In the data economy, data sovereignty is often conceptualized as data providers’ ability to control their shared data. While control is essential, the current literature overlooks how this facet interrelates with other sovereignty facets and contextual conditions. Drawing from social contract theory and insights from 31 expert interviews, we propose a data sovereignty conceptual framework encompassing protection, participation, and provision facets. The protection facets establish data sharing foundations by emphasizing baseline rights, such as data ownership. Building on this foundation, the participation facet, through responsibility divisions, steers the provision facets. Provision comprises facets such as control, security, and compliance mechanisms, thus ensuring that foundational rights are preserved during and after data sharing. Contextual conditions (data type, organizational size, and business data sharing setting) determine the level of difficulty in realizing sovereignty facets. For instance, if personal data is shared, privacy becomes a relevant protection facet, leading to challenges of ownership between data providers and data subjects, compliance demands, and control enforcement. Our novel conceptualization paves the way for coherent and comprehensive theory development concerning data sovereignty as a complex, multi-faceted construct.

在数据经济中，数据主权通常被概念化为数据提供者控制其共享数据的能力。虽然控制至关重要，但当前的文献忽视了这一方面与其他主权方面和背景条件的相互关系。根据社会契约理论和 31 位专家访谈的见解，我们提出了一个涵盖保护、参与和提供等方面的数据主权概念框架。保护方面通过强调基线权利（例如数据所有权）来建立数据共享基础。在此基础上，参与方通过责任分工，引导供给方。规定包括控制、安全和合规机制等方面，从而确保数据共享期间和之后保留基本权利。背景条件（数据类型、组织规模、业务数据共享设置）决定了主权层面实现的难度。例如，如果共享个人数据，隐私就会成为一个相关的保护方面，从而导致数据提供者和数据主体之间的所有权、合规性要求和控制执行方面的挑战。我们新颖的概念化为数据主权作为一个复杂的、多方面的结构的连贯和全面的理论发展铺平了道路。