Data sovereignty

Definition and delimitation

The term “data sovereignty” is not only used in a variety of contexts, but often also in different meanings. A fixed, universally accepted definition does not exist. According to its literal sense, “data sovereignty” means control over data and its collection, storage and processing. Understood in this way, data sovereignty can be interpreted individually and then means the control of a person over the data concerning him or her or to which he or she is entitled.

However, there is also a very widespread supra-individual understanding of the concept of “data sovereignty”, which is then to be understood as synonymous with “digital sovereignty” ^[1] digital sovereignty”. A state possesses digital sovereignty if it is fundamentally free to decide on the use of digital technologies on its territory and is not dependent on the decisions of other states or foreign corporations. Since the concept of “digital sovereignty” includes individual data sovereignty, the second, broader meaning of “data sovereignty” will be used here.

Both terms fall under the even broader concept of “technology sovereignty”, which describes a state in which a state or a community of states (such as the EU) is able to fulfil the respective state tasks without unilateral technical dependencies on foreign states or foreign private companies.

The concepts of “data sovereignty” and “digital sovereignty” are not synonymous with “data protection”. Data protection refers to the protection of personal data against unjustified collection, storage, processing and disclosure; in contrast, “data sovereignty” and “digital sovereignty” refer to all data, i.e. including data without personal reference. The latter category includes, for example, technical data, but also originally personal data that has been anonymised. In addition, the concepts of “data sovereignty” and “digital sovereignty” also cover the technologies used to handle the data.

Finally, the question of data sovereignty must not be confused with the question of the possibility of “data ownership”, i.e. primarily an original allocation of data to a person. Even the term “data ownership” is legally problematic, because data cannot be owned due to its lack of material quality.

History

Terms such as data sovereignty or “digital sovereignty” have only played a greater role in the last 10 years or so. An important turning point was the revelations of the former CIA employee Edward Snowden, who in 2013 revealed the close cooperation of the US technology companies Amazon, Apple, Facebook, Google (Alphabet) and Microsoft with the US intelligence service. Until a few years ago, the tech companies’ hunger for data was hardly subject to any legal restrictions, so that today there are data collections on potentially every user of Google or Facebook services (which are generally offered free of charge), which, according to critics, can be used not only for advertising purposes, but also for monitoring and controlling behaviour. ^[2] This “surveillance capitalism” ^[3] leads to commercial and intelligence activities basically pursuing the same goal: to know more and more about as many people as possible.

As a reaction to this, the demand is being voiced to want to determine for oneself what is to be done with one’s (own) data. This kind of “data sovereignty” or “digital sovereignty” aims not least at securing state sovereignty and the state’s creative possibilities, which are being undermined by the quasi-monopolies of the US tech giants. Not only European bodies such as the EU Commission and the EU Parliament, but also the governments of the EU member states are now advocating for more data sovereignty. The enactment of the European General Data Protection Regulation (GDPR) in 2016 can be interpreted as an expression of the striving for data sovereignty, as can the reform of the IT Security Act in Germany in April 2021, with which, among other things, the goal was pursued of not handing over control of critical infrastructures to foreign, possibly hostile states.

Criticism and problems

The call for data sovereignty should not lead to overlooking the advantages that the global division of labour has brought for Germany and Europe, also and especially in digital technologies. Digital autarky is not a desirable goal. However, there is often a fine line between advantages and (economic and political) dependence; the Trump administration in particular has repeatedly demonstrated that the fact that large parts of the world are dependent on US digital technology can be exploited politically. But even without direct political support, the market power of US tech companies has ensured that US values and standards of behaviour have spread around the world. With only a little exaggeration, one can speak of digitally supported colonialism. It therefore makes sense for Europe to at least try to reduce unilateral dependencies and insist, for example, on the protection of personal data. On the US side, remarkably, more and more voices have recently been heard that are willing to go the European way.

The emphasis on data sovereignty or digital sovereignty should also not lead to the use of taxpayers’ money to keep companies, products or technologies alive that are no longer competitive on a global scale. Competition is also indispensable in the digital economy. Here, too, it should be noted that the US corporations themselves are obviously not very keen on promoting or even allowing real competition. Competing companies, especially those not based in the US, are therefore often marginalised or, if these measures are ineffective, bought out. It is therefore to be welcomed that the US and European antitrust authorities have begun to examine the business practices of the US tech giants more closely in recent years. ^[4]

The influence of Facebook, Google and Co. on the lives and thoughts of many people has now become so great that it is increasingly difficult to enforce demands for data sovereignty against them. Whether it will be possible to effectively limit US surveillance capitalism therefore remains to be seen.

Digital sovereignty is most likely to be achieved when a country’s own companies succeed in developing internationally attractive products and bringing them to market. It is the task of politics to counteract the formation of monopolies and allow competition through political influence and the creation of suitable legal framework conditions for the digitalised world. Both, business and politics, need the support of science in this. It is also their task to further sharpen concepts such as “data sovereignty”, “data ownership”, “protection of non-personal data”, “digital sovereignty” and “technological sovereignty” in an interdisciplinary exchange and to work out the conditions for their realisation.

Research

At bidt, various projects are dedicated to the topics of data processing, data protection and control over one’s own data. The right to have one’s data made available and transferred when switching from one digital provider to another, for example, is the topic of the project “Awareness, motivation and implementation of data portability – strengthening radical and disruptive innovations through improved data portability”. Specifically, it is about how the right to data portability, which has already come into force, can be implemented in practice.

The project “Vectors of Data Disclosure – A Comparative Investigation into the Use of One’s Own Personal Data from the Perspectives of Jurisprudence, Cultural Studies and Business Informatics” explores the question of the conditions under which individuals are willing to disclose their data.

---