Professor Théodore Christakis Examines the Opportunities and Risks of a European Digital Sovereignty

Last month, the European Commission proposed a comprehensive set of new rules for all digital services, including social media, online market places, and other online platforms that operate in the European Union. The Digital Services Act and the Digital Markets Act were developed in order to “better protect consumers and their fundamental rights online” and “lead to fairer and more open digital markets for everyone” (“Europe fit for the Digital Age: Commission proposes new rules for digital platforms,” European Commission press release, December 15, 2020).

“Under the proposals, known as the Digital Markets Act and Digital Services Act, large online platforms like Google, Amazon and Facebook will face new limits on how they can expand their online empires or face levies of up to 10 percent of their global revenue — potentially billions of euros — for unfairly hamstringing smaller rivals.”
- “Europe Rewrites Rulebook for Digital Age” – Politico, December 15, 2020

“French President Emmanuel Macron said that Europe must preserve its ‘digital sovereignty,’ outlining a number of steps aimed at reducing its dependence on U.S. technology giants.”
- “France’s Macron Lays Out a Vision for European ‘Digital Sovereignty’” – CNBC, December 8, 2020

Professor Théodore Christakis' recent article examines the EU’s proposed new digital legislation and the overarching desire for “digital sovereignty”. Professor Christakis is Professor of International and European Law at the Université Grenoble Alpes; his work delves into issues concerning international security law, international protection of human rights, cyber security law and data protection, and artificial intelligence.

“'European Digital Sovereignty': Successfully Navigating Between the 'Brussels Effect' and Europe’s Quest for Strategic Autonomy” provides an extensive examination of the major debates and developments related to digital issues in Europe. Below is the Executive Summary from this article.

“The Times They Are A-Changin”. When Jean-Claude Juncker, then President of the European Commission, proclaimed in 2018 that “The Hour of European Sovereignty” had come, half of Europe criticized him, recalls Paul Timmers. Today hardly a day goes by in Europe, without a politician talking about “digital sovereignty”.

From a purely normative point of view, the concept makes little sense. It can only further accentuate the classic confusion surrounding the use of the term “sovereignty”, which is one of the most equivocal terms in legal theory and which has been criticized by a famous scholar for often being nothing more than “a catchword, a substitute for thinking and precision”. Still, from a political point of view, “European digital sovereignty” is an extremely powerful concept, broad and ambiguous enough to encompass very different things and to become a “projection surface for a wide variety of political demands”.

This study analyses in a detailed way the two understandings of the term: sovereignty as regulatory power; and, sovereignty as strategic autonomy and the ability to act in the digital sphere without being restricted to an undesired extent by external dependencies. While doing so, this study presents a panorama of the most recent legislative proposals (such as the Data Governance Act) and the most important debates on digital issues currently taking place at the European level: 5G deployment and cybersecurity concerns; international data transfers and foreign governments’ access to data after SchremsII; cloud computing; the digital services tax; competition law; content moderation; artificial intelligence regulation; and so many others.

The first part of this study challenges the sometimes expressed idea that Europe is a somehow “powerless” entity, unable to regulate the digital sphere and big tech companies. Applying Anu Bradford’s concept of “The Brussels Effect”, this study shows that the EU is the most powerful global actor in the field of digital regulation. Far from being normatively irrelevant, Europe has become, through the “Brussels effect”, a “global regulatory hegemon unmatched by its geopolitical rivals”.

This does not of course mean that Europe can or needs to regulate everything. There are several limits to what Europe can and wishes to regulate. These are due to internal and external factors. Internally, regulatory action could be blocked by political disagreements among EU Member States; legal obstacles (starting with the national security exemption); or economic considerations - for instance the fear that overregulating AI could hinder innovation and affect competitiveness. Externally, situations of interdependence could render international cooperation necessary in order to avoid retaliation, to find constructive solutions and to resolve conflicts of laws and jurisdiction. This study presents some of the top priorities in the field of international cooperation and builds upon proposals to create “strategic partnerships” with like-minded stakeholders in order to defend certain democratic values and human rights in cyberspace.

The second part of this study focuses on digital sovereignty as strategic autonomy. The EU quest for strategic autonomy in the digital sphere is based on a series of legitimate concerns, including geopolitical considerations and a series of dependencies, the significance of which has been exacerbated by recent important developments such as the US-China “tech war” or the Covid-19 crisis. These concerns have led to initiatives which open opportunities for Europe. However, they also entail potential pitfalls. The EU and Member States should carefully study the risks and successfully navigate around them or, at least, take decisions in an informed way, after sufficiently weighing the potential negative impact of a specific measure.

Europe should first of all undertake to draw the fine line between restrictions based on legitimate reasons (such as compelling cybersecurity or privacy/data protection considerations) and unjustified protectionist measures. Before engaging in anything resembling the latter, Europe should examine the risks posed by such measures.

Another area where much more study is necessary are the current calls for “data localisation” and the idea that “European data must be stored and processed in Europe”. Greater understanding of the stakes is necessary: what exactly does “data localisation” mean at a technical level? What are the exact reasons behind the calls to implement such policies in Europe? What are the potential adverse effects and the costs for European companies? What would be the consequences in terms of cybersecurity? And what could be the potential impact on human rights? Data localisation measures, initially promoted by countries like Russia, are now adopted by other countries. NGOs have indicated that this is “alarming” for the future of the free, open and global internet. What would be the message sent to other countries if Europe embraces data localisation?

European calls in favor of data localisation are often motivated by genuine and legitimate concerns, related to data protection, privacy considerations and the fear of foreign snooping into European personal and industrial data. Nevertheless, it is well known that data protection considerations can sometimes be misused as a vehicle to further domestic business interests and protectionism. The question then is how to distinguish between data protection and data protectionism. This paper advances a series of thoughts and a methodology in order to assess if data localisation is, in specific circumstances, an adequate way to deal with data protection risks. It considers that the critical test should be whether restrictions to transnational data flows are proportionate to the risks presented, taking into account the nature of the data and a series of other considerations. As a conclusion, data localisation could not be a necessary, proportionate or adequate response to serve data protection in cases where the likelihood of foreign access to data is very limited and where other, more satisfactory and less disruptive, solutions exist.

In a more general way, this study raises the question of what model Europe wishes to promote. An increasing number of voices in Europe are calling for it to imitate certain Chinese policies. For years, Europe has been criticizing Chinese protectionism as well as the “Chinese model” of the internet, a model based on firewalls, surveillance and control. How could Europe avoid policy inconsistency and contradiction if it enters into a “The Chinese do it, we will do it” approach?

The study concludes that Europe has important and hard choices to make in order to achieve strategic autonomy. The “European digital sovereignty” debate is a useful way to inform policy-makers and citizens and to enable decision-making based not on emotions, but on careful risk-assessment and thorough analysis of the issues involved.

Read the full article, available on SSRN: “'European Digital Sovereignty': Successfully Navigating Between the 'Brussels Effect' and Europe’s Quest for Strategic Autonomy” (December 7, 2020).