Author : Trisha Ray

Expert Speak Digital Frontiers
Published on May 25, 2020
The quest for cyber sovereignty is dark and full of terrors

There now exists a broad consensus that the digital revolution, instead of bringing about a libertarian ‘techno-utopia’, has created or exacerbated asymmetries in terms of access to and control over data, information infrastructure, intellectual property, as well as financial and human capital. “Digital wealth”, as a 2018 UNCTAD report puts it, “is concentrated in the hands of a few US- and China-based platforms”.

This narrative has manifest itself in two polarising concepts, ‘digital colonialism’ and ‘cyber sovereignty’. As emerging economies in Africa and Asia participate in norm-making processes, and express their priorities, often through these concepts, it is important to discuss ideas and the misconceptions surrounding them.

Emerging Narratives…

The UN Group of Governmental Experts on Developments in the Field of Information and Telecommunications in the Context of International Security (UN GGE on Cyber) has convened six times since its establishment in 2004, with the fifth session famously failing to achieve the consensus needed to release a report. In 2018, a parallel Open-Ended Working Group (OEWG) was established, with the aim of broadening multistakeholder participation.

In its initial stages, Sub-Saharan Africa (SSA) was notably absent from the UN GGE: between 2004 and 2010, only two SSA countries, South Africa and Mali, were GGE members. Developing Asia was underrepresented as well, with only larger countries like India and Malaysia being members.<1>

As cyberspace emerged as a crucial element of individual expression, economic growth and national security, these geographies are working on building-block style norms and legislations at a national and regional level. These national and regional efforts have a symbiotic relationship with two sets of emerging narratives at international forums: digital colonialism and cyber sovereignty.

Cyber sovereignty is a strong yet nebulous concept, usually referring to the assertion of state control over technology-linked flows, whereby the state both defines and guarantees rights in the digital realm. The 2015 UN GGE affirmed the principle of sovereignty, in conjunction with adherence to international law. At the February 2020 convening of the OEWG, a group of states called for the inclusion of stronger norms on state sovereignty and sovereign equality. While Russia and China are notably vocal on this front, similar concerns were also raised by South Africa, Syria, India and Philippines.

Digital colonialism refers to the phenomenon whereby ICTs, emerging technologies and the infrastructure and resources to deploy them rapidly and aggressively across markets is concentrated in the hands of a few companies headquartered in a few countries, most commonly the US and China . This creates its own dynamic and in response, many states are leveraging a mix of market size, regulatory tools and regional institutions to urge data giants to re-house data within their borders to enhance their own agency and that of their corporations and people. The table below lists some of these countries, from SSA, South Asia and SE Asia. India, Indonesia, Thailand, Vietnam and Malaysia all have large and growing markets for internet-based applications. Many of the countries listed below have signed onto regional instruments, such as the African Union’s landmark Convention on Cyber Security and Personal Data Protection (2014), and the ASEAN Framework on Digital Data Governance (2012).

Country Data Protection Act/Bill Signatory to a Regional Instrument Internet Penetration %2015 Internet Penetration %2018  GDP Rank (PPP)


Regulatory Quality (World Bank)
Ghana Y Y 25 39 76 111
India Y N 17 51 3 118
Indonesia Y Y 22 40 7 109
Kenya Y N 16 18 71 124
Malaysia Y Y 71 81 25 61
Nigeria Y N 36 42 24 179
Philippines Y Y 36 60 27 97
Singapore Y Y 79 88 38 8
South Africa Y Y 51 56 29 87
Sri Lanka Y N 12 34 58 117
Thailand Y Y 39 57 19 91
Vietnam N<2> Y 45 70 32 139

Table 1: Leveraging Markets and Institutions for Data Protection Legislation

…or Narrative Traps?

While “cyber sovereignty” and “digital colonialism” are useful for condensing complex phenomena into catchy phrases, the way they are used often takes away much-needed nuance in the discussion around norms and regulations for cyberspace and the broader digital realm. A 2013 article on the “assertive China” meme puts it best, “…an important but understudied feature of international relations…is the speed with which discursive bandwagoning in the online media and the pundit blogosphere creates faulty conventional wisdoms.

Cyber sovereignty, in the policy sphere, has both a positive connotation, centered on “taking back control” from technology giants, as well as a negative one that leaves the definition of digital rights and duties to the state alone, and its overreach can take the form of internet shutdowns, Great Firewalls and surveillance. The double connotation lends itself to confusion, with some analysts conflating cyber sovereignty with cybersecurity and autonomy, and others asserting that the use or acceptance of the term “cyber sovereignty” is in effect an endorsement of authoritarianism (“the China model”) in cyberspace. Interestingly, the ‘China Model’ predates and will outlast any development of the cyber sovereignty narrative as the international system and the Westphalian arrangement recognise the suzerainty of the state.

Digital colonialism is a similarly loaded term. Analysts frequently pair this meme with the Global North-South dichotomy, even though the “colonisers” are not all from the North -- China being the obvious example -- and the “colonies” are not equally exploited nor uniformly from the geographic “South”. The “digital colonialism” narrative also pits a handful of states – namely China and the United States – against the rest of the world without acknowledging that the citizens of these states themselves are also subject to exploitation. Here too, it would seem that US and China would have diametrically opposite takes. US, the old ‘super power’ is more willing to live with this brand while China promotes its platforms under the garb of the other state centred narrative.

Misconceptions about digital colonialism and cyber sovereignty therefore miss the fact that a country’s stance on cyber issues is determined by a complex interplay of economic, governance, social and political factors. In India, for instance, one of the drivers for data protection comes from the civil society’s call for frameworks to regulate digital governance tools and limit the scope for misuse. In South Africa, where trust in regulatory institutions is higher (see Table 1), the call for data protection is a response to several data breaches of South African companies that left the personal information of tens of millions of South Africans exposed. In the EU it flows from the urge to reclaim individual agency and for the US market access remains the key motivation.

Another fallacy is the conflation of national interest and the interests of technology giants. Many global technology giants are engaged in regulatory tussles with the governments of the countries they are registered in: Google and Facebook, for instance, are under the US Congress’ scrutiny over their data, privacy and algorithmic transparency practices. However, the countries they operate in are not afforded the same rights: Indonesia, for example, diluted data localisation requirements, allegedly under US pressure, despite local digital infrastructure operators protesting against such a move.

The varied ways in which ‘cyber sovereignty’ and ‘digital colonialism’ are used in developing nations in Asia and Africa imply that not every aspect of cyber norms and regulations fall under the US-China dichotomy. These two terms, while being terms rooted in the geopolitics of technology, should also be understood in the context of each country’s unique needs and ambitions.

<1> As well as China, as a P-5 member

<2> Vietnam’s Cybersecurity and Consumer Protection Acts include elements of privacy, localisation and data security.

The views expressed above belong to the author(s). ORF research and analyses now available on Telegram! Click here to access our curated content — blogs, longforms and interviews.


Trisha Ray

Trisha Ray

Trisha Ray is an associate director and resident fellow at the Atlantic Council’s GeoTech Center. Her research interests lie in geopolitical and security trends in ...

Read More +