In April, we were developing the lessons we learned during this health crisis. We have to admit that there has been a very "frenchy" atmosphere for the past few months, let's just say it: very cock-a-doodle-doo 🐓. We are in favor of "made in France" and we tell ourselves that, in reality, it wouldn't be so bad to relocate strategic production to be less dependent on our neighbors.
Beyond agriculture or the pharmaceutical sector, where we now want to maintain production in France (or at least in the EU) for the sake of sovereignty, even if it is less competitive than foreign competition, where are we in terms of our digital sovereignty? Are we giving ourselves the means to sovereignly exploit "the oil of the 21st century": our data?
There is a long way to go
Our partner Cabsis recently detailed in its article "Comment la France va perdre la souveraineté de ses données de santé" (which I recommend french speakers read) how we have just delegated to our American friends the hosting of our SNDS (Système National des Données de Santé) health database. The issue here: no French provider was able to fully meet the specifications.
Absurd but true: we set rules to protect our information assets, but these rules actually favor the striking power of foreign vendors.
This is not surprising knowing that 75% of the 70 billion euros spent each year on digital technology in France goes into the pockets of non-European players. So game over in terms of sovereignty for our health data.
Does this mean that the game is totally over?
Like a warlord trying to unite the Gallic peoples in the face of the enemy threat, the PlayFrance collective launched an appeal three months ago (also to be read by french speakers) to mobilize French digital players and raise the awareness of public authorities on this subject.
Some good results already; the most striking being certainly the decision of the APHP (Parisian hospitals) to decline the services of Palantir during the health crisis. Seald is also proud to be among the 300 software providers for French digital sovereignty (see cartography).
The subject is not new: Bruno Le Maire was already talking about it in February 2019, long before the subject came back to the forefront by force of circumstance. "There is no political sovereignty without technological sovereignty" declared our Minister of Economy.
While this is indeed a major challenge, recognized as such by our managers, for the moment few major technology companies are flourishing in France, or even on a European scale, comparable to the American giants in the software sector or comparable to the Chinese giants in the hardware sector.
It's all a matter of prioritization
As we pointed out in our June 26th article "End-to-end encryption: how to use the Cloud while remaining sovereign", it is not necessary to completely cut ties with our trading partners. Let's take the example of the American GAFAMs: at Seald we defend the possibility of relying on the American Cloud while not allowing them to spy on us.
The idea is simple: when you rent an apartment, you wouldn't want your landlord to have the keys and visit your home unexpectedly, or even that he can monitor your every move via a video surveillance device.
Yet this is what many French organizations allow by delegating the management of the confidentiality of their data, without thinking twice, to American companies who promise you that on their products, "everything is encrypted". This is obviously not taking the Cloud Act into account and the heavy suspicions that weigh on the operations of American intelligence services, not for the fight against terrorism, but for economic espionage and destabilization purposes. Examples of this are the PRISM or XKeyscore programmes, where the NSA already had access to the data of all the digital giants as early as 2013. As they say across the Atlantic: "America first".
Some would like to no longer depend on foreign players at all, and have European equivalents of any American company. This is the Chinese policy: Baidu replaces Google, TikTok replaces SnapChat, Huawei replaces Cisco, and so on. To do the same thing in France or in the EU is unthinkable, it would mean preventing ourselves to export and going back 20 years in computer science.
Instead of this unrealistic ultra-protectionist policy, an in-between would be to prefer European companies on European public markets. This would allow our startups of today to become the unicorns of tomorrow (remember that France today has 15 times fewer unicorns than the United States and 6 times fewer than China) and to continue to exploit the power of foreign hosts by taking precautions such as encryption, as Seald proposes, to maintain sovereignty over data.
The trend seems to be confirmed: the Privacy Shield has just been invalidated by the Court of Justice of the European Union, which rightly ruled that it was not a "shield" to protect the data of European nationals. At the French level, Jean Castex announced in his first general policy statement to the French National Assembly on July 15 a 40 billion plan in support of France's industrial sovereignty.
Digital sovereignty: passing fad or underlying trend? Time will tell. But solid foundations are being laid.