Digital sovereignty concerns everyone

Hiker on a mountain peak with a view of the mountains

If you're reading this blog post, then you are probably a mailbox.org customer who values their privacy and understands the need for data protection. Perhaps you came to us after a friend gave you a recommendation, or you may have found us through your own independent research instead. In any case, if you decided to have an account with us, then you have already made a first step towards digital sovereignty. Even if you are unfamiliar with the term, it is something that has been central to our philosophy for a long time.

What is digital sovereignty?

Digital sovereignty as a concept arrived in the political arena a few years ago: The idea is that digitally sovereign customers are independent, make their own decisions and can use and choose the digital applications and services that they want. Any application that supports this is considered to make the customer "digitally sovereign". This concerns private customers, companies, and public authorities alike. But digital sovereignty goes beyond applications. It is also about hardware, data, know-how and much more.

From Trump to Venezuela

More and more businesses, private individuals, politicians, and government agencies like the German Federal Ministry of the Interior started paying more attention to the dependencies and vulnerabilities of their IT systems in light of Donald Trump's presidency, China's growing economic dominance, and repeated Russian hacking attempts. Many users know that exclusive reliance on services by Microsoft, Apple, Google, Amazon, and other U.S. companies can be risky, should any of these happen to become unavailable.

At the end of 2019, people in Venezuela found out that Adobe, who have a quasi-monopoly on professional graphics software, intended to shut down its licensing servers in the South American country because the Trump administration had imposed a U.S. embargo - a disaster for any graphics design business. The only remedy for such risks would be to use open-source software, which is one element of a digital sovereignty strategy. However, independent software cannot always comprehensively replace other software. Windows users know this all too well: Should the operating system refuse to work after an update, having an emergency USB drive that can boot a Linux system such as Knoppix can easily restore access to data that would otherwise be difficult to get to.

Hardware, software, know-how, infrastructure, and strategies

Digitally sovereign are those who can work independently of external factors. External factors can be American corporations, but also a local company providing software support, if maintaining your operations depends on them in case of an emergency. External factors can also be IT consultants or hardware manufacturers if their ability to provide help speedily is crucial for you. Some degree of redundancy (i.e., keeping additional options available should the worst happen) and exit strategies that are considered at the time when infrastructure solutions are acquired will be indispensable, not to mention backup. Digital sovereignty is infinitely scalable, and every decision needs to be well thought through. While this is perhaps not so much a concern for most private users, it is vitally important for businesses and public authorities.

It is precisely these strategies that politicians and many in the European IT industry are currently putting their weight behind: Gaia-X is to become a European, open, and sovereign cloud alternative to Amazon AWS. Project Phoenix aims to give public authorities a free, open desktop solution to provide the functionality that Microsoft 365 offers them now, but without the restrictions and the data monitoring that is currently part of the package. Organisations such as the German Informatics Society issue publications that aim to further define digital sovereignty. Due to the chaos caused by the Trump administration, politicians have recognised that they need to act, and fast. It is one of the reasons why more and more public authorities, schools and businesses are turning to e-mail and office services like those offered by mailbox.org, that give them digital sovereignty.

The role of the GDPR

Not everyone would do this voluntarily, though. It was the European Union's General Data Protection Regulation (GDPR), and the painful contractual penalties it entails, that has brought the massive differences between US and EU law into our collective consciousness: While manufacturers in the United States are expected to cooperate extensively and proactively with the intelligence services (e.g., US Cloud Act), they will get penalized in Europe if any user data gets transmitted to an unsafe third country without consent.

International companies like Microsoft or Apple now face a dilemma, as complying with one side could mean breaking the law with the other, and a solution for this is currently not in sight. Another impact is that consumer confidence has taken a massive hit, with customers looking for alternatives in the German or European legal territory. If these solutions can facilitate data export through open standards, as they do at mailbox.org, then the relevant criteria for “digital sovereignty” are truly fulfilled.