65% of French companies consider digital sovereignty to be a top priority (1). It may be hard to grasp, but the notion of digital independence is gaining ground as leading Internet players (GAFAM – Google, Apple, Facebook, Amazon, and Microsoft – in the United States and BATX – Baidu, Alibaba, Tencent and Xiaomi – in China) strengthen their influence. This is increasing user dependence on their solutions, in turn, intensifying competition between Big Tech players and governments. This trend towards a “monoculture” of digital tools raises strategic, economic, political, and ethical issues, particularly regarding the use of personal data provided by users. This is where the concept of digital sovereignty comes into play: it seeks to restore digital independence and data control to governments, companies, and private individuals. Oodrive explains all in this article.
What is digital sovereignty?
A sovereign state is an independent state, “recognised within its borders by the international community” and which exercises “a power of administration and jurisdiction” over its population (2). Nevertheless, in the digital universe, this notion is not as easily definable. While digital sovereignty generally refers to the fact that a State (government) or an organisation must establish its authority to exercise its powers in cyber-space, it also focuses on more tangible issues, such as technological dependence or control over user personal data.
In fact, the digital sovereignty movement, which was kick-started about ten years ago, aims to regain a share of the power exercised within a digital space. In the early days of digital, its promoters sought to develop a power that was free from governments. Published in 1996, A Declaration of the Independence of Cyberspace specifies that governments have no authority in this ecosystem (3). Governments’ sovereignty was rapidly challenged by the rise of digital globalisation, which ignores borders and laws and allows for influential web players to make their own rules, and even be categorised as “fully digitalised nations”. Several examples support this theory. A case in point is Denmark’s appointment, in 2017, of a dedicated GAFA ambassador (4). Another example is the term ‘colonisation’ (admittedly consensual) which is increasingly used to describe the attitude of these multinationals towards “real” countries.
The concept of ‘digital sovereignty’ was the result of this observation during the 2000s. In France, the expression first entered the public domain through Pierre Bellanger in 2008, then defined in a 2014 book entitled La Souveraineté numérique. Ever since, the term has been picked up on by political figures – such as the French Minister of the Interior, Michèle Alliot-Marie, who, in 2009, emphasised the need to “guarantee digital sovereignty” and to “extend the scope of the rule of law to the digital space” (5). In 2013, the Snowden affair (the revelation of mass eavesdropping by the NSA) highlighted the risks involved in the failure to govern digital spaces. Then, in 2015, the Facebook – Cambridge Analytica scandal spotlighted multinationals’ fraudulent use of user personal data. Such large corporations have shown indifference to the issue of confidentiality.
Digital independence is now a firmly established notion. It is reflected in concrete decisions, made at European level, which strive to develop sovereign cloud solutions and local search engines (including the French company, Qwant). These decisions also encourage European companies to seek independence from the major transnational web players, instead prioritising national solutions. This applies to companies’ use of sensitive data. And herein lies the cornerstone issue of digital sovereignty from an organisational standpoint.
Identifying the challenges of digital independence
Company efforts to establish effective digital independent result in two major challenges: one which is strategic and another which is ethical.
Contextualising the strategic challenge
While the pandemic has further increased companies’ dependence on transnational Cloud solutions, now more than ever, they must develop digital autonomy in an endeavour to control their data (their own and that of their customers). This is because these leading web players are subject to regulations that can work against the strategic interests of the organisations that use them. By way of example, the GAFAM must respect extraterritoriality rules, such as the Cloud Act. The latter authorises the US government to access data hosted by national companies, even if their servers are located outside the United States!
As a result, the confidentiality of such data is in no way guaranteed. Considering that 92% of the data produced in the West is hosted in the USA (6), these laws pose a threat to business interests.
Contextualising the ethical challenge
Digital sovereignty also applies to individuals, with a focus on preserving the right to privacy. This is particularly the case when the data entrusted to operators is sensitive, including bank details, health information, financial data, etc.
What’s more, the issue does not merely concern extraterritoriality rules. No sooner organisations collect the data, they have the option of selling it on to advertisers or politically motivated institutions. Take, for instance, the Cambridge Analytica scandal where voters’ personal data was used to influence voting intentions.
Given that users are increasingly concerned about how their personal data is processed (69% of French people are worried about their data use (7)), companies must make it their priority to protect such information.
Why should companies prioritise the sovereignty of their data?
Factoring in the various issues at stake, a key question emerges: why should companies focus all their efforts on digital sovereignty? There are several answers.
- First, to safeguard their data. This is especially true for companies processing sensitive data, in sectors such as defence, health, security, banking and insurance, industry, etc. However, all personal data is at risk if it is stolen, altered or misused. As pointed out in this article, there is absolutely no way of guaranteeing confidentiality when it is hosted by the giants of Big Tech. Conversely, data in Europe is protected by continental laws including the European Union’s General Data Protection Regulation (GPDR).
- Second, to provide assurances to users. French people are fully aware of the issues involved in the processing of their data: 49% of French people already question the country in which their personal data is stored. 44% of French people place their trust in a French or European player to manage their data (with only 2% entrusting their data with an American player!). Lastly, 66% of French people say they are ready to give up a digital service if they express doubt over their data use and storage (7). Inevitably, a guiding principle based on an ambition to establish effective digital independence is becoming a standout quality for companies.
- Third, to reduce dependency on foreign solutions, and the resulting changes (in terms of internal policy or with the aim of applying national legislation). In return, the decision to work with local players provides benefits such as proximity, attentiveness, responsiveness, and security.
(1) “Digital sovereignty,” Hewlett Packard, 2020.
(2) Definition from the Larousse dictionary for the French language.
(3) “A Declaration of the Independence of Cyberspace”, John Perry Barlow, 1996.
(4) “Denmark appoints ambassador to GAFA”, La Tribune, 2017.
(5) “Definition and challenges of digital sovereignty”, Vie Publique, 2020.
(6) “European Digital Sovereignty”, Oliver Wyman, 2020.
(7) “French people and digital sovereignty”, Ifop survey for OVHcloud, 2021.