The concept of sovereignty is widely believed to have originated at the end of Europe’s Thirty Years War, with the Treaty of Westphalia, in which, for the first time, the absolute authority of a nation-state over its territory was recognized.
Until then, rulers could only claim dominion over the territory they controlled—meaning that sovereign power diminished the further you were from its centre. According to Westphalian notions of sovereignty, on the other hand, citizens owed allegiance to the territory—regardless of how far away they were from its capital—and through the territory, to the sovereign authority.
Even though the treaty was signed in 1648, it wasn’t till a couple of centuries later, with the Industrial Revolution, that the territorial underpinnings of sovereignty began to bear fruit.
Technologies like the steam engine, railways and telegraph compressed distances within countries, allowing rulers to access far-flung territories with greater ease and efficiency.
This territorial rescaling (as Charles Maier puts it) significantly enhanced national prosperity, letting greater value be extracted from the land and its people than was previously possible.
Nation-states now had every incentive to preserve the sanctity of their territory. They hastened to articulate a universal public law under which sovereign states would have exclusive jurisdiction over all property and persons who happened to be located within their territory—but, at the same time, would not be allowed to exercise jurisdiction over property and persons outside that territory.
This symmetrical doctrine is the fundamental basis for modern international relations. It supports the sovereign right of nations to establish their own laws, and acknowledges that anyone who chooses to enter the jurisdiction of a foreign state must abide by its rules, no matter how different they are from the place they came from.
This is the reason why anyone who commits a criminal act within the territory of one state can escape prosecution by simply crossing a border to another state—and, quixotically, why that other state cannot prosecute the fugitive for a crime committed beyond its borders.
The internet, the world’s most recent space-compression technology, has shrunk distances like nothing that came before it. Not only has it compressed distances within countries, it has shrunk distances between them and created the deeply interconnected world that we inhabit today.
However, unlike in the past, when space compression respected territorial sovereignty, the internet pays no heed to national boundaries or the different laws that each sovereign nation enforces within its borders.
It is, to that extent, completely unmoored from the notion of Westphalian sovereignty, and it allows the actions of individuals and corporations situated in one country to affect those in another without ever crossing physical borders.
This fundamental feature of the internet has, since its very inception, forced us to engage with issues of jurisdiction differently when it comes to the digital realm. In the early days of the internet, we tried to look the other way, sweeping jurisdictional challenges under the carpet of web exceptionalism.
That approach is increasingly falling out of favour. Now that the internet is essential infrastructure, governments around the world are less and less inclined to allow private corporations to control what transpires on it or have exclusive access to the data that traverses through it.
In 2018, when the Justice Srikrishna Committee released a draft data protection law for India, it included, for the first time in a data protection law, explicit localization provisions that required certain kinds of personal data to be processed only in India.
There are many benefits that we enjoy and have come to take for granted precisely because there are no restrictions on data flows. We need look no further than the speed of our pandemic response to appreciate the important role the internet has played in getting genomic data on the novel coronavirus to scientists around the world in a short time, giving them a head start in vaccine development.
Had scientific information not been able to flow from one corner of the world to the other, we would simply not have been able to develop not one, but five major covid vaccines in such record time.
Regardless, governments around the world have grown increasingly interested in asserting greater sovereign authority over the data of their citizens, with a view to curbing the power of private corporations that operate as gateways to our internet access as well as ensuring that the manner in which this data gets used conforms to national law.
Notably, despite the initial opposition globally to India’s data localization policy, digital borders have hardened everywhere since then.
Last week, Microsoft announced the launch of its new European Union Data Boundary service, which makes a hard commitment to all the companies that sign up for this service that their data will never move out of the EU.
It seems that at least one big technology company is willing to regionalize its cloud offerings, choosing to capitulate to the European demand for regional sovereignty instead of placing all its eggs in the ‘safe harbour’ basket. One wonders if other tech companies will follow suit.