Digital sovereignty in the European Union

14.7.2022

Priority question for written answer  P-002585/2022
to the Commission
Rule 138
Henna Virkkunen (PPE)

As outlined by the Commission in its data and digital strategies, the EU should ensure its digital sovereignty on the basis of clear goals and principles. In her State of the Union address, the President of the Commission put a special emphasis on a ‘European Cloud’. The current EU policy framework, however, does not fully address the lack of immunity to non-EU laws in cloud services, in the light of the judgment of the Court of Justice of the European Union of 16 July 2020 in Case C-311/18 Data Protection Commissioner v Facebook Ireland Limited and Maximillian Schrems (Schrems II judgment). This is a growing cause for concern among cloud service users and does not support the goal of digital sovereignty.

There are growing concerns among European organisations about the Schrems II judgment, the US Cloud Act and the changing regulatory framework. These organisations are seeking clarity on how to make the right choices relating to cloud services, while keeping control of certain sets of data in Europe for EU citizens.

• 1.How could the Commission clear up the different levels of sovereignty and respond to the growing concerns?
• 2.Does it intend to introduce sovereignty requirements for cloud services to give European organisations the opportunity to obtain sovereign cloud services under a commonly agreed definition? What would these requirements look like in the context of the different levels of sovereignty?