From Snowden to Sovereign AI: The Fragmenting Internet and the Future of Data Sovereignty

A vast, glowing digital cabinet of files stretching into the horizon — A vast digital cabinet containing all information, the Cloud

A cabinet holding all the information in the world – isn’t that incredible? Microsoft Chairman Brad Smith likens the cloud to precisely this ‘digital filing cabinet.’ But this isn’t just an old cabinet for stacking files. It’s like a giant heart that powers the global economy, society, and each of our lives.

The core theme running through his book, “Tools and Weapons,” is the duality of technology. It can be an ‘incredible tool’ that propels humanity forward, and in the very next moment, a ‘fearsome weapon’ that threatens and divides society. Facing the massive waves of artificial intelligence (AI) and cloud computing, we stand at a historical inflection point. And precisely because of this, new rules fitting this new era have become desperately needed.

“If your technology changed the world, you also have a responsibility to help people adapt to that world.”

This sentence is a weighty declaration thrown at Silicon Valley, which had been solely advocating for ‘disruptive innovation.’ Let’s now delve into the complex story surrounding this ‘world’s cabinet.’

Part 1: Borderless Data vs. Bordered Laws: The Clash of Sovereignty

The Beginning of Everything: Snowden and Shattered Trust

In 2013, everything changed. The name Edward Snowden, a contractor for the U.S. National Security Agency (NSA), instantly shattered the rosy illusion of the ‘borderless cloud.’ The documents he leaked were nothing short of shocking. The U.S. government was accessing the data of people worldwide as if it were in their own living rooms, through the servers of American big tech companies.

A shadowy figure representing Edward Snowden against a backdrop of flowing data code — Edward Snowden's revelations shattered trust in the cloud era.

This incident shook global trust in American technology companies to its core. People began to ask: “Where is my data right now, and who can see it?” The cloud industry, which had been operating on the invisible asset of ’trust,’ now entered an era of ‘verification’ and ‘control,’ and it was at this point that the concept of Data Sovereignty emerged at the heart of global politics.

Vying to be the ‘Custodian’ of Our Data

As trust eroded, technology companies, including Microsoft, had to adopt a new philosophy of ‘Data Custodianship’ to survive. It was a declaration that, just as banks safeguard our money, cloud companies have a duty to protect customer data not only from hackers but also from undue government interference.

The owner of the data is not the service company, but only you, the customer, and we are merely custodians who store it safely. Beyond legal defense, this was a desperate business strategy to regain customers’ trust in an age of distrust.

The Trial of the Century: The U.S. Government vs. Microsoft

The role of ‘data custodian’ was immediately put to the test in court. This was the case where the U.S. Department of Justice demanded that Microsoft hand over emails from its data center in Dublin, Ireland.

U.S. Government: “Microsoft is an American company, so it must comply with our laws.”
Microsoft: “The data is on Irish soil, so it must comply with Irish and EU laws.”

This lengthy battle was a head-on collision between digital services moving without borders and old laws tied to specific territories. Ultimately, this case led to the U.S. Congress enacting the CLOUD Act in 2018. This incident clearly demonstrated that technology companies sometimes had to fight their own governments to protect the rights of their global customers, becoming complex ‘digital diplomats.’

Part 2: The Fragmenting Internet, and the Birth of New Markets

The collapse of trust and legal uncertainty ultimately ignited a global demand for Data Localization. The ‘Splinternet’ phenomenon, where the once-connected internet is fractured along geopolitical boundaries, deepened.

A map of the world fractured into different colored digital zones — The 'Splinternet' phenomenon where the internet is fragmented due to national regulations

🇪🇺 European Model (Rights First!): Protects individual privacy as a human right through GDPR.
🇨🇳 Chinese Model (State Centric!): Completely controls data flow through the Data Security Law (DSL).
🇮🇳 Indian Model (Somewhere in Between): Seeks a balance between individual rights and national development through the Digital Personal Data Protection Act (DPDPA).

Turning Crisis into Opportunity: The Emergence of Sovereign Clouds

Global cloud companies turned this challenge into a new opportunity. They created premium services that satisfy each country’s stringent regulations: ‘Sovereign Cloud.’ This was a sophisticated business strategy of commodifying the value of ‘sovereignty’ and selling it at a higher price. They effectively pioneered a new market out of the crisis of geopolitical fragmentation.

The New Battlefield of Sovereignty: Sovereign AI

The advent of generative AI has extended the concept of sovereignty to all aspects of AI development. Nations are pursuing ‘Sovereign AI’ strategies to control their own AI ecosystems tailored to their laws and cultures.

However, a serious ‘sovereignty paradox’ is hidden here. This is because essential resources for developing cutting-edge AI models, such as NVIDIA GPUs, are monopolized by a few American companies. Nations that advocate for digital independence are paradoxically trapped in a dilemma where they must rely on foreign platforms they once considered threats to their sovereignty to achieve their goals.

An AI brain icon wrapped in a national flag, connected by wires to a GPU chip — Sovereign AI pursues independence but faces the paradox of technological dependence.

Conclusion: We Need a New Promise

At the end of this journey through “Tools and Weapons,” we arrive at one conclusion: the questions posed by cloud and AI cannot be solved by the power of a single company or a single nation. To bridge the gap in this era, where the speed of technology outpaces laws and regulations, a new social contract involving all of us is needed.

Greater Responsibility from Tech Companies: A stance is needed that proactively considers and takes responsibility for the social side effects of technology.
Intelligent Regulation by Governments: Wisdom is needed to protect citizens without hindering innovation.
Cross-Border Cooperation: International norms for protecting civilians in cyberspace, a ‘Digital Geneva Convention,’ are urgently needed.

Closing the gap between the speed of technology and the speed of law is a critical task for our generation. Ensuring that this ‘world’s cabinet’ of the cloud remains a tool for shared prosperity, not a weapon of division, is the responsibility of all of us.

References

Smith, B., & Browne, C. A. (2019). Tools and Weapons: The Promise and the Peril of the Digital Age. Penguin Press.
European Union. (2016). Regulation (EU) 2016/679 (General Data Protection Regulation).
People’s Republic of China. (2021). Data Security Law of the People’s Republic of China.
Republic of India. (2023). The Digital Personal Data Protection Act, 2023.
Various online articles and reports from World Economic Forum, AWS, Google Cloud, Microsoft News Center, etc.