November 7, 2019
Categorized: Digital Trade | Europe | IBM Policy Lab
Share this post:
Technological sovereignty should be based on presence, values and trust, not the geographic location of company headquarters.
After the irresponsible behaviour of a small number of tech companies, Europe’s trust in the digital economy has been shaken. The reaction—to step up and rein in a tech sector seen to be running amok—is understandable, because policy makers and the public rightfully expect that tech should be both innovative and trusted. Europe has an opportunity to be the global leader in trusted innovation, and IBM is already a partner in that journey. That is why we believe decisions about technological sovereignty should be based on a company’s European presence and values, not on the geographic location of its headquarters building.
We respect our customers in Europe and share many of the same values—especially the need to promote societal trust in technology through responsible innovation. We have pushed other tech companies to adopt similarly meaningful approaches to trust and transparency and believe in leading by example. That is why we’ve been working collaboratively with European policymakers through our representation on forums like the European Commission’s High Level Expert Group on Artificial Intelligence to establish common sense solutions to tech challenges. IBM was also a founding member of the Charter of Trust for Cybersecurity, a consortium of primarily European companies working to build trust and security in the digital economy. We have also advocated that governments deploy precision regulation in a way that tackles the right problems, without preventing the benefits that technology can bring.
Long before the current discussions of tech sovereignty began, IBM has had a clear position on access to data. In 2014, we published a letter to our clients documenting IBM’s commitment to complying with local laws, including data privacy laws, in all countries in which we operate. More to the point, we were clear that IBM has not provided client data to the US National Security Agency or any other government agency under any surveillance program involving the bulk collection of content or metadata. Other large tech companies, who have now adopted the language of trust and responsibility, cannot say the same.
The vast majority of IBM’s clients are companies and organizations, so we deal mainly with business data. Our business model is not dependent on monetizing our customers’ data; IBM clients’ data is their data, and their insights are their insights. Our client relationships are generally governed by contract, with clear roles and responsibilities understood by all parties.
Behind some of the recent calls for a “European Cloud” is a new U.S. law called the CLOUD Act, which gives the U.S. Government (USG) rights, under very limited conditions, to require technology companies to hand over electronic data stored outside the U.S. As stated in our 2014 letter, we believe that government requests for data should be directed at our clients and remain committed to challenging government requests for client data through judicial action or other means. We also believe that any USG effort to obtain data stored with IBM subsidiaries outside of the U.S. must go through internationally recognized legal channels, such as requests for assistance under international treaties. In addition, we offer state-of-the art encryption to the many clients who want the benefits of cross-border data flows but who may still be concerned about securing their data.
IBM’s record on trust, responsibility, and data stewardship means that we should be invited to participate in any European Cloud, not excluded from it. Our European data storage and processing capabilities are extensive – with 16 state-of-the-art Cloud Data Centers and 10 large Data Centers across the region. In fact, across Europe we deliver high-capacity, innovative cloud solutions that are accessible only to those in the EU. If clients want the option of a European cloud, we can do that. But we think cloud decisions should be made first by clients, not mandated by governments.
In addition, IBM is one of the founding signatories to the EU Cloud Code of Conduct, which has established high data-protection and information-security standards for cloud services. The transparency created by these industry-led best practices will contribute to an environment of trust and create a high default level of data protection in the European cloud computing market.
European customers would be ill served by a move toward digital protectionism. Simply put, where data flows, growth and innovation follow. Cross-border data flows already make a bigger contribution to global GDP than trade in manufactured goods does, and Europe should continue to harness the digital revolution to spur economic growth and create jobs of the future. The European Union has in the past been a leader in this area through the adoption of the Regulation on the Free Flow of non-personal data, which created a European Digital Single Market and banned unjustified data localisation measures across EU Member States.
When strengthening European technology capabilities, governments would be best served by working with partners—regardless of where they are headquartered—that have strong commitments to Europe; have invested in European talent and data center capacity to help Europe be successful; and have displayed their trustworthiness, data stewardship, and security in Europe for decades.
IBM is such a partner. We have been investing and innovating in Europe for more than 100 years. We have developed deep roots and created wide ecosystems across European business, research, and academia – investing in European initiatives in Quantum Computing and Artificial Intelligence. We will continue to support the EU as it becomes a leader in digital policy based on values, not geography.
-Martin Jetter, Senior Vice President & Chairman, IBM Europe
-Jean-Marc Leclerc, co-Director, IBM Policy Lab
About IBM Policy Lab