What is digital sovereignty and why is Europe so interested in it?

The leaders of four of European countries are calling for the EU to adopt a joined-up strategy for how it shares and controls data.

"Now is the time for Europe to be digitally sovereign,” German Chancellor Angela Merkel, Danish Prime Minister Mette Frederiksen, Estonian Prime Minister Kaja Kallas, and Finnish Prime Minister Sanna Marin say in a joint letter. “We have to foster the Digital Single Market in all its dimensions where innovation can thrive and data flow freely. We need to effectively safeguard competition and market access in a data-driven world. Critical infrastructures and technologies need to become resilient and secure. It is time for the digitization of governments in order to build trust and foster digital innovation.”

But what is digital sovereignty?

Digital sovereignty refers to the ability to have control over your own digital destiny – the data, hardware and software that you rely on and create. It has become a concern for many policy-makers who feel there is too much control ceded to too few places, too little choice in the tech market, and too much power in the hands of a small number of large tech companies.

The quartet of heads of state have weighed in alongside a growing number of calls for a rules-based system that allows for greater ownership of vital technology assets at a local, national, and regional level.

In an attempt to highlight the challenge Europe faces over having control over its digital destiny, the letter has highlighted three key areas:

1. Identifying Europe's potential strengths and strategic weaknesses in the tech sphere.

2. Widening the use of open markets and supply chains to avoid an over-reliance on proprietary systems.

3. Creating an evaluation framework to ensure technology use remains in line with broad European ideals of delivering social, scientific and economic benefits.

One of the central concerns around digital sovereignty is a small number of large technology companies control massive amounts of data about their users. And with so many users and so much information, their policies and actions can have significant influence. An example of this is seen with Twitter, which has banned several high-profile users from its platform. This has led some people to criticize the company for curtailing free speech.

There are also calls for digital sovereignty policies to help answer questions like, when a technology company does business globally, where should it be taxed? And, at what point does a cross-border financial transaction fall under the jurisdiction of a particular tax authority?

Digital sovereignty and the individual

A mind-boggling volume of data is created and stored every year, and it’s growing all the time. By 2024 an estimated 149 zettabytes of data will be created, copied, and consumed around the world. In case you’re wondering how big a zettabyte is, it is 1,000,000,000,000,000,000,000 bytes of information. You use 10 bytes of data in a single typed word.

An estimated 92% of all the data in the Western world is stored on US-owned servers. That includes a comprehensive selection of online and connected activities, from regional and national government data all the way through to social media.

It might not feel like an important consideration as you post a photo of your cat, but the question of who has jurisdiction over your data if it is posted in one country but hosted in another is not as simple as it might seem.

The EU’s General Data Protection Regulation, or GDPR, is one example of how digital sovereignty manifests in everyday life. It seeks to unify how personal data is looked after online through rules and regulations and with the threat of punitive sanctions. Under the terms of the GDPR, any organization no matter where it is based, must abide by a set of data management rules if it wants to trade with customers in EU countries. Those rules make it possible for individual citizens to take more control of how their data might be used. It also sets potential fines of almost $25 million for data breaches.