DAVID MONYAE: Africa’s digital sovereignty a timely and relevant debate

The rapid increase in internet access in Africa over the last 10 years, and the widespread deployment and adoption of digital technologies such as undersea and terrestrial cables, smartphones, sensors and artificial intelligence, have underpinned an exponential growth of the digital sphere in both scale and scope.

Aided and abetted by the Covid-19 pandemic lockdown regulations, the internet is fast becoming the foundation of Africa’s entire socioeconomic activities, transforming business, governance and socio-institutional models. Due to increased demand for digital services and the huge volumes of data produced, Africa’s digital economy is expected to reach $180bn by 2025, about 7.2% of its current GDP.

The expansion of the digital sphere has not been unproblematic. While digital growth comes with huge socioeconomic benefits, it is also fraught with strategic vulnerabilities to national security. Digitisation involves the creation and capture of enormous volumes of data from national defence, key infrastructure in energy and water, macro-behavioural characteristics, national registries, to financial transactions, industry, mining and sensitive government information. This data is created and captured using technologies supplied and controlled by a few foreign (mostly US) multinationals.

The data is stored and processed in servers located in the US, and the few that are located in Africa are still owned and operated by the same international companies. It is sold to advertisers and businesses and at times released on the orders of the US government, as the revelations by Edward Snowden revealed in 2013. Even the distribution of economic benefits accruing from digitisation is lopsided in favour of the few Big Tech companies. Such vulnerabilities have drawn Africa into the raging global debate on digital sovereignty.

The concept of digital sovereignty has been invoked in opposition to the overwhelmingly disproportionate control of the digital ecosystem by a few Big Tech companies, such as Google, Facebook, Amazon, Twitter and Alibaba. Big Tech captures more than 90% of all revenue and profits in the digital market, exposing profound inequalities and inequities in the global digital market. Hence, digital sovereignty is broadly understood as the need for state or national “control and regulation of data, software, standards and protocols, processes, hardware, services and infrastructures”.

While the digital sphere has been highly privatised and globalised, the national security threats it presents have amplified calls for states to stamp their authority and protect sensitive national information, their businesses, and citizens from exploitation in the digital market. The dominance of a handful of US firms in digital technology has been variously labelled as digital imperialism or digital colonialism. Digital sovereignty promotes national digital self-determination and independence by confining the storage and processing of data, thus giving national authorities more control over both the domestic and transborder flow of digital data produced in their jurisdictions.

Proponents of digital sovereignty argue that developing countries would be able to participate in the data value chain, thus ensuring a more equitable distribution of digital economic benefits. It is therefore important that African countries formulate policies and regulatory and legislative reforms to enhance their digital independence.

The debate on digital sovereignty has led to geopolitical tensions between the global powers. The EU, whose digital economy is heavily dependent on American technology and infrastructure, has been a strong proponent of digital sovereignty. The EU has developed a mix of regulations, legislation and initiatives as it bids for more control over the digital ecosystem within the region. In what could be branded a regionalisation of digital sovereignty the EU’s regulation on the Framework on the Free Flow of Non-Personal Data advocates for the free flow of the cross-border transfer of nonpersonal data between member-states.

The Digital Markets Act proposed in December 2020 is designed to undercut the anticompetitive tendencies of American Big Tech, thus curtailing their market power. The EU is also promoting the GAIA-X project, which seeks to build a pan-European network of cloud services infrastructure informed by European standards and values. China is also pursuing national digital sovereignty. Article 40 of the Personal Information Protection Law mandates digital infrastructure operators to store data produced and collected within China in China. Personal information can only be sent outside China according to a strict security protocol.

The Data Security Law that deals with non-personal data places the state at the centre of data management and security to protect Chinese interests. While open to cross-border transfers of data, localisation is a fundamental part of Beijing’s data policy. Multinationals that may wish to export Chinese data have to go through a thorough security assessment. Moreover, in its quest for digital sovereignty China has nurtured home-grown companies such as Alibaba and Tencent, which now dominate its digital market.

Digital sovereignty is incompatible with the laissez faire approach that underpins US global tech supremacy. As such, digital sovereignty would undermine the US influence on the global digital terrain. Going against the grain, the US passed the  CLOUD Act in 2018, granting it the power to access foreign citizens’ data from servers located outside the US for use in legal proceedings. Further, the US threatened to impose trade tariffs on a number of countries, including in the EU, that wanted to tax American tech companies making big profits in their markets.

The US seems to revel in the geopolitical advantages that come with its tech titans’ unbridled access to the global digital markets. In terms of domestic digital sovereignty, the American constitution protects the corporate autonomy of Big Tech despite spirited government efforts to break them down. In June a US court shot down a government attempt to break up Facebook on account of its alleged violation of competition laws.

As the digital sphere increasingly occupies an ever more important place in Africa’s socioeconomic landscape the continent cannot afford to stand outside the debate on digital sovereignty. To safeguard its data assets and enhance its digital sovereignty and economy, Africa must formulate effective regulatory and legislative mechanisms. Already 25 African countries have passed online consumer legislation, 39 have cybercrime laws, 27 have data protection and privacy and 33 have e-transactions laws. While this is encouraging, it still means most countries lack comprehensive legislation on their digital spaces.

SA is looking to lead the way, having produced a comprehensive draft national policy on data and cloud, which proposes a multidimensional approach to digital sovereignty and self-determination. The policy issues addressed in the draft, such as competition and trade, cybersecurity, localisation and cross border data transfer, and skills and capacity development, all seek to promote SA’s digital sovereignty.

Senegal recently moved all of its government data to a new national data centre, which will ensure the country has full control and ownership of its data. At the continental level, the AU's digital transformation strategy (2020-2030) is firmly on the side of digital sovereignty as it commits to “ensure Africa’s ownership of modern tools of digital management.” At the global level, the majority of African countries supported a UN resolution countering the use of information and communication technologies sponsored by China and Russia in 2019.  The resolution seeks to shape global norms towards the precedence of national sovereignty in the cyberspace. If the foregoing is anything to go by, then Africa is fully aware of the strategic value of digital sovereignty. 

However, with only 1% of the world’s data centres, and most of them foreign-owned, Africa does not have the capacity to store, process and control its data. This means Africa’s data is harvested and exploited by Big Tech, with little benefit for the continent. Some of the key stakeholders that can help African countries realise their aspirations for data sovereignty are the telecom carriers. Africa has huge carriers that dominate the continent, such as MTN, Orange, Vodacom, Etisalat, Airtel, Safaricom, Econet and Glocom.

One of Econet’s subsidiary companies, the Africa Data Centres  plans to add more data centres to the five it already has in SA, Kenya, Rwanda and Nigeria. Vodacom has recently partnered with Digital Parks Africa to build large-scale data centres to serve the growing demand for digital services. As the ICT leaders in the continent, telecom carriers can partner with governments to accelerate the building of data centres across Africa to maintain the storage, processing, and analysis of African data on African soil.

This will not only add more value to Africa’s digital economy but also ensure that sensitive African data is safe and not exploited in ways that can undermine its security.

• Monyae is director for the Centre for Africa-China Studies at the University of Johannesburg.