Description
The purpose of this paper is to explore an area that has so far received little attention in the data sovereignty debate, namely the impact of the EU’s digital sovereignty agenda upon private rules and processes for data sharing in the context of the semiconductor supply chain. Many providers of semiconductor related facilities such as lithography have very complex supply chains that involve the transfer of sensitive commercial data, which may also be stored on cloud services. While much of the data sovereignty literature has focused upon the GDPR and the transfer of data that contains personal information about EU citizens, the consideration of commercial data has predominantly been considered in terms of intellectual property rights and trade secrecy. However, with the digital sovereignty agenda has come an EU concern over how data is transferred, processed, and stored in the context of concerns over the role of actors such as the US and China in cyberspace. This article will consider the changes brought about by the EU’s Data Act and cloud service regulation, in order to consider how systems such as the EU Cloud Certification Scheme are impacting upon the private sector actors operating within the context of the EU’s digital sovereignty agenda.
