The concept of sovereignty has evolved over the centuries, originating from the Latin roots ‘super’, meaning ‘above’ and developing into its modern definition in the early 18th century as ‘supreme authority over the nation state’.
While it retained the same ideals of ultimate authority, the Peace of Westphalia, often regarded as the birth of the nation state, emphasised sovereignty by linking it to territorial control, non-interference and legal independence.
Regardless of our perspectives on the liberal interpretation of Westphalian sovereignty, it continues to shape world politics.
The mid-20th century marked a significant period in this development, highlighted by the establishment of international and multilateral organisations such as the United Nations (UN) and the Organisation of African Unity (OAU), which later became the African Union (AU).
Although contemporary notions of sovereignty are being challenged by globalisation, power imbalances continue to have a negative effect on developing countries in the Global South, particularly in Africa.
As digital technologies and scientific research advance, the territorial integrity of the nation state must also encompass citizens’ data and intellectual property.
While I acknowledge that the digitalisation of our lives, which transforms our everyday activities into datasets, raises complex moral and ethical questions, I want to specifically address the issue of data sovereignty.
Data sovereignty refers to the principle that all data is subject to the laws and regulations of the nation state or jurisdiction in which it is collected.
This concept gained prominence in the early 2010s following the Edward Snowden revelations about mass surveillance by the United States (US).
In response, countries such as Russia, China, India, Indonesia and Vietnam began advocating data localisation, enacting laws requiring American companies to store their citizens’ data on local servers in their territories.
Data sovereignty evolved from practical concerns about privacy and security in a globalised internet into a broader geopolitical and economic issue, with nations seeking to protect data as a strategic asset.
The European Union’s General Data Protection Regulation (GDPR), which came into effect in 2018 and the African Union’s Convention on Cyber Security and Personal Data Protection (Malabo Convention), which came into effect in 2023, though adopted in 2014, became the leading guiding documents in advancing data sovereignty in Europe and Africa.
For Africa, the Malabo Convention sought to protect personal data, emphasising principles of data minimisation, data quality and data-subject rights.
It establishes national data protection authorities and provides for cross-border data transfers. Implementation is challenging because of limited resources, inadequate technological infrastructure, weak legal systems, a shortage of skilled personnel, political instability and corruption.
As a result, Africa has become vulnerable to international agreements that threaten its data sovereignty. This does not absolve the American technology giants such as Amazon, Google, Meta and Microsoft.
While the Malabo Convention sought to protect Africans from these companies through Articles 13 and 14, which require that cross-border data transfers, including those outside Africa, go to jurisdictions that offer an ‘adequate level of protection’, it goes without saying that since the Snowden revelations, Africans must be concerned about international agreements, whether bilateral or multilateral, that involve data processing.
More than a decade after the Snowden revelations, the EU is faced with the belligerence of the Trump administration, which weaponises dependence on US technology companies through illegal and arbitrary sanctions, threatening the EU’s data sovereignty.
Recently in Davos, Henna Virkkunen, the European Commission’s official for tech sovereignty, warned that dependence on a single country or company in critical fields of the economy or society threatens to have that dependence weaponised against others.
This comes after the US arbitrarily sanctioned the International Criminal Court’s senior prosecutor, prompting Microsoft to cut off his access to email services.
The same fate has befallen Francesca Albanese, the special rapporteur on the occupied Palestinian territories. France has recently indicated its intention to stop using US-provided videoconferencing tools within 12 months in favour of local services.
A growing number of EU leaders have expressed concern about financial and technology sovereignty amid the Trump administration’s increasing uncertainty and belligerence.
This ought to be a wake-up call to the African Union as it headed to its 39th ordinary session of the assembly in Addis Ababa last month (14 to 15 February).
The African Union, through its Data Policy Framework, recommends that member states should “support the development of regional and continental data infrastructure to host advanced data-driven technologies and the necessary enabling environment and data-sharing mechanisms to ensure circulation across the continent”.
These are only a few of the recommendations the policy framework offers to member states on advancing data sovereignty.
According to the AU commissioner for infrastructure and energy, it also seeks to “raise citizens’ awareness of data protection and privacy issues, promote research and innovation, preserve states’ sovereignty and ownership and build trust in the data ecosystem”.
The question of data sovereignty in Africa cannot be separated from safeguarding human rights and ensuring equitable access to and sharing of benefits.
This should be the ethos of any data protection mechanism in any country. Individual citizens must trust the safeguards protecting the sanctity of their privacy, whether from large US technology companies or the local government.
Legal protections must be enacted at both the domestic and continental levels to ensure these safeguards.
The America First Global Health Strategy that the US has signed with several African countries should be scrutinised to ensure data sovereignty on the continent.
While I have previously expressed no objection to countries signing development assistance agreements with other countries, Africa must remain mindful of the threat the US poses to Africa’s data sovereignty.
Whether it is the critical minerals (rare earth minerals) deal signed with the Democratic Republic of Congo (DRC) and Rwanda, the third-party deportation deals signed by a growing number of countries or the recent health deals, America under President Trump is a threat to Africa’s sovereignty, including data sovereignty.
With arbitrary sanctions, the US holds the ‘kill switch’ on many of the agreements it signs with African countries, including those affecting financial markets.
Africa stands at a decisive moment. As global powers increasingly weaponise data and digital dependencies, the continent can no longer afford a passive posture toward the governance of its citizens’ information.
Data sovereignty must be treated not as a technical aspiration but as a core pillar of political independence, economic security and the protection of human rights.
The accelerating erosion of sovereignty in an interconnected world only sharpens the urgency: without strong legal frameworks, regional infrastructure and assertive continental coordination, Africa’s data will continue to be shaped and exploited by external actors.
The African Union has already outlined the principles needed to safeguard the continent’s digital future.
What remains is the political will to implement them with ambition and clarity.
For Africa, the choice is stark. Either it builds the systems, capabilities and governance models necessary to control its own data, or it cedes that control to others who will use it to advance interests not aligned with the continent’s.
True sovereignty in the 21st century will belong to those who command their digital domain.
Africa must ensure it is one of them.
Melusi Simelane is a civic rights programme manager at Southern Africa Litigation Centre and also an MA International Relations Student at the University of Sussex
Data sovereignty refers to the principle that all data is subject to the laws and regulations of the nation state or jurisdiction in which it is collected. This concept gained prominence in the early 2010s following the Edward Snowden revelations about mass surveillance by the United States