Executive Voices 6 mins read

Digital sovereignty: Regain control over your own data

What is digital sovereignty is, how does it give you control over your own data, and what are the challenges?

Burkhard Hilchenbach Burkhard Hilchenbach

What happens when you lose control of your data?

You could download something from the web that is completely misinterpreted by data analysis, and you are earmarked as a troublemaker. This could affect your ability to rent an apartment or to place your child in a good school. Or worse.   

Practically no one has sufficient overview and control over:

  • Who gets to use your personal data
  • What data is stored, in detail
  • Where it is stored
  • How you can exercise your legal right to have things deleted (“the right to be forgotten”)
  • The results of analytics employed to deduct new information about you from that data (companies literally know you better than you know yourself in some regards)
  • How that data is commercialized (read: sold), let alone how you yourself could benefit from it.

Digital sovereignty gives you control

Digital sovereignty, in a nutshell, is your ability to personally control your digital footprint, including the means to share that data in a controlled manner and restrict its usage – according to your own governance.

If the term sovereignty sounds political to you, that’s because it is. Philosopher Jean-François Kervégan called it “the capacity of a state to decide on the fundamental direction of its acts independent from any external or internal power.” The definition of sovereignty goes back all the way to the 16th century!

You may be tired of new buzzwords and ask: “Why not just say that people should be in control of their data?”

This is mainly because “control” sounds a lot like a tooling problem, whereas “sovereignty” has a strong legal undertone. Sovereignty is nothing less than a dimension of fundamental human rights.

Challenges to data sovereignty

Technology has generated new challenges because it provides unprecedented capabilities to abuse personal data. Thus, free societies are called upon to define and enforce a legal framework for protecting our digital footprint.

The topic receives growing attention from the European Community and other governments. But politics is often a dreadfully slow process, much in contrast to the advances in IT. Digital sovereignty might be the most important IT-related topic where the law is lagging., Today, digital sovereignty of individuals is the exception, not the rule. So, all the recent governmental attention is more than welcome, especially when considering the ruthlessness with which both companies and dictators violate those rights.

A fundamental legal challenge is finding out which law is even applicable, depending on the nationality of the individual and the place where its data is stored and processed. The basic idea of the GDPR (the European General Data Protection Regulation) is that EU citizens’ data cannot leave the EU unless special safeguards ensure that the protection travels with the data[1].

But these “safeguards” are so complex that, in reality, this is a very convoluted problem. For starters, there are countries that are considered to provide an adequate level of data protection, which include Japan, but exclude the United States, among others.

Even if that legal question can be answered, data storage and processing belong to the critical infrastructure today, on an equal footing with water and electricity. It comes as no surprise that the European Union is uncomfortable about the dominance of American cloud providers, even if they operate data centers in Europe.

EU, GDPR and cloud

There is an ongoing debate whether Europe’s sovereignty calls for having European cloud providers. But interestingly, this is not the only option on the table. When it comes to simple data exchange, why is a central instance handling required to begin with? If several participants exchange data over a central provider, network architects speak about a “star” or “hub-and-spoke” topology. If they exchange information directly, it is called a “mesh” topology. Initiatives like Gaia-X and various data spaces enjoy a lot of momentum because they promote point-to-point data exchange without a central “hub.”

Internet veterans smile at this development because the Internet was perceived as, well, a net to begin with: Computer nodes freely exchanging data, with no “hub” in the middle. A generation of the Internet called Web 2.0, which is essentially what we have today, is a web in which near everybody is both a content consumer and a content provider, most prominently implemented by social media. However, the unpleasant side effect of Web 2.0 is that today, social media outlets, cloud providers, and a handful of other internet behemoths serve as huge hubs and have distorted the original “web” ideal. This problem is sometimes described with the drastic words “the Internet is broken.”

What many people do not recognize is that this is not a necessary evil. Social media and other technology that turn users to content providers can very well be built on decentral architectures. The situation today is rather a result of historic development, in which early movers created attractive, (pseudo-)free offers, and built their market dominance on it.

Data sovereignty for individuals

In today’s Web 2.0, the dismal reality is, if your personal data is already out there, it is too late. So, for now, the only option is to keep personal data away from the internet in the first place. There are plenty of guides for this, but it is far from quick or trivial.

The upcoming Internet generation called Web 3.0 promises to re-establish true decentralization, and to empower individual participants, including but not limited to providing digital sovereignty. Blockchain will be a key enabling technology. Another important element is the identity standard “Decentralized Identifier” DID.

Solutions like storj provide decentralized storage, Mastodon is a decentralized social media system.

On the downside, some solutions empower end users to a degree that they are a honeypot for criminal activities – a legal and moral tightrope walk. And then there are people like Mark Zuckerberg, who envisions the core characteristic of Web 3.0 to be providing a more immersive experience (think VR and virtual worlds). This would be built on, you guessed it, a platform provided by his company.

Will the attractiveness of those platforms once again overpower your desire and need for digital sovereignty? The decision is up to you.