INTRODUCTION

Our contemporary digital lives produce an overwhelmingly high level of data as part of the digital traces we leave behind from our everyday activities. These data traces are often under the operational jurisdiction of a blend of commercial, private and government operators whereby our control over the data generated through digital traces becomes an incredibly complex scenario. One area attracting significant attention among scholars, activists and tech journalists is data sovereignty. ‘Data are a timely subject matter, given that they mediate and steer extensive parts of our lifeworld. And sovereignty, understood, for example, as the ability to issue authoritative claims, latching onto domestic institutional arrangements, international regimes and the practices of other states (Krasner, 1988), appears as a fruitful category to apply to data’ (Hummel et al., 2021). Data sovereignty, then, becomes a policy lever that attempts to embody the local cultures and nuances of users. Ideally, it provides a legal framework that enables users to effectively control their digital traces. Data sovereignty asserts the rights of nations or regions to govern the flow and management of data within their borders, thereby asserting their sovereignty in the digital realm.

The implications of data sovereignty are far-reaching and cut across diverse sectors such as economics, law, security, privacy and technology. Baezner and Robin (2018) note that data sovereignty inserts itself within data flows in a national jurisdiction. Economically, data sovereignty can impact cross-border data flows, trade agreements and the competitiveness of businesses operating in global markets (Hummel et al., 2018). Legal considerations concerning compliance with data protection regulations, intellectual property rights, and jurisdictional conflicts in cases of data breaches or disputes are core to data sovereignty. Irion asserts (2012, p. 41), ‘[M]any governments have raised concerns about national data sovereignty when government information is moved to the cloud. How can confidentiality of public information assets residing in the cloud be ensured? What if public information and IT systems are hosted abroad? Will government data of one country be caught under the authority of another jurisdiction?’. From a security and privacy standpoint, data sovereignty plays a crucial role in safeguarding sensitive information and ensuring that it is subject to adequate legal protections and safeguards. For example, governments and organisations may seek to enforce data localisation requirements to mitigate risks related to data breaches, surveillance and unauthorised access by foreign entities. Data centres in different jurisdictions may also need to comply with local data residency requirements because of sovereignty. Similarly, AI algorithms trained on sensitive data may raise concerns about data sovereignty if deployed across borders without adequate safeguards for privacy and security. Couture and Toupin (2019) acknowledge the complexities, particularly within the sorts of technological systems they embody. They note cloud computing, sensor systems, metadata, artificial intelligence, surveillance capturing devices, Internet of Things, and a host of other data capturing are difficult to navigate.

Simultaneously, and while within this complex cultural, economic and government argument actuel, data sovereignty several number of societal benefits for the localised users of technology that nests within the policy debates. Data control and autonomy allow countries, organisations and individuals to exert greater control over how and where their data are used. By asserting jurisdictional authority over data collected, stored and processed within their borders, entities can enforce regulations, policies and standards that align with their interests and priorities. Implementing data sovereignty measures, such as data localisation requirements, can enhance security and mitigate risks associated with breaches, unauthorised access and cyber threats. By keeping data within national or regional boundaries, organisations can reduce exposure to external vulnerabilities and better protect sensitive information. Data sovereignty also supports the protection of individuals' privacy rights by ensuring that personal data are subject to adequate legal safeguards and regulations. Local data residency requirements can prevent the transfer of personal information to jurisdictions with weaker privacy laws or inadequate data protection measures, thereby preserving individuals' privacy and dignity. Compliance with local, regional and international regulations governing data protection, privacy and security can enable organisations to avoid legal penalties, regulatory fines and reputational damage resulting from noncompliance with applicable laws and regulations.

Beyond the tech policy debates for data sovereignty currently underway, there are broader cultural, economic and social implications to enabling and enhancing its practice. Cultural and ethical considerations within data acknowledge the importance of societal values in shaping data governance practices. By respecting cultural norms and community interests, data sovereignty initiatives can promote inclusivity, diversity and ethical stewardship of data resources. Data sovereignty can also foster economic growth and development by encouraging local innovation, entrepreneurship and job creation through the nurturing of domestic data infrastructure, capabilities and talent, whereby countries can leverage data as a strategic asset for driving innovation, economic competitiveness and sustainable development.

One of the most important aspects of data sovereignty within our current digital media environment is an increase in the enhanced trust and transparency of our data systems. Data sovereignty initiatives can build trust and transparency in data governance practices by fostering greater accountability, visibility and traceability of data flows. By ensuring that data processing activities are conducted in compliance with established rules and regulations, organisations can instil confidence among stakeholders and users regarding the responsible handling of data. Finally, data sovereignty can enhance the resilience and sovereignty of critical infrastructure sectors, such as healthcare, energy and telecommunications, by safeguarding essential data assets against external threats, disruptions, or dependencies on foreign technologies or services.

Despite its potential benefits, the implementation of data sovereignty poses several challenges and complexities. One major challenge is the tension between national sovereignty and the global nature of the internet and digital economy. Balancing the legitimate interests of states in regulating data flows with the need for interoperability, innovation and collaboration on a global scale requires careful coordination and cooperation among stakeholders. The fragmentation of data sovereignty regulations across different jurisdictions can create legal and compliance burdens for multinational companies and inhibit the free flow of information and innovation. Harmonising data protection laws, establishing mutual recognition frameworks and enhancing international cooperation are essential steps toward addressing these challenges and promoting a more cohesive and equitable approach to data governance.

Amidst these benefits and challenges of data sovereignty, there remains strong advocation for localised data management, progressing the debate and highlighting why data sovereignty is critical. By highlighting the needs of individuals and communities over these complex systems discussed so far, it becomes possible to understand and align with and progress the conversations surrounding tech policy and data management. The following section provides an overview of a specific case study in the Aotearoa New Zealand context where data sovereignty is of key concern to media scholars, activists and importantly, Indigenous users. In examining the Te Mana Raraunga (Māori Data Sovereignty Network), the sorts of tensions highlighted above clearly demonstrate how a particular set of users are grappling with and developing the concept of data sovereignty.

中文翻译：

---

数据主权：互联网政策的下一个前沿？

介绍

我们当代的数字生活产生了大量的数据，作为我们日常活动中留下的数字痕迹的一部分。这些数据痕迹通常处于商业、私人和政府运营商的运营管辖之下，因此我们对通过数字痕迹生成的数据的控制变得极其复杂。引起学者、活动人士和科技记者高度关注的一个领域是数据主权。 “数据是一个及时的主题，因为它们调解和引导我们生活世界的广泛部分。主权，例如被理解为发布权威主张、抓住国内制度安排、国际制度和其他国家实践的能力（Krasner，  1988），似乎是一个适用于数据的富有成果的类别”（Hummel 等人） .,  2021 )。那么，数据主权就成为试图体现当地文化和用户细微差别的政策杠杆。理想情况下，它提供了一个法律框架，使用户能够有效地控制他们的数字痕迹。数据主权维护国家或地区在其境内管理数据流动和管理的权利，从而维护其在数字领域的主权。

数据主权的影响是深远的，涉及经济、法律、安全、隐私和技术等不同领域。 Baezner 和 Robin（2018）指出，数据主权将其自身插入到国家管辖范围内的数据流中。从经济上讲，数据主权可以影响跨境数据流、贸易协定以及在全球市场运营的企业的竞争力（Hummel 等，  2018）。有关遵守数据保护法规、知识产权以及数据泄露或争议情况下的管辖冲突的法律考虑是数据主权的核心。 Irion 断言（2012 年，第 41 页），“当政府信息转移到云端时，许多政府都会对国家数据主权表示担忧。”如何保证云端公共信息资产的机密性？如果公共信息和IT系统托管在国外怎么办？一个国家的政府数据是否会受到另一司法管辖区的管辖？从安全和隐私的角度来看，数据主权在保护敏感信息并确保其受到充分的法律保护和保障方面发挥着至关重要的作用。例如，政府和组织可能会寻求执行数据本地化要求，以减轻与数据泄露、监视和外国实体未经授权访问相关的风险。由于主权原因，不同司法管辖区的数据中心也可能需要遵守当地的数据驻留要求。同样，如果跨境部署时缺乏足够的隐私和安全保障，针对敏感数据训练的人工智能算法可能会引起人们对数据主权的担忧。 Couture 和 Toupin（2019）承认其中的复杂性，特别是在它们所体现的各种技术系统中。他们指出，云计算、传感器系统、元数据、人工智能、监视捕获设备、物联网和许多其他数据捕获都很难导航。

同时，在这种复杂的文化、经济和政府争论中，数据主权为政策辩论中的本地技术用户带来了许多社会效益。数据控制和自治使国家、组织和个人能够对其数据的使用方式和地点施加更大的控制。通过对境内收集、存储和处理的数据行使管辖权，实体可以执行符合其利益和优先事项的法规、政策和标准。实施数据主权措施（例如数据本地化要求）可以增强安全性并减轻与数据泄露、未经授权的访问和网络威胁相关的风险。通过将数据保留在国家或地区边界内，组织可以减少外部漏洞的暴露并更好地保护敏感信息。数据主权还通过确保个人数据受到充分的法律保障和监管来支持对个人隐私权的保护。本地数据驻留要求可以防止个人信息转移到隐私法较弱或数据保护措施不充分的司法管辖区，从而保护个人的隐私和尊严。遵守当地、区域和国际有关数据保护、隐私和安全的法规可以使组织避免因不遵守适用的法律和法规而导致的法律处罚、监管罚款和声誉损害。

除了目前正在进行的数据主权技术政策辩论之外，启用和加强其实践还具有更广泛的文化、经济和社会影响。数据中的文化和伦理考虑承认社会价值观在塑造数据治理实践中的重要性。通过尊重文化规范和社区利益，数据主权举措可以促进数据资源的包容性、多样性和道德管理。数据主权还可以通过培育国内数据基础设施、能力和人才，鼓励当地创新、创业和创造就业机会，从而促进经济增长和发展，从而各国可以利用数据作为推动创新、经济竞争力和可持续发展的战略资产。

在我们当前的数字媒体环境中，数据主权最重要的方面之一是增强数据系统的信任和透明度。数据主权举措可以通过增强数据流的问责制、可见性和可追溯性来建立数据治理实践的信任和透明度。通过确保数据处理活动按照既定规则和法规进行，组织可以向利益相关者和用户灌输关于负责任地处理数据的信心。最后，数据主权可以通过保护重要数据资产免受外部威胁、破坏或对外国技术或服务的依赖，来增强医疗保健、能源和电信等关键基础设施部门的弹性和主权。

尽管有潜在的好处，但数据主权的实施也带来了一些挑战和复杂性。其中一项重大挑战是国家主权与互联网和数字经济的全球性之间的紧张关系。要平衡各国监管数据流的合法利益与全球范围内的互操作性、创新和协作的需要，需要利益相关者之间的仔细协调与合作。不同司法管辖区的数据主权法规分散，可能会给跨国公司带来法律和合规负担，并抑制信息和创新的自由流动。协调数据保护法、建立相互承认框架和加强国际合作是应对这些挑战和促进采取更有凝聚力和公平的数据治理方法的重要步骤。

尽管数据主权的这些好处和挑战，人们仍然强烈主张本地化数据管理，这推动了辩论并强调了为什么数据主权至关重要。通过强调个人​​和社区对迄今为止讨论的这些复杂系统的需求，可以理解、协调和推进围绕技术政策和数据管理的对话。以下部分概述了新西兰新西兰背景下的具体案例研究，其中数据主权是媒体学者、活动家以及更重要的是原住民用户的主要关注点。在研究Te Mana Raraunga（毛利数据主权网络）时，上面强调的各种紧张局势清楚地表明了一组特定的用户如何应对和发展数据主权的概念。