What is Digital Sovereignty?
The subject of digital sovereignty is important to consider. It is also a subject that is not necessarily easy to grasp because the notion combines different ideological strands. In this article, we will try to clearly define this concept by explaining what it involves and who it affects.
Let’s start by looking at what sovereignty means, and considering its historical context. Sovereignty refers to the exercise of power by an independent state over a geographical area and the people who live there. It is also the nature of a state that is not beholden to or governed by any other state, also known as state sovereignty.
Something we see daily is how state sovereignty evolves – and even deteriorates – into economic and industrial sovereignty, which in turn manifests itself nowadays as digital sovereignty.
However, in recent years, the globalised nature of technological development has meant it has largely escaped state control, ignoring physical borders, and thus being able to influence inter-state power relations.
These notions of state, economic and digital sovereignty are therefore being turned upside down with the transition to an increasingly digital age. Of these three, digital sovereignty is the one that we will focus on as most relevant in this context. Debate on this subject stems from a particular concern; the reluctance to see people, user communities, states and individuals lose control over their own destiny while poorly-identified and potentially unlawful entities – whose objective is not to protect the interests of the general public – benefit at their expense.
The first formalized reflections on this subject appeared in the early 2000s:
I. From an interational perspective:
- The issue over the control of internet resources raised concerns by some states, eager to limit American dominance, especially during the strategic management of domain name systems, as piloted by the California-basedInternet Corporation for Assigned Names and Numbers (ICANN).
- The expression “digital sovereignty” was used as early as 2012 at the World Conference on International Telecommunications, and in particular by Russia and China. Both countries demanded the restoration of their “sovereign rights” over network management as well as the development of an international treaty which would better share responsibilities.
- In 2013, the Snowden case and American espionage revelations led to a reflection on overhauling the governance system of digital spaces. The Snowden affair was then addressed at several summits and international forums dedicated to the subject, including the (annual Internet Governance Forum in Bali in 2013, NETmundia
II. A French focus:
- In June 2009, the French Minister of the Interior announced that he wanted to “guarantee digital sovereignty” and “extend the scope of the rule of law to the digital space”
III. Countries coming together:
- In 2014, still following the Snowden case, the first Digital Sovereignty Conference took place and the Institute of Digital Sovereignty was also created, responsible for raising awareness of these issues amongst the public and elected officials.
Now that we have considered this notion of digital sovereignty in its historical and geopolitical context, we can refine it further and try to define the term. There are a number of suggestions on the Internet, of which we’ll consider two:
- It is the capacity to “master all technologies, from an economic, social and political point of view”, and to “determine one’s own technological direction” (Bernard Benhamou, French Internet expert and specialist in information society)
- The 2019 report of the French Senate’s inquiry into digital sovereignty defines it as “the ability of the State to function in cyberspace”, which is a “necessary condition for the preservation of our values”. This implies, on the one hand “an autonomous ability to assess, decide and act in cyberspace” and, on the other, the control of “our networks, our electronic communications and our data”.
Alongside these definitions, which emphasize the strict legalities associated with the power accorded to States, we also find some variations. These highlight the digital sovereignty of economic operators and users, showing that this idea of digital sovereignty must be understood in its broadest possible definition and not just limited to States.
Who sets the rules? On what basis and with what legitimacy? Who do we obey, and what are we guaranteed?
To be able to answer these questions it is important to understand who rules over the networks, how this authority is expressed, and how to guarantee it over time.
There are currently several programming developments that aim to maintain this sovereignty at a European or even country level: these include the French search engine Qwant which launched in 2013, the European digital library Europeana, and the “data sovereignty” advances through the GAIA-X project and the SecNumCloud label.
For the purposes of this article, and in our capacity as a digital consulting company, we propose addressing the concept of digital sovereignty by focusing on the guarantees of data security for economic players.
Data sovereignty can be considered through three sets of complementary solutions :
- Legal and regulatory solutions: via the drafting of contracts, obtaining certifications, and regulatory compliance.
- Measures to guarantee access and availability: via solutions that manage the integration and transferability services (i.e. the ability to change providers at any time without losing data)
- Solutions for controlling data confidentiality: for example, via native Amazon Web Services (AWS) solutions, but also complementary solutions, such as Sovereign Key, the data security solution from Devoteam REVOLVE.
After this initial introduction to the concept of digital sovereignty, we will be looking in closer detail at the differing elements that fall under the Sovereign Cloud umbrella through our upcoming series of more in-depth articles.