This effort seems like a solution in search of a problem. Microsoft is not strictly an American company. It has subsidiaries in Europe, India, China, and other locales and these entities are just as much a legal entity of Europe or India as any company that is headquartered in Europe or India but has a subsidiary in America and can claim legal status in its respective locale. An even clearer way to think of this is as follows: the problem statement (and I'm not agreeing with it or even saying it is well constructed) is a legal one, and legal problems require legal solutions, not technical solutions. In a law-abiding society, law trumps technology every time.
If this were a financial entity with stock issued on some stock exchange I would gladly bet against it with real money. I'm not saying this out of malice; rather, purely out of economic prediction regarding the outcome.
------------------------------
Paul Rich
Executive Director
JPMorgan Chase & Co.
------------------------------
Original Message:
Sent: Jun 09, 2020 01:49:44 AM
From: Paul Simmonds
Subject: GAIA-X: A Federated Data Infrastructure for Europe
I'm going to put my "Cynical" hat on here [but not a Brexit hat] and say I can't see it working, why;
- The "big" three have already got the corporates sewn up, with prices, marketing etc. - all are non-EU
- Most corporates are global and need a global solution - it's not just EU regulations they need to conform to
- Legislation from the Swiss, Russian, Chinese etc. saying "you must keep our data locally"
- The government relations (big $$$) departments who will swing into action and ensure they are not cut out
- Look at the current state of the big three - you need ISO (tick), you need GDPR (tick) etc. etc. They ALREADY tick EVERY box, but that does not mean as the consumer of the service that YOU do.
Ultimately its not just certifications and tick boxes, it's how you architect YOUR data within the cloud service that you choose to use to ensure you can deliver business value.
If anything, you just need to beef up the requirements (and corporate liability / penalties) on the Privacy Impact Assessment part of GDPR, and ensure that they are signed off at board-level - so that the board actually asks, understands and is aware of the penalties for non-compliance.
IMHO, then the best way to fix this, is that a breach following an PIA that is deemed to be unsuitable means you are automatically liable for the max fine (4% of global revenue) under GDPR, with no top-limit.
</ cynicism>
------------------------------
Paul Simmonds
CSA UK Chapter
Original Message:
Sent: Jun 07, 2020 01:58:24 AM
From: Olivier Caleff
Subject: GAIA-X: A Federated Data Infrastructure for Europe
Hello
I'm opening a thread on GAIA-X - a Federated Data Infrastructure for Europe - which will surely be generating a lot of comments!
If you didn't hear about it, here are some excerpts ans links:
With GAIA-X, representatives from politics, business and science from France and Germany, together with other European partners, create a proposal for the next generation of a data infrastructure for Europe: a secure, federated system that meets the highest standards of digital sovereignty while promoting innovation. This project is the cradle of an open, transparent digital ecosystem, where data and services can be made available, collated and shared in an environment of trust.
[...]
In an initial step, 22 French and German companies will set up a non-profit foundation to run Gaia-X, which is not conceived as a direct rival to the "hyperscale" U.S. cloud providers but would instead referee a common set of European rules
[...]
One important concept underpinning Gaia-X is "reversibility", a principle that would allow users to easily switch providers. First services are due to be offered in 2021.
That is already far too late, according to analysts at Gartner, who forecast that the global market for public cloud services will grow by 17% to $228 billion this year. "The leading cloud providers have already moved quickly to build up this market," said Gartner analyst Rene Buest.
Some links:
------------------------------
Olivier Caleff - CSA French Chapter - Chapter Leader - [email protected] - https://CloudSecurityAlliance.fr
------------------------------