Data Control and Sovereignty

netID: The New European Log-in Standard

Within the Group, United Internet uses a number of measures to ensure internet users retain data sovereignty, such as the netID log-in standard that provides them with greater control over their data and enhances user-friendliness. Users have to register for, and provide profile names and passwords to access, almost all internet offerings – from online shops through social media down to app stores. Trying to manage this flood of IDs and passwords is a major challenge for customers. Single sign-on services offer a solution that not only enables users to retain control over their data but is also more user-friendly: users can register with a large number of online services using a single, secure combination of their user name or e-mail address and password. In March 2018, United Internet, the RTL Deutschland media group, and ProSiebenSat.1 founded the “European netID Foundation (EnID)“ in order to provide a European alternative to US offerings in this area.

This independent foundation developed the netID open standard – a central log-in that is “made in Europe” and with which customers can currently log in to more than 100 partner offerings. The United Internet Group’s GMX and WEB.DE e-mail platforms are among the netID account providers. Users with existing GMX or WEB.DE accounts can use netID to log on to participating partner offerings by entering a combination of their e-mail-address and password. Equally, new users can set up a free netID account with a mix of their e-mail address and a password.

The European netID Foundation launched two new products on the market in fiscal year 2020 to allow user data to be employed for customized approaches where a consent management platform is in use. netID stores user consents in a stable, device-independent form, meaning that users are shown consent forms less frequently. Instead of third-party cookies, which are increasingly being blocked, netID uses a stable identifier to identify users that can be accessed by netID partners. This also makes netID interesting for marketers, since they can use netID to power data-driven business models in a way that is both future-proof and legally secure.

netID is subject to Europe’s strict data privacy requirements (GDPR). In addition, the foundation reviews all standards, partners, and account providers that are members of the initiative. It also sets high store by transparency and focuses on user data sovereignty. For example, users can independently consent to the use of their data, or revoke such consent, at any time using a “privacy center.” This improves data control in the internet.(1)

(1) The opinion published by the German Data Ethics Commission (DEK) in October 2019 also recommended promoting the use of standards – such as netID – to enable individuals to continuously track and manage the persons and entities to which data access has been granted and to which data has been transferred, so as to be able to assert their rights effectively.

Cooperation Aims to Improve Data Sovereignty for Hosting

At the beginning of 2020 IONOS, Europe’s largest cloud and hosting provider, and Nextcloud, the supplier of the world's most common open source collaboration platform, signed a strategic partnership. Its goal is to combine the two companies’ offerings to offer users the maximum possible data sovereignty. Nextcloud customers can use their data and applications on IONOS’s infrastructure, allowing them to customize them independently and to add supplementary functionality.

For many customers, data sovereignty is an absolute precondition for using cloud services. As German providers that are only subject to German law, IONOS and Nextcloud guarantee their users that they have sovereignty over their data – access by third parties such as is allowed by the U.S. CLOUD Act is not permitted. The two companies intend to extend their partnership in the coming years and to make the case for more data sovereignty, e.g., with companies and public authorities that have previously used U.S. providers to store their data. IONOS and Nextcloud also differ from these providers in that they rely on Open Source products. The systematic use of open standards ensures transparency.

In addition, to guarantee digital sovereignty in the public sector as well, IONOS worked together with Dataport, the public-sector IT service provider, and other partners in the Phoenix project in the 2020 reporting period to develop a web-based open source software system. This offers the following basic functions in addition to an e-mail mailbox: a calendar, contact management, text processing, chats, videoconferencing, simultaneous working, and document storage and exchange. This new IT-based working environment is suitable for use by public administrations as well as for schools, universities, cultural institutions, and all other public-sector entities. The software runs in secure data centers, ensuring that the government can keep control both of its own data and of that entrusted to it by its citizens and enterprises. This cloud-based program is also intended to be an alternative to the version being presented by US providers and, hence to prevent personal data being transmitted to US authorities.

The issue of digital education became even more important during the 2020 reporting period due to the COVID-19 pandemic. IONOS is part of the group of suppliers providing the Hasso Plattner Institute (HPI)’s training cloud, which complies with German data privacy standards and offers educational learning tools.

GAIA-X – the European Cloud Project

  • GRI 102-12

The idea behind GAIA-X is to build a hybrid cloud using European security and data privacy standards that meets the highest digital sovereignty standards. IONOS has been involved in GAIA-X AISBL(1) right from the start, is a member of its Technical Committee, and is actively helping to shape this European initiative. The idea is for the numerous successful local clouds in Europe to cooperate and standardize their operations to create a common “hypercloud” that will allow both large enterprises and SMEs on the European and German markets to exchange and process data in a trusted, secure, and transparent manner. Customers can choose between multiple hosting providers and – thanks to the planned standards – can switch at any time.

(1) “Association internationale sans but lucrative,” a non-profit association under Belgian law.

IONOS is helping with the rapid construction of a European cloud by contributing its many years of experience in developing and operating cloud infrastructures to the GAIA-X project. Our employees are providing their knowledge in working groups on a number of issues, e.g., defining standards and the reference architecture, and establishing certifications. We are also helping shape GAIA-X’s development as the moderator of the Product & Service Board and as a member of the GAIA-X Technical Committee.

The objective is for GAIA-X to offer a European alternative to the large US and Asian cloud providers known as hyperscalers. Numerous European and German cloud providers, associations, and enterprises are also working on the project in addition to IONOS.

See the Federal Ministry for Economic Affairs and Energy.