At the end of 2019, the Spanish government passed a law (Royal Decree-Law 14/2019) to adopt urgent measures for reasons of public security in regard to digital administration, hiring in the public sector and telecommunications.
The regulation has been the object of certain political controversy in Spain, in part because one of its principal objectives is to respond to possible advances by Catalan separatism in creating a digital republic. Specifically, the Spanish government seeks to prevent any public Spanish entity from developing an electronic administration that is outside the control of the State by being hosted on servers outside of the European Union.
But beyond Spanish specificities, it is worthwhile to take a moment to analyse this regulation, as it puts debates on the table that the EU must face with resolute action. Additionally, it falls within a broad course of action: regulatory response to the growing importance of the digital reality for governance of any country. In this sense, the Spanish regulation examines a certain European model, midway through a change from deregulation to what has been called ‘balkanization’ of the internet, which appears to be what China and Russia want, by creating digital borders much like physical borders.
Adapting the legal framework to the digital sphere
As proposed in reasoning for the Law, the objective of this regulation is to adapt the legal framework to the digital sphere, putting general interest and, especially, public security at the forefront. It is about ensuring proper delivery of public services and, at the same time, that digital administration is used for legitimate ends without compromising rights or liberties.
These types of regulations are in contrast to an erroneous assumption that, for years, has dominated the debate about the internet and which today still carries a lot of weight in public opinion: the law as a space of complete liberty, where the States cannot and should not interfere. But the defence of liberty cited by those who do not want any type of regulation has become the law of the jungle.
These suppositions have ended up implying a danger for the democratic quality of European societies and for defence of the rights and liberties of their citizens.
Additionally, and without being alarmist, it should be taken into account that the rise in cyberterrorist threats increases mistrust towards unregulated digital spaces. Alteration of electoral processes by means of massive disinformation campaigns, data theft, hacking of devices and industrial systems, etc., are increasingly real threats, and the progressive digitalization of key infrastructures, such as energy, increases the ability for these cyberattacks to be harmful.
Defending digital sovereignty in the European Union
Thus, this Spanish regulation supposes an advance in legal security and in defence of digital sovereignty in the EU, specifically in one of its States. The jurisdictional borders of our democratic States are also digital, that is, they are also in the cloud.
Because the sovereignty of our times is also digital, or it won’t be at all.
