During the Middle Ages, lords imposed chastity belts on their beloved companions—not so much to protect their virtues, long lost, but rather to prevent anyone from getting lost behind their backs! Sovereignty, in theory, is somewhat similar: data is secured to prevent undesirables, especially cloud giants and US authorities, from accessing it. But in theory only, because does sovereignty still hold any meaning today ?

Given the practices of the cloud giants and their associates, and the complacency of many decision-makers, sovereignty has become an empty shell. Doubt it ? What do you think about this :

-What about the ‘cloud-centric’ doctrine of the State? An ‘all-in on the cloud’ associated with a ‘whatever it takes’ approach that exposes our administrative data to GAFAM under the complacent guise of SecNumCloud, supposedly protecting our cloud boundaries?

-What about an HDS (Health Data Hosting) certification granted to Microsoft’s cloud, hosting patients’ health data with an American giant? Note that the certification was revoked after raising concerns in the healthcare field.

-What about the European sovereign cloud offering opened by AWS (Amazon Web Services), initially in Germany but aimed at all European clients, which draws smiles from many observers?

-What about Clarence, announced by the joint venture uniting the telecom operator Proximus and LuxConnect, presented as ‘the first truly sovereign cloud’ in the presence of a scarcely complacent Prime Minister, Xavier Bettel, because this cloud relies on Google Cloud technology?

-What about the ‘trusted cloud’ in France, like Bleu that combines Microsoft’s Azure cloud with the Orange-CapGemini duo, or S3NS that combines Google Cloud with Thales, or more recently, Oracle announcing its trusted cloud in its data centers… hosted by American colocation giants ?

Far from us to criticize the technology and offerings of the cloud giants, who have long demonstrated their expertise that will be hard to match given their considerable resources. No, we aim to denounce the use of the term ‘sovereignty,’ served to us not without flair but with a certain cynicism.

Yet, outside the macrocosm of large enterprises and organizations, and the complacency of certain politicians and economists, sovereignty does make sense—common sense, one might say. Ask a mayor, a deputy, a senator, a president of a metropolitan area, department, or region, a manager of public housing, a university hospital, or a small and medium-sized enterprise (SME) owner where the data of their organization and fellow citizens go… For all of them, sovereignty still holds meaning.

Sovereignty is not a registered trademark. Everyone can use it in the context that suits them, and some don’t hesitate to do so. But admit that when Amazon or Oracle announces its sovereign Cloud, or when Google or Microsoft provides the infrastructure for a ‘trusted’ cloud, the submission of GAFAM and by extension their partners to the extraterritorial Cloud Act is worrying.

Our personal, critical, and confidential data are secured (belted) within a cloud… of which the cloud giants hold the key! Under these circumstances, what guarantees can be provided for the data of companies and citizens stored in a ‘sovereign’ or ‘trusted’ cloud? The question is posed…