the dependence on foreign digital technologies and services and, secondly, a relatively low level of European investment in the digital sphere (compared to other technologically developed countries ).
Dependence on foreign digital technologies and services.
In the absence of any full-fledged strategic autonomy of the EU in global value chains (GVC), an indicative example being 5G technology. The GVC has two particular features: firstly, it is characterised by strong interdependence and, secondly, its global production is highly geographically targeted.
As for the 5G technologies GVCs, European companies undoubtedly occupy the leading position (especially in the area of optical lithography, or photolithography, as the most universal technology used in the production of semiconductor integrated circuits) [32, p. 4]. However, there is growing concern by representatives of the European expert and analytical community that this market is increasingly dominated by foreign companies, which may eventually control large segments of this chain.
In particular, the European Parliament has expressed concern about the role of Chinese technology companies such as Huawei and ZTE in the European 5G market and more generally about Europe’s growing dependence on equipment and component suppliers from China and other countries. Obviously, these concerns of European parliamentarians are both the cybersecurity and the existing problem of reliable supply of the basic components necessary for the effective deployment of 5G networks in times of tensions and growing international competition. The main components – hard disks, semiconductors and batteries – necessary for the production of almost all innovative digital technologies are supplied to Europe mainly by Chinese companies .
Moreover, these concerns are not limited to the 5G market, however, being extrapolated to a higher level, they address the issue of Europe’s general dependence on imports of essential raw materials, which is also addressed in the new EU industrial strategy .
Another example of the EU’s IT dependence on foreign partners is the use of cloud technologies. Member Nations of the European Union are almost deprived of the ability to control data transmitted using cloud services, since they are usually under the jurisdiction of the United States that inevitably exposes EU citizens and residents, private enterprises and even European public authorities to the threat of a potential conflict of jurisdictions .
Lack of investment as a strategic threat to EU digital sovereignty
The second major set of challenges to the implementation of European sovereignty in the digital sphere is the insufficient investment attractiveness of European companies (compared to Chinese and US companies) for foreign investors and therefore their relatively low competitiveness in the global digital technology market. According to European policy analyst Andreas Aktoudianakis, the EU’s ability to compete in the global cloud storage market is largely limited. Today the leaders in this market are Amazon (45%), Microsoft (17.9%), Alibaba (9.1%), Google (5.3%) and Tencent (2.8%). According to experts’ estimates, 92% of data from the Western countries is currently stored in the United States, while only 4% of this data is hosted on servers located in Europe .
As for the 5G market, the successful implementation of this technology in Europe is impeded by delays in the infrastructure transition from 4G to 5G, which significantly increases the technological gap and prevents a complete transition to at least 4G technology.
Moreover, 5G spectrum auctions were especially expensive in Europe resulting in diminished returns on investments. At the same time the complex procedures for allocating the spectrum and the poor coordination of decision-making in the EU further undermined the plans of private investors.
Finally, another explanation for the lack of European digital investment is the field of artificial intelligence. In this area Europe is behind China and the United States in terms of venture capital (capital provided by investors to start-up companies and small businesses that are believed to have long-term growth potential). Artificial intelligence may be considered the basis of European economic development and the cornerstone of innovations for the entire European continent [20; 30]. More generally, this area may be of practical interest, including in the context of the development and implementation of hardware and software technologies .
European Strategy for Data and GAIA-X project
The European Commission implements a long-term European Strategy for Data  to address the above-mentioned challenges and a number of initiatives within its framework. The main objective of this strategy is to guarantee the free transfer of data across the EU Member Nations and ensure full compliance with all European standards and regulations concerning, in particular, data privacy and protection, as well as rules regarding data access and use. The Strategy says that the EU seeks to:
• establish clear and fair rules for data access and reuse;
• invest in tools and infrastructure for storing and processing data;
• join efforts in the development of cloud technologies in Europe;
• support the creation of a number of common European data spaces in strategic areas;
• provide users with the rights, tools and competencies to exercise full control over their personal data.
As for the plans of the European Commission to build capacity in the field of cloud technologies, the ambitious European GAIA-X initiative should be mentioned. It is a non-profit organization established by 22 members, including not only cloud service providers, but also ordinary users and representatives of the academic community.
Participation in GAIA-X is also possible for market participants outside Europe, including US and Chinese companies, who share goals of data sovereignty and data availability . Nowadays, more than 500 organizations around the world are contributing to the GAIA-X project. The project aims to create open digital ecosystem in order to develop common requirements for a European data infrastructure [5, p. 12-18].
Such a common digital ecosystem should provide a) a common ontology for data exchange, providing the users with unified mechanisms of data identification, use or request and b) interoperability of different cloud providers. For example, Philips plans to create a specialized information space in the field of healthcare, which would provide a platform for individual hospitals, private companies and other stakeholders in this area. As a result any user would get an opportunity to access the data without switching between different cloud service providers. Such information space thereby would ensure the maximum possible compatibility and expand the existing data transfer capacities between different cloud services thus ensuring the implementation of the main objective of the GAIA-X project .
Absence of global data governance system
The European Strategy for Data should be considered in the general international context. Today the key problem is the absence of a global data governance system. In order to be effective, the global data economy requires mutual trust between various participants of international engagement that is difficult to achieve in today’s environment.
In 2019, Japan as a chair of the G20 called on the member countries to create a set of international rules that would facilitate the free movement of data across national borders. This concept known as “Data Free Flow with Trust” was first mentioned by then Prime Minister of Japan Shinzo Abe in his speech at the annual meeting of the World Economic Forum in Davos, Switzerland, in January 2019. “I would like Osaka G20 to be long remembered as the summit that started world-wide data governance”, he said in his speech . However, the Japanese proposal for a “Data Free Flow with Trust” has failed to pass the test of a harsh international environment, in which this mutual trust is seriously undermined.
For example, EU Member Nations are skeptical about privacy and cybersecurity standards set by other countries. In this regard, there is a significant difference between the philosophical approaches to data governance policy in the United States and countries of mainland Europe. Accordingly, the EU and the US legal systems differ also in the field of personal data governance, since they are based on two radically different concepts of the right to privacy. So, after the adoption of the General Data Protection Regulation (GDPR) , the EU established a centralised system for protecting the personal data of its citizens, while the US legal system reflects the need to regulate data processing in specific sectors of the economy (for example, in the field of healthcare). In other words, in the United States, privacy is protected only in the context of commercial practice, whereby a data subject claiming any guarantees from the government is viewed as a consumer rather than a citizen. This approach is reflected in the fact that the Federal Trade Commission – an independent agency of the United States aimed at consumer protection – acts as the main body for the privacy protection in the United States. In Europe, the principle of privacy was originally defined within the framework of the 1950 European Convention for the Protection of Human Rights and Fundamental Freedoms and subsequently reaffirmed in the Charter of Fundamental Rights of the European Union of December 7, 2000.
These differences often lead to serious contradictions between traditional data governance regimes on the two sides of the Atlantic and raise many questions about the possible ways and means of interfacing the EU and the US legal systems.
The indicative example was the decision of the European Court of Justice, which declared in 2020 the transatlantic Privacy Shield agreement invalid considering this mechanism ineffective and insufficient to guarantee the right of EU citizens to the protection of their personal data .
Besides ordinary EU citizens and residents, this decision will inevitably affect at least 5,300 European companies that have used Privacy Shield as a management tool for exchanging data with American partners for several years. Moreover, the European Court of Justice not only declared the Privacy Shield invalid but also formulated the so-called “standard contractual clauses” (SCCs), which are a set of clauses establishing contractual obligations for data exporters and importers enacted by many European companies to facilitate the transfer of necessary data to their foreign partners.
After the Court’s decision, the parties will have to monitor the compliance of their data transmission systems with the new European standards. This situation appears to be extremely burdensome, first of all, for data exporters that will have to take the responsibility for filling the gaps of the US legal system so that the subsequent transatlantic data exchange fully complies with the requirements of the EU “standard contractual clauses”.
In this regard, the decision of the European Court of Justice has almost ideological significance, suggesting that the right to data protection requires objective protection, which does not end at the stage of negotiations between the parties concerned. The implications of this decision for the private sector will certainly be significant, as they will not only force companies, including European ones, to invest in studying the US legal system, but they may also be a major impediment to promotion of the competitiveness of European international companies operating in both markets.
At the same time, the global trend towards data localisation is another aspect that significantly limits the international data exchange globally and regionally. Such localisation may be directly prescribed by law or be the result of restrictive political measures, which significantly complicate the process of data transfer, or even make it impossible.
This kind of policy usually requires companies to store backup data and process it locally, obtain consent from individuals or governments in order to transfer the data. Currently, there are no specific EU regulations regarding data localisation policy, except for the cancellation of the above-mentioned Privacy Shield agreement that could be considered as a measure of implicit incorporation of the corresponding mandatory data localization requirement into the European legal system.
Nevertheless, a number of countries, including Russia, the United Arab Emirates, Vietnam, Saudi Arabia and India, already have data localization laws in force [32, p. 8]. For example, in April 2018, the Reserve Bank of India requested international payment companies to store all data related to transactions involving Indian citizens exclusively on servers located in Indian territory [31, p. 118].
All these facts raise concerns about the prospects of the feasibility of the concept of global data governance at the present stage. It reveals the preliminary nature if not the fundamental fallacy of this theoretical concept, at least in conditions when mutual tensions and mistrust seem to prevail over opportunities for international cooperation.
The inevitability of a multi-stakeholder model
The lack of a coherent system of global data governance may be a result of the modern global political system as a whole. According to the systems theory seen from the perspective of geopolitical analysis, the current historical moment may be defined as the stage of hegemonic transition. Consistent apologists of hegemonic theories of social and political development mention in their researches technological leadership and uninterrupted access to economic resources among the driving forces ensuring the emergence of another hegemonic power on the international arena (see i.e. the classic “War and Change in World Politics” (1981) by Robert Gilpin, whose interpretation of the hegemonic stability theory gained popularity within the framework of neorealism ; at the same time, within the paradigm of globalism, the idea of hegemony was developed on different ideological foundations [9; 12-13].
Over time, the once advanced technologies spread among other participants of the international system and cease to be a competitive advantage of the hegemon that results in the latter’s gradually decreasing influence.
Let us imagine a classical international system of n countries, in which the country i (not the hegemon) decides not to pursue a revisionist policy until the benefits from maintaining the status quo exceed the corresponding costs.
However, when country i begins to believe that the costs of maintaining the status quo significantly exceed the specific benefits of the current international situation, it will try to change the situation either a) by territorial expansion, or b) by increasing economic growth and intensifying military and technical development (or using both scenarios at the same time).
Based on this theoretical disposition, the trade war between the United States and China may be seen as an attempt by the hegemonic power (US) to contain China’s growth, or at least limit its geopolitical and geo-strategic influence [28; 36].
Given the size of the markets of the United States and China, today the two countries together form a kind of digital duopoly, which is occasionally shaken by sanctions or trade and economic wars, at the initiative of one or the other side. For example, the recent confrontation between the two economic giants started with the introduction by the Trump administration of a 25 per cent tariff on Chinese imports (including goods related to artificial intelligence) with a total value of $34 billion. China responded with reciprocal measures by introducing a 25 per cent tariff on 540 American goods [26, p. 105-117].
It seems that the model described above not only perfectly illustrates the current international situation from the point of view of the systems theory, but also quite accurately reflects the current realities of international political life in the form usually used by politicians and political observers who are far from theoretical scholasticism.
However, it should be noted that this model does not take into account the role of the private sector and, more broadly, the influence of various stakeholders on determining the global geopolitical balance, including in the digital sphere. American and Chinese companies such as Google, Apple, Facebook, Amazon and Microsoft, as well as Baidu, Huawei, Alibaba, Tencent and Xiaomi, respectively, are not only the leaders in the field of high technologies but also the final owners of control over the accumulated data. They are more often tempted to use their economic and IT technology power for political purposes (for example, to strengthen their negotiating positions in the international arena).
On the other hand, in the era of display communication  and total digitalization, the new paradigm of the international environment has made even ordinary users of digital services more strategically important. The development of a modern digital ecosystem is impossible without their trust in new digital developments and the implemented information systems, just as determining the geopolitical balance of the future is impossible without multilateral participation.
The private sector and users around the world, as opposed to sovereign states or their regional blocs, have generally more similar interests. Therefore the most optimal model of digital sector management is an inclusive model. The strong point of this model is that it is aimed, first of all, at giving a voice to as many stakeholders as possible, although some shortcomings of this model require certain adjustments.
In this regard, states will have to listen to the needs and requirements of a wide range of non-state actors in order to enjoy mutually beneficial cooperation at a new stage of international political development, without returning to an expanded version of the “war of all against all” scenario adjusted for digital realities. However, it seems equally essential that the expansion of actors of global and regional international politics does not result in subordination of the interests of sovereign states to the needs of the private sector.
Conclusions and recommendations
The article provides a theoretical analysis of the relevant challenges of the new digital reality. The latter includes advanced communication tools (including display ones ), Big Data resources and technologies, artificial intelligence and neural network algorithms for working with digital data, technologies for observation and recognition of visual images, as well as user profiling models based on their personal digital traces [40, p. 7]. Thus, the modern digital environment is not so much opposed to the traditional “offline” environment as implemented into it, giving rise to new synergistic effects and causing new risks.
Europe’s attempts to assert its digital sovereignty face obvious challenges, such as the EU’s dependence on foreign technology and services, as well as the lack of investment that was previously channelled to support European industrial policy.
The European Union is trying to overcome these problems with an ambitious strategy, the effectiveness of which can only be assessed in a few years. This strategy is highly dependent on the international environment, which features interest in the digital economy but has no global data governance system.
The international system in the post-COVID era is characterized by deep tensions between the main subjects of international engagement. Each of them seeks to exercise its own autonomy, including in the digital sphere. Much of this tension is caused by a profound and structural adjustment of the geopolitical balance at the global and regional levels that is also reflected in the growing competition between the United States and China .
It seems that effective governance in the digital sector requires an approach that involves the widest possible range of stakeholders interested in defining common rules for ensuring “Data Free Flow with Trust” on a global scale. However, it should not lead to the withdrawal of the government from its role in regulating the market. In the digital age, the state should be an organic and fundamental part of the digital ecosystem, because only the state can eventually protect the interests of its citizens.
Therefore, if the EU really wants to remain a reliable and relevant participant of international engagement, it should pay increased attention to maintaining the competitiveness of its companies. It should rely on a policy of protecting the right to privacy and user safety that would reflect a constant commitment to European values and ideals.
Finally, the last recommendation is addressed to the European politicians, who are seriously interested in achieving digital sovereignty for Europe. Sooner or later Brussels will have to use mechanisms of redistribution of wealth produced in the digital sphere. Such a policy will help the European Union avoid a dangerous concentration of wealth and power in the hands of the several largest technology companies and therefore retain the exclusive right to independently form its own information and political agenda, manage information flows and ensure its cybersecurity, regardless of any external influence.
Conflict of interest: The authors declare that they do not have any conflict of interest.
Acknowledgements: No funding involved. The authors of the paper are grateful to Vlastislav D. Danilov (St. Petersburg, Russia) and Jacob P. Pleskach (Watertown NY, USA), as well as to the anonymous reviewers for valuable advice and comments.