July/August 2020

| 34 | July/August 2020 www.smartmachinesandfactories.com | INTERVIEWS & REPORTS | Reinhold Achatz, CTO of ThyssenKrupp and IDSA Board Chairman. “As a basis for an open ecosystem, it enables providers and consumers of data to connect in a secure, interoperable and sovereign way. Combined with highly available storage and efficient processing of data, GAIA?X has the potential to create a secure and trustworthy data infrastructure based on European values.” Already, over 300 companies and institutions are members, not only from EU countries, but organisations outside Europe, provided they conform to the standards. Intriguingly, the data centre resources of Amazon Web Services and Microsoft Azure are involved, with hardware and services conforming to the European GDPR regulations on data privacy and security. The 22 founding members from Germany and France range from manufacturing multinationals Bosch and Siemens, to telecoms companies such as Deutsche Telekom and Orange, to cloud companies Atos and OVHcloud, and carmaker BMW. The companies will inject an initial annual €1.5 million to set up the architecture of standards for Gaia-X. The general openness of Gaia-X is a good fit for the High Performance Computing (HPC) research community, as their resources are often public- funded. The architecture securely bundles resources whenever needed, for scientific workloads or cooperation between industrial and academic partners. It also allows for sector specific clouds, for example processing medical data. Edge clouds are also an integral part of the GAIA-X Infrastructure Ecosystem. These are clouds that are not co-located with other cloud providers in data centres, for example clouds in factories or privately-owned data centres used for the Internet of Things (IoT) and Industry 4.0. In October 2019, Germany officially unveiled its plans for Gaia-X, with France coming on board in February this year. Jointly, the two governments have published the first architecture paper on Gaia-X, which runs from large AI accelerators and supercomputers to edge computing for the Internet of Things (IoT) and Industry 4.0. Almost simultaneously, the European Commission released its data strategy for Europe, which foresees spending of up to €6 billion to create a European single market for data in which industrial giants will be encouraged to share data via sector-specific “data spaces.” British involvement There seems to be no British involvement, at least at this stage, but then given the politics involved here this is hardly surprising. As the UK aims to negotiate a trade deal with the US, joining in with an avowedly European project which aims to act as a counterweight to Silicon Valley would not be a good look. Plus, while aiming to extract the UK from the EU, the Government is unlikely to look upon it sympathetically anyway. Trade is increasingly facilitated by cross-border data flows, with businesses reliant on the ability to transfer personal data about their customers or workforce to offer goods and services, and to run even basic internal processes such as cloud- based email or file storage. According to a UK Parliamentary report, volumes of data entering and leaving the UK increased 28 times between 2005 and 2015, and three- quarters of these data transfers are with EU countries. Any restriction placed on data flows would act as a barrier to trade, putting UK businesses at a competitive disadvantage. Data adequacy During the transition period, the EU will continue to treat the UK as if it were a member state. This means that data will continue to flow between the UK and the EEA. When the transition period ends, the UK will no longer automatically benefit from this free flow of data. Data adequacy is granted by the European Commission to third countries providing a level of personal data protection comparable to that provided in European law. Thereafter, information can pass freely without further safeguards being required. The Commission will seek to make an adequacy assessment for the UK before the end of the transition period. Despite the UK’s application of GDPR and implementation of the Law Enforcement Directive under the 2018 Data Protection Act, there is no guarantee it will be awarded an adequacy decision. The Commission has recognised 11 countries or territories, including Argentina, Israel, New Zealand and most recently Japan, as providing fully adequate data protection. The USA and Canada have been deemed to provide partially adequate protection – EEA data can be transferred, under certain conditions, to some organisations in these countries. The fastest adequacy assessment so far, for Argentina, took 18 months. Other assessments have taken up to five years. The UK government said that it would allow UK data to flow freely to the continent in an attempt to minimise disruption (although it would keep this policy under review). The Commission made it clear that it would not reciprocate. It would treat the UK as it does any other third country until an adequacy decision has been reached. The UK has been accused of “deliberate violations and abuse” of the Schengen Information System, which has led several member states, notably the Netherlands, to question whether the UK should be awarded data adequacy after Brexit. The onward transfer of data from the UK to close security partners such as Australia, which does not have an adequacy agreement with the EU, is another contentious area. To learn more about GAIA-X and to download the documents that have been published so far, visit www.data-infrastructure.eu. *To find out more about GAIA- X, International Data Spaces is currently holding a series of live sessions. https://www.internationaldatasp aces.org/idsa-live-sessions/