DevOps.com

  • Latest
    • Articles
    • Features
    • Most Read
    • News
    • News Releases
  • Topics
    • AI
    • Continuous Delivery
    • Continuous Testing
    • Cloud
    • Culture
    • DevSecOps
    • Enterprise DevOps
    • Leadership Suite
    • DevOps Practice
    • ROELBOB
    • DevOps Toolbox
    • IT as Code
  • Videos/Podcasts
    • DevOps Chats
    • DevOps Unbound
  • Webinars
    • Upcoming
    • On-Demand Webinars
  • Library
  • Events
    • Upcoming Events
    • On-Demand Events
  • Sponsored Communities
    • AWS Community Hub
    • CloudBees
    • IT as Code
    • Rocket on DevOps.com
    • Traceable on DevOps.com
    • Quali on DevOps.com
  • Related Sites
    • Techstrong Group
    • Container Journal
    • Security Boulevard
    • Techstrong Research
    • DevOps Chat
    • DevOps Dozen
    • DevOps TV
    • Digital Anarchist
  • Media Kit
  • About
  • AI
  • Cloud
  • Continuous Delivery
  • Continuous Testing
  • DevSecOps
  • Leadership Suite
  • Practices
  • ROELBOB
  • Low-Code/No-Code
  • IT as Code
  • More
    • Application Performance Management/Monitoring
    • Culture
    • Enterprise DevOps

Home » Blogs » DevOps in the Cloud » The EU’s Plans to Build a Wall Around GDPR-Protected Data

EU data

The EU’s Plans to Build a Wall Around GDPR-Protected Data

By: B. Cameron Gain on June 19, 2020 Leave a Comment

An ambitious German- and French-lead European Union (EU) initiative could wrestle tighter management, and eventually, control of data from commercial cloud providers.

Recent Posts By B. Cameron Gain
  • Best of 2021 – Torvalds’ Bug Warning is a Lesson for Linux Users 
  • NS1 Touts a Common Delivery Platform for Devs and Ops
  • Rocky Linux Emerges as a CentOS Replacement
More from B. Cameron Gain
Related Posts
  • The EU’s Plans to Build a Wall Around GDPR-Protected Data
  • Despite DevOps, Firms Unprepared for GDPR
  • Saving on AWS Costs with Data Classification
    Related Categories
  • Blogs
  • DevOps in the Cloud
    Related Topics
  • AWS
  • azure
  • GDPR
  • InfoSecurity Europe
Show more
Show less

The project, dubbed as “Gaia-X,” is also intended to offer firewall-like protection for data sources from the EU. The initiative could have repercussions on how DevOps teams from outside of the EU manage data from European users, as well as from operations they might have that are physically based in EU member states.

DevOps Connect:DevSecOps @ RSAC 2022

Without specifically citing U.S. cloud giants such as Amazon Web Services (AWS), Google Cloud Platform (GCP) or Microsoft Azure, German and French government officials said the initiative will allow organizations’ cloud data to benefit from EU sovereignty and security. Bruno Le Maire, France’s minister of the economy and finance (Ministre de l’Économie et des Finances), said during a televised Franco-German conference last week, for example, that Gaia-X would offer significantly more data protection for data stored on cloud services from EU organizations and users.

Despite how General Data Protection Regulation (GDPR) mandates rules EU and international firms with user data from EU member state sources must follow—to avoid the risk of heavy fines and other penalties—the EU still lacks sovereignty in the application of GDPR, Le Maire said. Data stored on a U.S. cloud service provider’s server in the U.S. or overseas, for example, is still accessible by U.S. law enforcement officials in some cases under the Clarifying Lawful Overseas Use of Data (CLOUD) Act.

Without disclosing technical details about the kinds of cloud services Gaia-X might offer, the initiative will adhere to four principles: “openness, interoperability, transparency and trust,” Le Maire said.

“We are not China. We are not the United States—we are European countries with our own values,” Le Maire said. “We have our own economic interests that we want to defend.”

EU data 1

Over 20 organizations will form Gaia-X, including AtosBosch, Deutsche Telekom, SAP and Siemens. A prototype of the service should be available by end of year. While specific cloud services the organization will offer remains undisclosed, government officials announcing Gaia-X said it will offer artificial intelligence (AI)-aided meta analysis of data in such sectors as healthcare and smart city management. The use of AI services for data needs would also meet stringent privacy and ethical programming mandates, the officials said.

In a statement, the German Federal Ministry for Economic Affairs and Energy (Bundesministeriums für Wirtschaft und Energie) said:

“Predominant data silos, a lack of standards and the limited transparency of data infrastructure offers are today major obstacles to the application of artificial intelligence. To overcome these obstacles would be very costly and for this reason, the diverse know-how available in Europe is not pooled and used efficiently.”

Build That Wall

While created to ostensibly protect user data from the European member states and to enforce non-compliance with major penalties, accessibility by governmental authorities outside of the EU, for example, can remain outside of EU control. As mentioned above, for example, data storage that is ostensibly GDPR-compliant yet is on a physical AWS or another cloud provider’s server remains subject to access by U.S. law enforcement in certain circumstances.

GDPR compliance is thus often considered a starting point for EU data sovereignty. In many ways, the EU’s initiative, pending the final details about Gaia-X’s infrastructure and the services it will offer, will serve as a firewall built to protect EU.

Clive Longbottom, an analyst for Quocirca, agreed.

“By creating a total data platform that is GDPR compliant, uses have the choice: build directly on that platform and not have to jump through hoops to prove compliance,” Longbottom said. “Those who choose not to, or due to geographical position, cannot use the platform directly can export data into Gaia-X and only have to prove compliance for that part of the platform outside of the environment. So, yes, EU data can be completely airlocked into Gaia-X – or can just make life a lot easier for users.”

Instead of serving as an alternative to AWS, Gaia-X, based on the information the EU officials have communicated so far, is more of a data handling environment that may just have its own cloud components, Longbottom said.

The idea, based on the available information “is to present an environment where data can be handled firmly within the needs of GDPR,” Longbottom said. “Now, there are fundamental difficulties around this, such as with data caching in the network, but we won’t let inconvenient realities get in the way of political perceptions.”

The Gaia-X is thus “really meant to be a platform for data exchange that meets stringent requirements within the EU,” Longbottom said. “I would hazard that it will include those working outside of the EU that want to deal with countries, companies and entities within the EU, accepting data feeds from pretty much any cloud platform. It will probably be that once the data is accepted into the Gaia-X environment, it will then be deemed to be secure under GDPR—and that will not make it necessarily secure under GDPR end-to-end.”

EU data 2

Cloud Alternative

A main selling point of the project is that once data adheres to Gaia-X compliance, DevOps could, in theory, benefit from more seamless data transfers between parties within the environment, as well as transparency about how and where it is stored.

“Gaia-X is a good idea that will make life easier for EU members to share data across a trusted environment and allow externals to feed data into a known, highly standardized environment where they then do not have to prove GDPR compliance across Gaia-X itself,” Longbottom said.

However, whether or not Gaia-X might one day compete against AWS, GCP or Azure remains to be seen. “If the EU can get more cloud platform vendors to join in and show how their platforms are GDPR compliant from the ground up, more EU companies will want to use such platforms where GDPR compliance is a given,” Longbottom said. “Meanwhile, most will stick with the big public platforms and use Gaia-X as a downstream GDPR data handling environment.”

Filed Under: Blogs, DevOps in the Cloud Tagged With: AWS, azure, GDPR, InfoSecurity Europe

Sponsored Content
Featured eBook
Hybrid Cloud Security 101

Hybrid Cloud Security 101

No matter where you are in your hybrid cloud journey, security is a big concern. Hybrid cloud security vulnerabilities typically take the form of loss of resource oversight and control, including unsanctioned public cloud use, lack of visibility into resources, inadequate change control, poor configuration management, and ineffective access controls ... Read More
« DevOps Chats: Easing WFH with strongDM
Participate in the Checkmarx 2020 Survey »

TechStrong TV – Live

Click full-screen to enable volume control
Watch latest episodes and shows

Upcoming Webinars

Continuous Deployment
Monday, July 11, 2022 - 1:00 pm EDT
Using External Tables to Store and Query Data on MinIO With SQL Server 2022
Tuesday, July 12, 2022 - 11:00 am EDT
Goldilocks and the 3 Levels of Cardinality: Getting it Just Right
Tuesday, July 12, 2022 - 1:00 pm EDT

Latest from DevOps.com

Rust in Linux 5.20 | Deepfake Hiring Fraud | IBM WFH ‘New Normal’
June 30, 2022 | Richi Jennings
Moving From Lift-and-Shift to Cloud-Native
June 30, 2022 | Alexander Gallagher
The Two Types of Code Vulnerabilities
June 30, 2022 | Casey Bisson
Common RDS Misconfigurations DevSecOps Teams Should Know
June 29, 2022 | Gad Rosenthal
Quick! Define DevSecOps: Let’s Call it Development Security
June 29, 2022 | Don Macvittie

Get The Top Stories of the Week

  • View DevOps.com Privacy Policy
  • This field is for validation purposes and should be left unchanged.

Download Free eBook

The State of the CI/CD/ARA Market: Convergence
https://library.devops.com/the-state-of-the-ci/cd/ara-market

Most Read on DevOps.com

What Is User Acceptance Testing and Why Is it so Important?
June 27, 2022 | Ron Stefanski
Rust in Linux 5.20 | Deepfake Hiring Fraud | IBM WFH ‘New No...
June 30, 2022 | Richi Jennings
Chip-to-Cloud IoT: A Step Toward Web3
June 28, 2022 | Nahla Davies
DevOps Connect: DevSecOps — Building a Modern Cybersecurity ...
June 27, 2022 | Veronica Haggar
The Two Types of Code Vulnerabilities
June 30, 2022 | Casey Bisson

On-Demand Webinars

DevOps.com Webinar ReplaysDevOps.com Webinar Replays
  • Home
  • About DevOps.com
  • Meet our Authors
  • Write for DevOps.com
  • Media Kit
  • Sponsor Info
  • Copyright
  • TOS
  • Privacy Policy

Powered by Techstrong Group, Inc.

© 2022 ·Techstrong Group, Inc.All rights reserved.