In 2006, a British mathematician running a customer-centric data science company coined the phrase “data is the new oil.” At the time, the Open Data movement was taking its first baby steps, while the expected digital data tsunami was gathering steam expeditiously. The saying was meant to pinpoint that data, like oil, needs to be extracted, processed, and refined (analyzed and synthesized) to have any economic value. Indeed, having access to a million data points is not very useful in itself. I also need access to hardware and software to grab the data and process it according to my particular goals. As data grows at the speed of light, I will eventually need more computing power, storage capacity, and sophisticated tools to process and analyze the precious inputs.
However, unlike oil, digital data can be reproduced at almost zero cost, which makes it non-rivalrous — that is, my data consumption never reduces yours. In principle, we can all store the same million data points in our digital devices, albeit privacy, security, and intellectual property could become formidable barriers. Moreover, while oil is a child of nature and thus exhaustible, data is entirely a human creation that will only die when humans manage to extinguish themselves. Digital data is a new form of data that easily replaces its older analog sibling. Furthermore, digital data is much vaster as it includes most, if not all, interactions that we undertake in the digital domain, from accessing resources on the Internet to exchanging information with others. Digital data thus can increase exponentially almost continuously, a trait that primitive oil can only be envious of. Finally, digital data is not extracted from the Earth via brute force, like oil. Instead, it is captured almost automagically while we type, click, browse, and read, even when we are on the move.
Eleven years later, when The Economist helped popularize the catchy phrase (paywalled), data sovereignty was already alive and kicking. Again, the Snowden revelations played a critical role here, just like in the case of digital sovereignty, as I described in a previous post. In fact, by 2014, the EU and countries such as India, Brazil, and Germany were already making policy moves to tame the digital data beast they did not see coming.
A recent book on data sovereignty, edited by Chander & Sun and cited in my previous post, makes the case for equating data and digital sovereignty. We must remember that digital data depends on digital infrastructure, connectivity, and computer networks that provide vital oxygen for survival. Root-servers, IXPs, ISPs, telecoms, data centers and large digital platforms are part and parcel of the digital domain where data dances ad infinitum. Of course, data sovereignty is a subset of the broader digital sovereignty. However, splitting the two might be less than ideal from a policy perspective, as countries should grab the bull by its horns if they want to have control, instead of beating around the bush randomly. The book offers a simple definition of digital sovereignty, limited to the nation-state and its sovereignty claims over the digital domain, including trade and human rights. However, the critical issue here is that nation-states do not have supreme authority over the digital domain, except for the hegemons of such a domain, which nowadays includes very powerful private actors.
One of the key book contributions includes a whole section on trade agreements and digital policies, a critical issue that most digital technology researchers and practitioners frequently overlook. That is a good example of internal versus external sovereignty.
The 1995 WTO TRIPS Agreement is a shining precedent at the global level. Western IP regimes became global standards, thus ensuring a continuous flow of financial resources to strengthen them. During the COVID-19 pandemic, the G-7 essentially bypassed TRIPS by denying the request from over 100 developing countries to freely license vaccines due to the health emergency. And while most think TRIPS has nothing to do with technology, the opposite is true. Indeed, Article 27 of the agreement suggests that patents shall be available for all innovations, regardless of technology. That could include software, thereby threatening Open Source. Those pushing Open Source sovereignty beware!
Global trade treaties are now unfashionable. Regional and bilateral agreements have replaced them big time. Let us look at the USMCA (formerly known as NAFTA), which contains a whole chapter on “digital trade” (chapter 19). Digital trade, however, is not defined anywhere in the document, but it is framed within the contours of chapters on investment (14), cross-border trade in services (15), and financial services (16). It excludes government procurement and information by default, except for Open Government Data.
The chapter covers sixteen digital areas. I will focus on the most relevant for our topic. The agreement forbids data localization and any attempts to curtail the free flow of cross-border data and information. However, it grants an exception to financial regulators who might demand localization of related data. It also prohibits tariffs on digital goods, ensuring digital products are not discriminated against in any way or form. USMCA also prevents the forced disclosure of source code, including algorithms, as a requirement for use in a given country. However, source code should be available to regulators or judicial bodies in the case of investigations. Consumer and personal data protection are included by allowing each country to have local laws following well-known international values and principles, and encouraging interoperability between different privacy regimes. It also fosters voluntary cybersecurity information exchange and proposes not to weaken encryption protocols. Under “interactive computing services,” USMCA rehashes Section 230 of the 1996 US Telecommunications Act that protects Internet providers from content liability, except for Intellectual Property rights violations or other content that might violate existing national laws.
In sum, the USMCA covers many themes and topics that most nations will consider integral to digital sovereignty. In this particular case, the playing field is not level. Indeed, one of the digital hegemons is establishing rules for the digital domain with another high-income country, albeit much weaker, and an upper-middle country still facing deep development gaps. If any of the latter consider going for digital sovereignty, they will have to face the legal constraints established by the trade agreement. The room for maneuvering is certainly tighter in this case, especially now when geopolitical frictions among them are at their peak, apparently. In any event, internal supreme authority over a given commonwealth is thus delimited by external sovereignty pressures, where the most powerful have more leverage to prevail over the rest.
Regardless of whether they include digital trade provisions, the outcomes of regional and bilateral trade agreements showcase the delicate balance between internal and external sovereignty. Expect the more powerful to emphasize the former, while the rest try their best to minimize sovereignty losses. Other trade treaties, such as RCEP, considered the largest trade pact ever, also include digital trade but take a different approach from USMCA’s. A hierarchy of sovereignties still exists, but it allows member nations to have their own policies on infrastructure location, cross-border information flows, source code disclosures, and privacy and data protection legislation.
In any case, we should keep close track of trade agreements, as nowadays most are prone to include the digital domain. Countries planning to embrace digital sovereignty should do the same and do their homework before negotiating with others who might be much more powerful and want to protect their internal sovereignty at all costs.
Raul
