Subscribe To Print Edition About The Tribune Code Of Ethics Download App Advertise with us Classifieds
search-icon-img
search-icon-img
Advertisement

How data sovereignty is redefining digital governance

The rising cross-border exchange of private data, coupled with cloud computing, has made data sovereignty a critical concern.
  • fb
  • twitter
  • whatsapp
  • whatsapp
featured-img featured-img
SAFETY: Cyber laws across countries place priority on safe data handling and privacy. ISTOCK
Advertisement

IN the 2010s, Edward Snowden revealed that the USA’s National Security Agency was tapping into the servers of major internet firms using a surveillance programme called PRISM. After these revelations, countries across the world had grave concerns about who could access their national information and the possible consequences. It, thus, served as a spark for conversations about global data sovereignty. Furthermore, any material physically located in the US might be accessed by the government, regardless of its source, as per the US Patriot Act, which was enacted in 2001 after the 9/11 attacks.

The concept of data sovereignty, thus, gained traction, and more than 100 nations have enacted a variety of data control and storage regulations, representing data sovereignty to some extent. Although sovereignty refers to an absolute and overarching juridical-political authority over a portion of geographic space, its purview has now expanded to include “data”.

These days, massive amounts of data are used to shape policies related to businesses, healthcare, government planning, sports, elections and practically everything else. The “new oil”, “new gold” or “new currency” in today’s uncertain and complex environment is frequently thought to be data.

Advertisement

There is little doubt that the internet, social media and various online activities constitute the primary sources of data generation in today’s internet-driven society. The issue of internet regulation is its natural outcome. The questions of the first generation of internet law about who should regulate the internet, if anyone, have been decisively answered by governments — they all will.

The second generation question to be addressed is not whether, but how, to control the internet. The concept of “data sovereignty” holds that information is governed by the legal framework and political systems of the countries concerned. It serves as a stronghold against international corporations and foreign states. Data can be kept in the nation where it was created or, in a situation known as “data residency”, it can be kept in another nation while remaining unprocessed.

Advertisement

An example of a normal cloud service provider would be one located in nation alpha, with sales, marketing, accounting and operations, all located there. Their call centre for customer service, though, might be located in nation beta, which needs certain personal information of accounts to contact clients and provide support.

The rising cross-border exchange of private data, coupled with cloud computing, has made data sovereignty a critical concern. Data must be governed by the laws of the country in which it was generated as well as the country in which it resides.

Different countries have varying legislations on this issue. The General Data Protection Regulation (GDPR), which unifies data protection laws for all members of the European Union, was enacted by the EU Parliament in 2016 and included the EU’s own data sovereignty provisions. By placing a high priority on safe data handling, privacy and algorithmic transparency, it gave the citizens of the EU countries significant control over their data by imposing strong laws on companies for data-handling.

A part of the Foreign Intelligence Surveillance Act (FISA) of 1978 of the USA was renewed in April 2024 through the Reforming Intelligence and Securing America Act. For reasons of national security, the law permits US corporations to give the US government access to communication data of international customers without a warrant. This impacts cloud services and overseas users as their data might be accessible to the US government without their knowledge or consent.

As India is becoming a digitally empowered nation, data sovereignty has assumed relevance for the restructuring of data governance. It is crucial for protecting privacy, supporting national and economic security and fending off threats of global surveillance. Days after India banned 59 Chinese apps in 2020 due to worries about “sovereignty and security”, the then Union Minister of Information Technology and Telecom Ravi Shankar Prasad declared that India should not compromise on data sovereignty.

The Digital Personal Data Protection (DPDP) Act, 2023 — India’s first cross-sectoral law on personal data protection — was passed in August 2023. It covers non-citizens residing in India whose data processing occurs “in connection with any activity related to offering of goods or services” outside of India as well as Indian residents and enterprises gathering data about Indian residents. The Act “lays down a foundation, where grievance redress, access to justice and protection of personal data will become highly democratised, with equal access available to those in far-flung areas and big cities,” explained Ashwini Vaishnaw, Minister of Communications, Electronics and Information Technology.

Undoubtedly, the regulations will evolve over time, making room for the fast-advancing technologies. For instance, in January 2019, industrialist Mukesh Ambani urged Prime Minister Modi to stop the rising trend of “data colonisation” by multinational firms, asserting that “Indian data should be owned by Indians.” Earlier this month, Reliance Jio Infocomm Chairman Akash Ambani emphasised on the need for India to embrace AI, with focus on self-reliance and data sovereignty.

In light of the technological challenges of today’s world, the 2023 book edited by Anupam Chander and Haochen Sun, Data Sovereignty: From the Digital Silk Road to the Return of the State, discusses the theoretical aspects of the subject. It addresses the issue of territorial control over data flows and attempts by national and regional governments to impose restrictions on the movement of data across a global internet. It provides fresh viewpoints and provocative concepts regarding the nature and extent of data sovereignty by drawing on theories in political economy, international law, human rights and data protection, as well as by elucidating the national, regional and global legal frameworks. It also looks at the extent to which emerging technologies like AI, robotics, automation, e-commerce and sharing economy threaten data sovereignty. It offers potential solutions for these issues in relation to trade liberalisation, data localisation and human rights.

Many more significant issues are still pending. For example, can data sovereignty, AI and smart tech coexist? All stakeholders face significant challenges. Several interesting data treaties are likely to emerge. The concept of data sovereignty might also be redefined.

Advertisement
Advertisement
Advertisement
Advertisement
tlbr_img1 Home tlbr_img2 Opinion tlbr_img3 Classifieds tlbr_img4 Videos tlbr_img5 E-Paper