In our increasingly digital world, most of the businesses we use every day run on cloud-based services. But all of this massive infrastructure is almost entirely in the hands of four U.S. companies.
Providing instant access to all our data, cloud-based services such as Google Drive, Apple iCloud, Yahoo! email, Dropbox and Microsoft OneDrive have made our lives easier, allowing us to store hundreds of thousands of megabytes of pictures online when our laptop wouldn't have enough storage space, or to cooperate with colleagues on the same shared documents even thousands of miles apart.
But what the cloud really is and how it works is something the majority of its users ignore and something even experts find hard to explain.
"I would say it's a virtual environment that takes the software that used to run your systems on local servers or desktops and places it in a third-party environment where it's hosted by experts," says Amanda Brock, CEO of OpenUK and previously a lawyer working in the tech sector for the past 30 years.
The name "the cloud" is already kind of ominous, conjuring the sinister image of a ubiquitous presence hanging over our heads, invisible to the eye, elusive. But the cloud has a very physical home – the network of all the servers where its data are stored. And this infrastructure is overwhelmingly located in the U.S..
The cloud is dominated by U.S. companies – first of all Amazon, which makes up 48 percent of the Infrastructure As a Service (IAAS) market. The market is dominated by four U.S. cloud giants - Amazon, IBM, Microsoft, Google - and China's Alibaba, which was launched in 2019 and now, with 3 million customers worldwide, has come to claim a bigger share in the cloud market than IBM.
The data we share on the cloud are incredibly valuable - the IAAS market value is estimated at $42.8bn.
"Data is the new oil," says Brock. "Not just for business, but also for governments and the public sector."
CLICK: WIND AND SOLAR POWER ARE ON COURSE TO OVERTAKE COAL AND GAS
What's the problem?
The immediate risk of saving data on a cloud computing service is that, if breached, hackers could get access to personal documents and sensitive material. But the U.S. dominance on cloud services brings a different risk to the table – the issue of data sovereignty.
Data sovereignty presumes that data collected and processed in one country are subject to that country's laws.
Many countries have tried to hold on to data sovereignty against the U.S. giants, for example Russia, China and Indonesia, which require that their citizens' data are stored on physical servers within the borders of their nations.
China is the second largest market in the world for cloud services. /Ng Han Guan/AP Photo
In 2018, the EU's General Data Protection Regulation (best known as GDPR), currently the toughest privacy and security law in the world, came into effect, making it compulsory for organizations anywhere to comply with the new regulation when collecting the data of European citizens.
The fines for breaking GDPR are extremely high and organizations can be fined up to 4 percent of their annual global turnover. But in 2018, the U.S. passed the Cloud Act, which allows American law enforcement authorities to request data stored by most major cloud providers, even outside the U.S..
This extra-territorial aspect of the law was seen as concerning by the EU, as it could potentially conflict with GDPR.
The concerns around how our data are managed aren't strictly financial. Handing over the data of millions of people raises issues of privacy and even national security, problems that are very high on the EU agenda at the moment.
"What [governments] have realized is the value of their citizens' data and the vulnerability of that when it's exposed to other governments," says Brock. "The Europeans are very concerned, and they're concerned that the U.S. no longer provides adequacy in terms of being an adequate place to send your data to and having adequate provisions in place to manage and protect that data."
She adds: "And that concern comes out of U.S. government surveillance powers. And a few years ago, those powers weren't the same and the concern was different."
What's the worst that can happen?
"It is tailored by the realms of your imagination," says Brock. "If you're very imaginative, much more than me, I'm sure you can come up with some horrific scenario.
"I believe the concern is that a citizen of one country could be targeted. And we've constantly been bombarded, over the past few years with information about fake news. We've had Cambridge Analytica. We've had press stories that, if we can believe them, demonstrate that our data can be used in a way that corrupts not just us, but the political and business systems.
"So I guess that can really undermine our society and it could actually have a huge impact."
IBM just launched a new hybrid cloud platform, which combines a public cloud and a private cloud. /Richard Drew/File/AP Photo
The need for the EU to foster digital sovereignty has been definitely made more urgent by the COVID-19 pandemic, which stressed Europe's dependence on foreign infrastructure for everyday communication and services.
Contact-tracing technology in particular has sparked controversy – with big data analysis being used for tracking COVID-19 infections, the topic of people's privacy resurfaced strongly, with many European citizens feeling concerned about being surveilled.
What do the experts say?
"I think we should all be concerned to the extent that we should all have control," says Brock. "And what we need from both the government and from companies is transparency, and that transparency is the only way we're going to have trust. So I think the way to achieve that is by allowing us to control our own data and to know who's doing what with it. Because without that, you can't have transparency."
For years, Europe hasn't seemed concerned about not having a role in the way data are managed online. Now it has decided to join the cloud game, with its very own cloud service, Gaia-X. The project is a collaboration between the European Commission, France and Germany, plus some other 100 companies and organizations.
"Gaia-X is part of the EU's move to digital sovereignty and bringing data home," explains Brock. "What we'll see is a competitive cloud that competes with Azure and WUs, but which is viewed as being secure by the Europeans because it's built by and hosted in Europe, implemented by European companies and with, I guess, sovereignty firmly in Europe.
"One interesting fact is that they have confirmed all of Gaia-X will be built on open source software. So we're just waiting to see how that actually becomes implemented."
Cover image: In this Oct. 31, 2018, file photo, Demonstrators holding images of Amazon CEO Jeff Bezos during a protest over the company's facial recognition system, "Rekognition," in 2018. Gender and racial bias were found in the system./Elaine Thompson, File/AP Photo