In Europe, ‘digital sovereignty’ is one of the hot issues right now but what is it exactly and why should any of us be concerned about it – either as individuals or as organisations?

Digital sovereignty refers to the control an entity has over its own digital footprint. At an individual level, this involves a person’s right to choose how and where their personal data is gathered, processed and distributed. At an organisational level, it refers to the control the organisation has over its own systems and how customer data is gathered, processed and distributed.

The introduction of the EU’s General Data Protection Regulation (GDPR) in 2018 set out key principles to govern how organisations use customer data, relating to lawfulness, fairness, and transparency; purpose limitation; accuracy; storage limitation; integrity and confidentiality; and accountability. As a result, European businesses are taking their data security and storage arrangements more seriously than ever before.

THREATENING CLOUDS

However, European businesses and customers also transact with countries all over the world, not all of which will be bound by the provisions of GDPR. This starts to create some interesting conflicts around the idea of ‘digital sovereignty’.

For example, both the German and the UK governments are currently considering whether to allow Chinese telecoms giant Huawei to play a leading role in the implementation of their countries’ 5G networks. While news reports inevitably focus on whipping up sensational claims of potential espionage, the more mundane issue to consider is whether a UK or German firm can claim to have total sovereignty over its data if that same data is fully accessible by an organisation based in China or the US. Legally, right now, this is a concern that remains a grey area.