数字主权(Digital Sovereignty)的核心是试图让最终用户对其个人数据保持权威。这就是欧盟(European Union)所说的。数字主权(Digital Sovereignty)大致可以定义如下:
Digital sovereignty is the question of owning the personal data of users, collected by different company websites on the Internet with or without the consent of the users.
理想的数据主权
根据数字主权活动家的说法,用户的个人数据应仅在征得用户同意的情况下收集,或者至少应告知用户正在收集的所有数据。他们进一步指出,用户的个人数据应存储在用户居住或使用互联网(Internet)的国家/地区的数据中心中。然而,这是不切实际的,因为现在是云计算时代,几乎所有主要网站或公司的数据中心都分布在多个国家/地区,有关 IT 和云的法律各不相同。
数字主权示例
就欧盟(European Union)而言,最近实施了通用数据保护条例 (GDPR)(General Data Protection Regulation (GDPR)),以便用户了解公司网站在访问时收集的所有数据。因此,来自欧盟(EU) 的(European Union)互联网(Internet)用户知道在他们访问特定网站期间正在收集哪些数据。欧盟进一步要求这些用户(位于欧盟的互联网用户)(European Union)的(Internet)数据不得以任何形式离开欧盟。(European Union)他们还强调数据加密,以便最终用户数据是安全的。
例如,考虑一个网站名称,其顶级域 (TLD)(top-level domain (TLD))为.com。现在,ICANN拥有此TLD(本例中为.com)的权力。因此,从欧盟注册网站的人必须向位于美国(United)的(States)ICANN提供他或她的详细信息。因此,即使欧盟反对此类行为,数据也会离开欧盟。在这种情况下,数字主权在于ICANN而不是用户。虽然这不能被质疑,但至少使用加密来保证数据安全,这是活动人士所说的。
另一个例子可能是亚马逊(Amazon)。每个人都知道它是一个巨大的零售巨头,提供从世界任何地方到世界任何地方的物品。为了便于使用,它采用了不同的TLD(TLDs)。Amazon.com将迎合美国人民,因此数字主权运动者希望有关买家和供应商的数据仅存储在美国的数据中心中。同样(Likewise),如果有人在使用 amazon.co.uk,则数据不应离开英国(United Kingdom)。考虑到美国人也可以访问亚马逊的英国网站,它的实施(Amazon)有多(How)实用?
数字主权和GAFA
GAFA是四大在线公司的首字母缩写词——谷歌(Google)、亚马逊(Amazon)、Facebook和苹果(Apple)。有人可能想知道为什么它不包含Microsoft . 答案是因为微软(Microsoft)在形成首字母缩略词时并没有太多的操纵地位。然而,那是另一回事了。
现在,很明显GAFA拥有互联网(Internet)上的数据。通过GAFA,我不将数量限制为只有四家公司。广义上的GAFA将涉及(GAFA)互联网(Internet)上所有从事最终用户数据收集的跨国公司。
数据收集和使用有两个方面。一个是商业的,没有太多的争论,因为每个人都知道它会发生。他们(用户)用他们的个人数据交换免费(FREE)的东西并获得更好的服务。另一个是政治性的,不同国家的政府声称拥有数据主权。人们不喜欢政府窥探他们,尤其是在剑桥分析(Cambridge Analytica)公司惨败之后。现在人们意识到,只要使用Facebook等不同网络提供的数据,他们就可以适应特定的思维模式,这就是为什么数据主权问题已成为亟待解决的群众运动。
数据主权问题(Data Sovereignty Issue)的解决方案
与任何战争一样,与数字主权相关的激进主义有两个方面。一方面主张将数据保存在用户所在国家的数据中心,另一方面则希望对公司的所有数据中心拥有主权,以便政府或公司可以在需要时访问数据。这造成了紧张,因为每个国家在云计算(cloud computing)方面都有自己的规则和规定。
最好的解决方案是达成共识并制定一套强大但相似的规则,适用于所有数据中心——无论它们在哪个国家/地区运营。这些规则将规定谁拥有数据以及以何种形式拥有数据。不同国家/地区的加密类型应该相似,因此相同级别的保护适用于所有数据中心。相同的规则可以告诉谁可以访问哪些数据以及如何访问数据。
如果最终用户要继续使用Internet ,他们无能为力。但是应该有一个解决方案来定义关于数据主权的不同事物,即使数据分散在不同的国家,同时也为数据提供安全性。
Digital Sovereignty – Definition, Meaning, Examples and Explanation
At the core of Digital Sovereignty are the attempts to let the end users keep authority over their personal data. That is what the European Union says. Digital Sovereignty can be roughly defined as follows:
Digital sovereignty is the question of owning the personal data of users, collected by different company websites on the Internet with or without the consent of the users.
Ideal Data Sovereignty
According to digital sovereignty activists, the personal data of users should be collected with their consent only or at least the users should be informed of what all data is being collected. They further state that the personal data of a user should be stored in a data center that is present in the country where the user is residing or using the Internet. This is not practical however as it is the age of cloud computing and almost all major websites or companies have their datacenters spread over a range of countries with varying laws about IT and cloud.
Digital Sovereignty examples
In the case of the European Union, the General Data Protection Regulation (GDPR) was enforced recently so that the users know what all data is a company website collecting when they visit it. Thus, the users of the Internet from the European Union (EU) know what data is being collected during their visit to a particular website. The European Union further demands that the data of these users (Internet users based in European Union) should not leave the EU in any form. They also stress data encryption so that the end user data is safe.
For example, consider a website name that has the top-level domain (TLD) as .com. Now, ICANN has the power over this TLD (.com in this example). So, someone registering a website from EU will have to provide his or her details to the ICANN that is situated in the United States. Thus, the data will leave the EU even though the union is against such acts. In this case, digital sovereignty lies with ICANN instead of the users. While that cannot be challenged, at least keep the data safe using encryption, is what the activists say.
Another example could be Amazon. Everybody knows it is a huge retail giant that provides items from anywhere in the world to anywhere in the world. For ease of usage, it employs different TLDs. Amazon.com would cater to US people, and hence the digital sovereignty campaigners would expect that data regarding both buyers and suppliers is stored in US-based datacenters only. Likewise, if someone is using amazon.co.uk, the data should not leave the United Kingdom. How practical could its implementation be, given that a person from the US can also access the UK website of Amazon?
Digital Sovereignty and GAFA
GAFA is an acronym for top four online companies – Google, Amazon, Facebook, and Apple. One might wonder why it doesn’t contain Microsoft. The answer is because Microsoft was not in much manipulating position when the acronym was formed. That’s another story, however.
Right now, it is clear that GAFA owns the data on the Internet. By GAFA, I don’t restrict the number to just four companies. GAFA, in a broader sense, would relate to all multinational companies on the Internet that engage in end-user data collection.
There are two sides of data collection and usage. One is commercial and is not much debated as everyone knows it happens. They (users) trade in their personal data for something FREE and to receive better services. The other is political where governments of different countries lay claim to the data sovereignty. People don’t like governments snooping on them, especially after the Cambridge Analytica fiasco. Now people are aware that they can be conditioned into certain thought patterns just by using the data that different networks like Facebook provide, which is why the issue of data sovereignty has become a mass movement that needs to be addressed urgently.
Solution to the Data Sovereignty Issue
There are two sides to the activism related to digital sovereignty — as with any war. While one side advocates keeping data on the datacenters in the same country as the user, the other wants sovereignty over all data centers of a company so that the government or corporation can access data whenever required. This creates tension as each country has its own rules and regulations when it comes to cloud computing.
The best solution for this is to reach a common ground and formulate a powerful yet similar set of rules that apply to all the datacenters – irrespective of the country where they operate. These rules will dictate who owns data and in what form. The encryption type should be similar across countries, so that same level of protection applies to all datacenters. The same rules can tell who can access what data and how can data be accessed.
There is not much that the end users can do if they are to continue using the Internet. But there should be a solution in place that defines different things about data sovereignty even as the data is scattered among different countries, all the while, providing security to the data.