Data Sovereignty is an ambiguous term that has recently been the subject of much discussion in political debates at national and European level.

The meaning is not determined by the concept of sovereignty in constitutional law, because according to this concept, Data Sovereignty would have to be associated with absolute control over one's "own" personal data. However, this would be tantamount to recognising rights similar to ownership and would inadmissibly curtail the rights of the data controller and third parties.

The central issue is to shape the consequences and effects of digitalisation, big data and artificial intelligence on social and individual possibilities of controlling data (cf. Hummel/Braun/Augsberg/Ulmenstein/Dabrock, Datensouveränität - Governance-Ansätze für den Gesundheitsbereich). The common thesis is that previous data protection concepts, based for example on concepts such as “Datensparsamkeit” (i.e. data thrift) or purpose limitation, are no longer sufficiently effective in the face of new challenges. Based on this, Data Sovereignty includes forms of controllability, consent and also requirements for explainability and transparency of data processing.

The “Deutsche Ethikrat” (German Ethics Council) has described Data Sovereignty in this sense as an instrument of "shaping informational freedom" that further develops the concept of informational self-determination. Others speak of a "bridge between data protection and data economy law" (Steinrötter). With "genuine" Data Sovereignty, the deficit of voluntariness should be overcome through a "sovereign consent process" (U. Seidel).

In business, public administration, international relations and other contexts, not only individuals but also organisations, populations and countries are characterised as actors with claims around data sovereignty (cf. Hummel/Braun/Tretter/Dabrock, Data sovereignty: A review). In all these cases, Data Sovereignty is based on notions of which actors have legitimate claims to control over which data (cf. (vgl. Hummel/Braun/Dabrock, Own Data? Ethical Reflections on Data Ownership). The new conceptualisation assumes a shared data power between the controller and the data subject, who is referred to as the “Datengeber” (i.e. the data provider).

To be distinguished from such "Economic Data Sovereignty" would be "Administrative Data Sovereignty". This means that the citizen, who makes his data available to the state according to the once-only principle, should be able to see at any time via his own account which authority processes which data about him for which purposes.

The “Datenschutzkonferenz” (the Conference of the German data protection supervisory authorities) accuses the advocates of Data Sovereignty of wanting to turn data into a purely economic factor and thus conceal restrictions on data protection. Accordingly, it rejects the term as a softening of the right to informational self-determination and the “Verbotsprinzip” (i.e. the precautionary principle) (cf. DSK, Grundsatzpositionen).

The concept of data sovereignty must be distinguished from that of digital sovereignty [Tile PC.30].