Data sovereignty

The Snowden revelations on the National Security Agency's (NSA) PRISM program provided a catalyst for global data sovereignty discussions. It was revealed that the US was collecting vast swaths of data not only from American citizens, but from around the world.{{Cite news|url=https://www.theguardian.com/media-network/media-network-blog/2014/jun/09/edward-snowden-nsa-changing-business|title=Four ways the NSA revelations are changing businesses|last=Padilla|first=Len|date=2014-06-09|work=The Guardian|access-date=2017-11-28|language=en-GB|issn=0261-3077}} The program was designed “to "receive" emails, video clips, photos, voice and video calls, social networking details, logins and other data held by a range of US internet firms” such as American tech companies like Facebook, Apple, Google, and Twitter among others.{{Cite news|url=https://www.bbc.com/news/technology-23027764 |title=Q&A: NSA's Prism internet surveillance scheme |last=Kelion |first=Leo |date=2013-06-25 |work=BBC News |access-date=2017-11-16 |language=en-GB}} In the wake of the revelations, countries became increasingly concerned with who could access their national information and its potential repercussions. Their worries were further exacerbated due to the US Patriot Act. Under the act, US officials were granted access to any information physically within the United States (such as server farms), regardless of the information's origin.{{Cite web|url=http://www.tbs-sct.gc.ca/pubs_pol/gospubs/TBM_128/usapa/faq-eng.asp|title=USA PATRIOT Act Comprehensive Assessment Results|date=2006-03-28 |website=Treasury Board of Canada Secretariat}} This meant that any information collected by an American server would have no protection from the US government.

Another instance that put data sovereignty in the news was a case between Microsoft and the US government. In 2013, the Department of Justice (DoJ) demanded that Microsoft grant the DoJ access to emails “related to a narcotics case from a Hotmail account hosted in Ireland”.{{Cite news|url=https://www.theguardian.com/us-news/2015/sep/02/microsoft-us-government-cloud-computing-ireland |title=Nationality in the cloud: US clashes with Microsoft over seizing data from abroad |last=Thielman |first=Sam |date=2015-09-02 |work=The Guardian |access-date=2017-11-30|language=en-GB|issn=0261-3077}}{{Cite news|url=https://www.politico.eu/article/can-us-demand-emails-stored-in-ireland-cloud-congress-technology-courts-servers-internet-security/|title=Can the US demand emails stored in Ireland?|date=2015-09-08|work=Politico |access-date=2017-11-30|language=en-US |first=Joseph |last=Marks}} Microsoft refused, stating that this transfer would result in the company breaking data localization and protecting laws in the EU.{{Cite news|url=https://www.theguardian.com/technology/2014/apr/29/us-court-microsoft-personal-data-emails-irish-server|title=US court forces Microsoft to hand over personal data from Irish server|last=Gibbs|first=Samuel|date=2014-04-29|work=The Guardian|access-date=2017-11-30|language=en-GB|issn=0261-3077}} The initial ruling was in favor of the US government, with Magistrate James Francis concluding that American companies “must turn over private information when served with a valid search warrant from US law enforcement agencies". Microsoft asked for an appeal and went to court again in 2016 with the case Microsoft v. United States. John Frank, the VP for EU Government Affairs at Microsoft, stated in a 2016 blog post that a US court of appeals ruled in favor of Microsoft, supporting the notion that "US search warrants do not reach our customers' data stored abroad".{{Cite news |url=https://blogs.microsoft.com/eupolicy/2016/09/05/our-search-warrant-case-microsofts-commitment-to-protecting-your-privacy/ |title=Our search warrant case: Microsoft's commitment to protecting your privacy |date=2016-09-05 |work=EU Policy Blog |publisher=Microsoft |access-date=2017-11-30|language=en-US |first=John |last=Frank}} On October 23, 2017, Microsoft said it would drop the lawsuit as a result of a policy change by the Department of Justice (DoJ){{Cite web |url=https://venturebeat.com/2017/10/24/microsoft-drops-lawsuit-after-doj-revises-data-request-transparency-rules/ |agency=Reuters |title=Microsoft drops lawsuit after U.S. government revises data request transparency rules |publisher=VentureBeat |website=venturebeat.com |language=en-US |access-date=2017-11-30 |date=2017-10-24}} that represented “most of what Microsoft was asking for."{{Cite news |url=https://www.forbes.com/sites/emmawoollacott/2017/10/24/microsoft-drops-lawsuit-as-doj-reins-in-use-of-gagging-orders/#5ad89c504368 |archive-url=https://web.archive.org/web/20171024162222/https://www.forbes.com/sites/emmawoollacott/2017/10/24/microsoft-drops-lawsuit-as-doj-reins-in-use-of-gagging-orders/#5ad89c504368 |url-status=dead |archive-date=October 24, 2017 |title=Microsoft Drops Lawsuit As DoJ Reins In Use of Gagging Orders |last=Woollacott |first=Emma |work=Forbes |access-date=2017-11-30 |language=en}}

{{See also|CARE Principles for Indigenous Data Governance|Indigenous intellectual property}}

Discussions of Indigenous data sovereignty for Indigenous peoples of Canada, New Zealand, Australia, and the United States of America are currently underway.{{Cite journal|last1=Rainie |first1=Stephanie Carroll |last2=Schultz |first2=Jennifer Lee |last3=Briggs |first3=Eileen |last4=Riggs |first4=Patricia |last5=Palmanteer-Holder |first5=Nancy Lynn |date=2017 |title=Data as a Strategic Resource: Self-determination, Governance, and the Data Challenge for Indigenous Nations in the United States|url=http://ir.lib.uwo.ca/iipj/vol8/iss2/1|journal=The International Indigenous Policy Journal|language=en|volume=8|issue=2|doi=10.18584/iipj.2017.8.2.1|doi-access=free |hdl=10150/624737 |hdl-access=free }} Data sovereignty is seen by Indigenous peoples and activists as a key piece to self-governance structures and an important pillar of Indigenous sovereignty as a whole. The decolonization of data is seen by activists as a way to give power to Indigenous people to "determine who should be counted among them" and would be able to better reflect the "interests, values and priorities of native people".{{Cite book |editor-first=T. |editor-last=Kukutai |editor2-first=J. |editor2-last=Taylor |title=Indigenous Data Sovereignty: Toward an agenda |publisher=Australian National University Press |volume=38 |date=2016 |isbn=978-1-76046-030-3 |oclc=947953955 |editor-link=Tahu Kukutai |url=https://www.jstor.org/stable/j.ctt1q1crgf |jstor=j.ctt1q1crgf}} Scholars also argue that given the power over their own data, Indigenous peoples would be able to decide which data gets disseminated to the public and what does not, a decision typically made by the settler government. According to author Peter Yu, as discussed in his article on the Power of Data in Aboriginal Hands,{{Cite web |last1=Director |first1=Centre |last2=caepradmin.cass@anu.edu.au |date=2017-05-17 |title=The Power of Data in Aboriginal Hands — |url=https://caepr.cass.anu.edu.au/research/publications/power-data-aboriginal-hands-0 |access-date=2024-12-10 |website=Centre for Aboriginal Economic Policy Research |language=en-AU}} the significant gaps in statistical data that can be seen with indigenous people is highlighted in importance. It is believed that by restoring control over data, new possibilities for improvement will open and lead to increased understanding, dialogue, accountability, and even "informed decision-making" which one could argue would give the power back to indigenous people. Currently some researchers, such as [https://researchportalplus.anu.edu.au/en/persons/raymond-lovett Ray Lovett], argue that there is a significant issue when looking at statistical expertise and capacity. In fact, it is believed that if statistical capacity is increased it could be the exact pivoting point that indigenous peoples will need in order to better "assert data sovereignty".{{harvc |first=R. |last=Lovett |chapter=Aboriginal and Torres Strait Islander community wellbeing: identified needs for statistical capacity |chapter-url=http://www.jstor.org/stable/j.ctt1q1crgf.19 |jstor=j.ctt1q1crgf.19 |in=Kukutai |in2=Taylor |year=2016 |pages=213–232}}

In New Zealand, Te Mana Raraunga, a Māori data sovereignty network, created a charter to outline what Māori data sovereignty would look like. Some of the requests in the charter included "asserting Māori rights and interests in relation to data", "advocating for Māori involvement in the governance of data repositories" and "Supporting the development of Māori data infrastructure and security systems".{{Cite web|url=https://www.temanararaunga.maori.nz/s/Te-Mana-Raraunga-Charter-Final-Approved.pdf |title=Te Mana Raraunga – Māori Data Sovereignty Network Charter|website=Te Mana Raraunga}}

In Canada, Gwen Phillips of the Ktunaxa nation of British Columbia has been advocating for Ktunaxa data sovereignty and other pathways towards self-governance in the community.{{cite AV media |publisher=Data Power |title=Data Power 2017 Keynote: Indigenous Data Sovereignty and Reconciliation |first=Gwen |last=Phillips |date=2017-08-12 |url=https://www.youtube.com/watch?v=4I_3figC3B0 |accessdate=2017-11-16 |via=YouTube |doi=10.22215/1/conf/dp2017.1 |location=Ottawa |editor-last1=Lauriault |editor-first1=Tracey P. |editor-last2=Lim |editor-first2=Merlyna|doi-access=free }}

Data sovereignty, in regards to indigenous groups, can also be viewed under the lens of health data as it is collected and stored in the nation for research purposes.{{Cite journal |last1=Mc Cartney |first1=Ann M. |last2=Anderson |first2=Jane |last3=Liggins |first3=Libby |last4=Hudson |first4=Maui L. |last5=Anderson |first5=Matthew Z. |last6=TeAika |first6=Ben |last7=Geary |first7=Janis |last8=Cook-Deegan |first8=Robert |last9=Patel |first9=Hardip R. |last10=Phillippy |first10=Adam M. |date=2022-01-25 |title=Balancing openness with Indigenous data sovereignty: An opportunity to leave no one behind in the journey to sequence all of life |journal=Proceedings of the National Academy of Sciences |volume=119 |issue=4 |pages=e2115860119 |doi=10.1073/pnas.2115860119 |doi-access=free |pmc=8795560 |pmid=35042810|bibcode=2022PNAS..11915860M }}{{Cite journal |last1=Cordes |first1=Ashley |last2=Bak |first2=Marieke |last3=Lyndon |first3=Mataroria |last4=Hudson |first4=Maui |last5=Fiske |first5=Amelia |last6=Celi |first6=Leo Anthony |last7=McLennan |first7=Stuart |date=2024-07-04 |title=Competing interests: digital health and indigenous data sovereignty |journal=npj Digital Medicine |language=en |volume=7 |issue=1 |page=178 |doi=10.1038/s41746-024-01171-z |pmid=38965365 |issn=2398-6352|pmc=11224364 }} Many Indigenous groups today are reluctant to share health data due to a history of exploitation and improper handling of their data as well as their data being historically used in ways that they did not consent or agree to. Some scholars argue that in order for the creation of a complete global genomic conservation effort to be feasible, it will need to work within the framework of Indigenous data sovereignty. At the United Nation’s level, the UN General Assembly formally agreed to adopt the UN’s Declaration on the Rights of Indigenous Peoples. This declaration confirms that indigenous people have the right to control their own scientific and technical data, including the ability to protect and maintain their own human and genetic resources.Additionally, in light of this declaration, the study Access and Management: Indigenous Perspectives on Genomic Data Sharing,{{cite journal |vauthors=Garrison NA, Barton KS, Porter KM, Mai T, Burke W, Carroll SR |title=Access and Management: Indigenous Perspectives on Genomic Data Sharing |journal=Ethn Dis |volume=29 |issue=Suppl 3 |pages=659–668 |date=2019 |pmid=31889771 |pmc=6919970 |doi=10.18865/ed.29.S3.659 |doi-broken-date=21 December 2024 }} observed that when various individuals from different tribes were asked if they think tribes should share their data or not, most were fairly apprehensive. To be specific, most participants expressed an emphasis on confidentiality and deidentification. Although, many shared a common view on remaining anonymous, they did however vary when it came to whether or not the data should be shared. While some were apprehensive and did not feel comfortable sharing this data, others were fine with letting this information be public. Despite being open to sharing the data many individuals had specific cavoites. In fact, one participant believed that if they were to share this data then they "need to do a better job of understanding what that data-sharing really means, and what’s done with it".

Canada has enacted various data sovereignty measures, primarily on the storage of Canadian data on Canadian servers. As part of Canada's IT strategy for the years 2016–2020, data localization measures were discussed as a way to uphold citizens' privacy.{{Cite web|url=https://www.canada.ca/en/treasury-board-secretariat/services/information-technology/information-technology-strategy/strategic-plan-2016-2020.html|title=Government of Canada Information Technology Strategic Plan 2016-2020 |author=Treasury Board of Canada Secretariat |website=canada.ca |language=en |access-date=2017-11-16 |date=2016-06-13}} By using Canadian servers to store Canadian data as opposed to American servers, this would safeguard Canadian data from being subject to the US Patriot Act. In 2017, it was discovered that Shared Services Canada and the Communications Security Establishment were "exploring options for sensitive data storage on U.S.-based servers" with Microsoft".{{cite news |url=http://www.cbc.ca/news/politics/storage-data-cloud-government-canadian-shared-services-microsoft-secret-1.4277836 |title=Canadian agencies discuss US 'cloud' storage of sensitive data with Microsoft |work=CBC News |access-date=2017-11-30 |language=en |first=Dean |last=Beeby |date=2017-09-08}}

Also in 2016, the EU Parliament approved its own data sovereignty measures within a General Data Protection Regulation (GDPR).{{Cite web|title=What is GDPR Hosting and How Will it Impact Your Website?|url=https://verpex.com/blog/privacy-security/what-is-gdpr-hosting-and-how-will-it-impact-your-website|access-date=2021-08-17|website=Verpex|language=en-GB}} This regulatory package homogenizes data protection policy for all European Union members. It also includes an addendum that establishes extraterritorial jurisdiction for its rules to extend to any data controller or processor whose subjects are EU citizens, regardless of the location the holding or processing is conducted. This forces companies based outside of the EU to reevaluate their sitewide policies and align them with another country's law. The GDPR also effectively replaced the 1995 European Data Protection Directive{{cite EU directive |serial=95/46/EC |date=1995-10-24 |description=Directive on the protection of individuals with regard to the processing of personal data and on the free movement of such data |eurlextag=31995L0046}} that had originally established the free movement of personal data between member state borders, and in doing so granted interoperability of such data among nearly thirty countries.

A common criticism of data sovereignty brought forward by corporate actors is that it impedes and has the potential to destroy processes in cloud computing.{{Cite news |url=https://techcrunch.com/2015/12/26/the-clouds-biggest-threat-are-data-sovereignty-laws/ |title=The Cloud's Biggest Threat Are Data Sovereignty Laws |last=Ettling |first=Mike |work=TechCrunch |date=2015-12-26 |access-date=2017-11-16 |language=en}} Since cloud storage might be dispersed and disseminated in a variety of locations at any given time, it is argued that governance of cloud computing is difficult under data sovereignty laws. For example, data held in the cloud may be illegal in some jurisdictions but legal in others.The concept of a sovereign cloud is proposed as a solution to address this challenge.{{Cite web |last=Staniszewski |first=Przemysław |date=2024-09-26 |title=Oracle Sovereign Cloud: Is it the answer to your privacy concerns? |url=https://pretius.com/blog/oracle-sovereign-cloud/ |access-date=2024-10-28 |website=Pretius |language=en-US}}{{Cite web |title=The pros and cons of sovereign clouds {{!}} TechTarget |url=https://www.techtarget.com/searchcloudcomputing/tip/The-pros-and-cons-of-sovereign-clouds |access-date=2024-10-28 |website=Cloud Computing |language=en}}

Some scholars have presented the argument that data sovereignty involves the authority of the state being able to control data. This excessive power that the state and a few large corporations hold, due to their direct influence over data resources, can undermine the security of data sovereignty.{{cite journal |last1=Liu |first1=Jinhe |title=China's data localization |journal=Chinese Journal of Communication |date=2 January 2020 |volume=13 |issue=1 |pages=84–103 |doi=10.1080/17544750.2019.1649289|issn=1754-4750}}

According to economist and political science Professor Susan Ariel Aaronson, founder and director of the Digital Trade and Data Governance Hub at George Washington University,[https://iddp.gwu.edu/susan-ariel-aaronson "Our Team Susan Ariel Aaronson"] {{Webarchive|url=https://web.archive.org/web/20220930203635/https://iddp.gwu.edu/susan-ariel-aaronson |date=2022-09-30 }} Institute for Data, Democracy & Politics, School of Media and Public Affairs, The George Washington University. Retrieved September 30, 2022. "some governments are seeking to regulate the commercial use of personal data without enacting clear rules governing public sector use... The hoarding of data by nations or firms may reduce data generativity{{what|date=October 2024}} and the public benefits of data analysis."{{Cite web|title=Data is disruptive: How data sovereignty is challenging data governance|url=https://www.hinrichfoundation.com/research/article/digital/data-is-disruptive-how-data-sovereignty-is-challenging-data-governance/|access-date=2022-01-04|website=Hinrich Foundation|language=en-US|first=Susan|last=Aaronson|date=3 August 2021}}

• Cybersecurity
• Data governance
• Data localization
• Digital inclusion
• Digital self-determination
• Information privacy (data protection)
• Legal aspects of computing
• Network Sovereignty
• Privacy
• Privacy law

{{reflist}}

Category:Political ideologies

Category:Data laws