Via a study of digital sovereignty and its blockchain interactions, this paper shows the tensions and frictions born from the last twenty years of the Internet’s evolution. Part of the Blockchain & Procedural Law seminars (Max Planck Institute Luxembourg for Procedural Law).
In the last five years, digital sovereignty has been garnering significant interest in academia and the public debate. The use of this expression has progressively spread in scientific literature and more generally in the news.1 Although it has attracted attention, the content and meaning of this notion remain elusive and vary significantly in accordance with its context of use. Since it is a fairly recent and emergent concept, its meaning is still not clearly set or gelled. Academic literature on this topic is also scarce. The expression ‘digital sovereignty’ does not equate to the sum of its terms, nor does it translate in the digital realm to the Westphalian conception of sovereignty.2 It is commonly understood as an umbrella notion which encompasses data and technological sovereignty. As a consequence, actors, such as states or activists, use digital sovereignty as a lever to push forward their agendas and adapt the meaning of the concept to serve their goals.3 For instance, the European Union and its Members are now using ‘digital sovereignty’ as a political ideal that should be taken into account when establishing policies and long-term strategies in relation to technology.4 Among these States, France stands out as it has eagerly embraced and promoted the concept of digital sovereignty. It has actively supported initiatives that could materialize this ideal, such as the failed attempts to establish a sovereign cloud5 and the struggling search engine ‘Qwant,’ presented somehow as the ‘French Google.’6
The expression ‘digital sovereignty’ appeared in France at first in academia before it was popularized by Pierre Bellanger, the founder and former CEO of a French radio station called ‘Skyrock,’ and it was then quickly adopted by the State, its agencies and other public bodies. The following rough chronology of the dissemination of the notion in France shows how it has migrated from publications to summits, legislation and governmental reports.
A Rough Chronology of the Dissemination of the Notion of Digital Sovereignty in France
2006: first academic publication in French on the topic:7
- Bernard Benhamou8 & Laurent Sorbier, Souveraineté et réseaux numériques, 3 Politique étrangère 519.
2012: first article published by Pierre Bellanger:
- Pierre Bellanger, De la souveraineté numérique, 3 Le Débat 149.
2013: Report authored by senator Catherine Morin-Desailly for the Senate’s Committee on European Affairs depicting the EU as a colony of the digital world:
- Catherine Morin-Desailly, Rapport d’information sur l’Union européenne, colonie du monde numérique [Investigation Report on the European Union, a colony of the digital world] 6 (2013).
2014: first monograph on the topic of digital sovereignty written by Pierre Bellanger:
- Pierre Bellanger, La souveraineté numérique (2014).
From 2014 to 2017: three summits on digital sovereignty (in French ‘Les Assises de la souveraineté numérique’) were organized to raise awareness, and they led to the establishment of a think-tank named l’Institut de la Souveraineté Numérique [the Institut of Digital Sovereignty];9
2016: the Law for a Digital Republic10 calls for a study on the opportunity to create a commissioner for digital sovereignty;
2016-2017: publication of two conference proceedings in the legal field:
- Annie Blandin-Obernesser, Droits et souveraineté numérique en Europe [Rights and Digital Sovereignty in Europe] (Bruylant 2006); and
- Pauline Türk & Christian Vallar, La Souveraineté Numérique: le Concept, les Enjeux [Digital Sovereignty: the Concept and the Stakes] (Mare & Martin 2017).
2019: Senatorial Report on Digital Sovereignty comprising in its annex the Study on the Opportunity to Establish a Commissioner for Digital Sovereignty11
Although France has included the expression ‘digital sovereignty’ in the 2016 Law for a Digital Republic and has devoted an entire senatorial report to this subject in 2019, as of the time of this writing there is still no authoritative French definition of digital sovereignty. The 2019 Senatorial Report on Digital Sovereignty defined digital sovereignty in a very loose, catch-all fashion as the capacity of a state to act in Cyberspace,12 which means that claims of sovereignty are cross-cutting and that they may encompass most of the digital realm (infrastructures, technologies, technological standards, contents, platforms, online activities). Blockchain has not eluded this trend, and as a consequence, it constitutes an interesting case study that shows how the concept of digital sovereignty—meaning a State’s desire to exercise power and control over technology—concretises itself through regulations and policies. By drawing on the example of France and the European Union, this article delves into the different interactions between the concept of digital sovereignty and blockchain technology.
Digital sovereignty has been associated with blockchain in serving three main purposes that are addressed in the three following sections. The second section will look at how digital sovereignty may be called upon to legislate the emergence of blockchain and its applications. This section will explain why France has opted for a system that relies primarily on digital assets service providers and on a voluntary regulatory process. The third section deals with policies designed to build an ecosystem favourable to blockchain innovation. The aim of these policies is to prevent the European Union and France from becoming dependent on foreign powers in respect of Distributed Ledger Technology (‘DLT’). The last section examines a variation of the notion of digital sovereignty, data sovereignty, which considers the risks associated with the loss of control over national data. In the case of blockchain, the main issue that needs to be resolved is how to ensure data protection on a decentralized network that compiles immutable records.
Initially, sovereignty claims emerged in relationship with Internet governance at the beginning of the 2000s. States, which sought to control online actions and content exchanged on the Internet, opposed the libertarian ideology that infused the Internet in its infancy. The concern of these States lied mainly in their capacity to restrict the free-flow of ideas on the Internet. They wanted to avoid the risk that their population would access content that may undermine their values or political stability. In some cases, national sovereignty was invoked as a ground to justify censorship and the filtering of data shared on networks. The call for digital sovereignty, or at that time ‘cyberspace sovereignty,’13 assimilated Cyberspace into a territory, that should be divided to replicate borders of the tangible world. Solutions envisioned by these States to regain control of Cyberspace consisted mainly of the territorialisation of information flows.14 A well-known example of this solution is China’s ‘Great Firewall’ that filters and may block foreign content. One of the risks presented by the territorialisation of information flows is the splintering of the Internet, or what has also been called the Balkanization of the Internet.15 This form of digital nationalism may lead to a fragmentation of the Internet, which would be a terrible loss and go against the very essence of the global network.
This understanding of digital sovereignty goes hand in hand with attempts to change the governance of the Internet’s infrastructure. For instance, China has advocated a switch from the multi-stakeholder-led system enshrined in the Internet Corporation for Assigned Names and Numbers (‘ICANN’) to a multilateral model relying on the International Telecommunication Union (‘ITU’) and the United Nations.16 In France, proponents of digital sovereignty have preferred to draw an analogy between Cyberspace and the sea. They argue that like the sea, the Internet should be subject to an international treaty to establish guidelines on its functioning.17
The significantly watered-down version of this understanding of digital sovereignty may also be found in the will of states to regulate online activities. This understanding of digital sovereignty runs against the ideological foundations of the Internet, which are rooted in libertarianism, openness, and the free-flow of information. Under this perspective, the Internet is understood as a borderless space, free from the law, jurisdiction, and state sovereignty. The only regulation acceptable, in this view, would be self-regulation. The famous quotation from John Perry Barlow’s 1996 Declaration of the Independence of Cyberspace sums up aptly this view:
‘Governments of the Industrial World, […] I come from Cyberspace, the new home of Mind. On behalf of the future, I ask you of the past to leave us alone. You are not welcome among us. You have no sovereignty where we gather. […] We must declare our virtual selves immune to your sovereignty, even as we continue to consent to your rule over our bodies’ [emphasis added].18
States have not embraced this utopian libertarian vision and have restricted Cyberspace in numerous ways to impose rules and laws on actors providing services on their territories, promote their interests and protect their values and citizens. The first example that may come to mind is, for instance, the recognition and enforcement of intellectual property rights online.
Blockchain and its first application, Bitcoin, have inherited some of the Internet’s libertarian ideology; the cypherpunk movement notably influenced its design.19 This movement advocated for the deployment of cryptographic tools to protect privacy and escape governmental or corporate control.20 As a consequence, the architecture of blockchains relies on a decentralized peer-to-peer network, which is devoid of a central point of control.21 Furthermore, on a permission-less blockchain, nodes spread across different territories, which makes it essentially impossible for a government to take it down.22 Anonymity and pseudonymity also present a hurdle for States’ control.
Nevertheless, although governments have reacted to Bitcoin and blockchain instead of foreseeing them, they are catching up and adopting regulations. In France, the first incursion of the legislator in this field was discreet. In 2016, an ordinance provided that DLT could be used to record the issuance and the sale of short terms bonds called ‘mini-bonds’ (in French ‘minibons’) on online crowdfunding platforms.23 The aim was to acknowledge and introduce DLT into banking and financial law. The choice of the terminology in French (‘dispositif d’enregistrement électronique partagé’) was dictated by the will to be technologically neutral, to leave sufficient leeway for future evolutions and to avoid obsolescence.24 Terms such as ‘blockchain’ or ‘DLT’ were deemed too narrow and ephemeral. The scope of this first disposition was extended, in 2017 by a second ordinance, to unlisted securities (in French ‘titres financiers’).25 A third ordinance completed the legal scheme specifying that DLTs should be designed and implemented to guarantee the recording and integrity of the registrations and to enable, directly or indirectly, the identification of the owner of the instruments, their nature and how many are detained.26
Since 2019, the French Government has clarified the taxation of digital assets for individuals: Gains resulting from the sale of digital assets are taxed like ‘income from stocks and other non-real estate assets.’27 Finally, to avoid tax evasion, individuals are required to declare to tax authorities all digital asset accounts that they may have opened, detained, used or closed abroad.28
France’s desire to regulate activities relating to the blockchain took form in 2019, with the adoption of the Action Plan for Business Growth and Transformation, also known as the ‘PACTE law.’29 Money laundering, the financing of terrorism, scams and tax evasion were presented as the main reasons justifying the adoption of this legislation.30 This law set a framework for services provided in connection with digital assets (in French, ‘actifs numériques’).31 Under this single legal category of digital assets, French law lumps together tokens and cryptocurrencies.32 French legislators decided to target blockchain access points by focusing on actors, meaning service providers that deal with digital assets, rather than on the different technologies. The goal was to keep a certain flexibility so that experimentations could continue and that France would stay attractive for blockchain innovation.33 The guiding principle of this law was to create a legal environment that would mix mandatory provisions with schemes that would incentivize service providers to subject themselves voluntarily to regulations. To accomplish this goal, the PACTE law established the legal category of digital assets service providers (in French ‘prestataire sur actifs numériques’ (‘PSAN’)), who offer services such as wallets or cryptocurrency exchange platforms.34
First, PSANs need to comply with Anti-Money Laundering (‘AML’) and Combating the Financing of Terrorism (‘CTF’) regulations.35 Second, to strike a balance between the need to keep French law attractive and to regulate activities that presented risks, two schemes were established to regulate PSANs.36 The first scheme is mandatory and concerns services that are considered as presenting more risks. In this scheme, PSANs that provide two types of services: (i) custody and access to digital assets services for third parties (i.e. wallets) or (ii) purchase and sale of digital assets against legal tender/currency, need to be registered with the Autorité des Marchés Financiers (‘AMF’, France’s stock market regulator).37 Lack of registration for PSANs offering these services will be sanctioned by two years of imprisonment and a 30 000 Euros fine.38 PSANs that have provided these two types of services, before the entry into force of the law, have until 18 December 2020 to be registered.39 As of August 2020, the AMF had registered only two PSANS; one of them being the subsidiary of the other.40
The second scheme relies on voluntary licensing. PSANs that offer other services, such as the exchange of digital assets with other digital assets or the management of trading platforms, may apply to the AMF to obtain an optional license.41 The AMF will publish the name of the PSANs that satisfy the licensing requirements (e.g. insurance policy, human and technical resources, guarantees of resilience and security of the information system to prevent, for instance, hacks). The optional license is expected to signal credibility and foster trust.
Finally, the PACTE law created an optional visa delivered by the AMF for initial coin offerings (‘ICO’) concerning utility tokens.42 This visa is considered a quality label that guarantees that the token issuer has complied with the law and that a fair, clear and non-misleading information document was established for the public.43 The AMF also holds a whitelist of ICOs that have secured its visa.44 As of 2020, only two ICOs had secured an optional visa.
To incentivize actors, PSANs that are registered, licensed or have secured an optional visa are entitled to open bank accounts and have access to banking services.45 This provision was included in the law to overcome the reluctance of banks, which were suspicious of activities related to digital assets and often refused to open bank accounts for companies involved with ICOs or cryptocurrencies.46 Furthermore, PSANs that are registered or licensed as well as ICOs approved by the AMF’s optional visa are also authorized to accomplish direct marketing and canvassing activities.47 These trade-offs are supposed to lure PSANs into France. In this respect, the PACTE law is a manifestation of regulatory competition.48
Another interesting point is that in France, regulation has taken a somewhat linguistic turn. This turn is consistent with France’s peculiar preoccupations concerning its national and cultural identity. In the 1990s, France feared that it would lose its ‘national identity and other cultural values’ because of the Internet’s popularity.49 The same concern was caused by the emergence of blockchain. In 2017, a special Commission for the Enrichment of the French Language (in French la Commission d’Enrichissement de la Langue Française) established a list of French translations and definitions for all the vocabulary surrounding blockchain.50
Example of a translation and definition adopted by the Commission for the Enrichment of the French language:51
Domaine : Finance-Télécommunications/Internet.
Définition : Monnaie dont la création et la gestion reposent sur l’utilisation des techniques de l’informatique et des télécommunications.
1. Certaines cybermonnaies sont convertibles en monnaie régalienne via des plateformes d’échanges.
2. La cybermonnaie ne doit pas être confondue avec la monnaie électronique.
3. Le bitcoin est l’une des principales cybermonnaies.
4. Les termes « monnaie virtuelle » et « cryptomonnaie » sont déconseillés.
Voir aussi : chaîne de blocs, monnaie électronique, pair à pair, preuve de travail, validation de bloc.
Équivalent étranger : cryptocurrency, cyber currency.
Translation [by the author]
Cryptocurrency, cyber currency
Domain: Finance- Telecommunications/Internet.
Definition: currency, whose creation and management relies on the use of computer and telecommunication techniques.
1. Some cryptocurrencies may be converted to fiat currency on exchange platforms.
2. Cryptocurrency should not be mistaken for electronic money.
3. Bitcoin is one of the leading cryptocurrencies.
4. The terms « monnaie virtuelle » (virtual currency) and « cryptomonnaie » (cryptocurrency) are not recommended.
See also: Blockchain, electronic money, peer-to-peer, proof of work, block validation.
Foreign equivalent: cryptocurrency, cyber currency.
Published in 2017 in the Official Gazette of France, the list of these terms is mandatory for policies, letters, and documents issued by ministers, state agencies and public bodies.52 ‘Frenchification’ of the blockchain’s terminology might seem, at first, quite trivial. However, the work of the Commission for the Enrichment of the French Language fits into a more comprehensive cultural diplomacy called ‘Francophonie,’ whose goal is to promote the French language and consolidate ‘its status at the international level in the face of the growing hegemony of English.’53 By setting official translations, the French government exercises soft power, making official the choice of terms used in French in connection with blockchain beyond its borders. This observation underlines another aspect of digital sovereignty, which hinges on technological and economic dependency.
The United States has historically dominated the Internet, its infrastructure, its applications and its governance.54 ICANN and the Internet Society are both American non-profit organizations. Moreover, the technological supremacy of Silicon Valley has led to a handful of tech companies concentrating more wealth and power than some States. This concentration undermines the decentralised precept of the Internet. In France, the acronym ‘GAFA’—composed of the initials of Google, Apple, Facebook and Amazon—is used generically to refer to these companies in a somewhat pejorative way, picturing them as a four-headed behemoth.55 Moreover, the acronym crystallizes complex emotions towards these corporations, mixing resentment, envy and also awe towards the power they hold. New tech giants have similarly emerged in Asia, generating in the French public debate a new acronym, ‘BATX,’ for the companies Baidu, Alibaba, Tencent and Xiaomi.56
Tech giants are able to set standards and models and to influence digital governance and legal frameworks. For instance, the advertising revenue model, which relies on collecting data, has been pushed forward by Google. Tech giants have weakened the States’ prerogatives and shaken their legal frameworks, economic and social structures. These corporations usually proceed without deference to laws and are used to confront States with a fait accompli approach. Numerous examples may be cited to illustrate this approach, like the introduction of ride-hailing companies such as Uber, which have affected the taxi industry and raised fundamental issues concerning labour law.57 Another example of this fait accompli approach is the Google Print project. Rebranded in 2005 as Google Books, this project planned to scan fifteen million books in ten years, and it was unrolled before issues of copyrights were settled.58 In sum, tech giants are outpacing States, which lag and struggle to keep up with them.
Furthermore, some corporations are taking over functions that are considered as governmental functions that are intrinsically linked to sovereignty.59 For instance, the right to issue currency is part of a State’s monetary sovereignty. As a consequence, Facebook’s announcement in 2019 of its intention to launch a digital currency, Libra, stirred up many reactions among States. In France, the Ministry of Economy and Finance has expressed a strong opposition to a private corporation managing a currency like a sovereign State.60 In this case, tensions born from Libra’s announcement may be construed as a matter relating to monetary sovereignty rather than digital sovereignty.
Despite Europe’s standing as the birthplace of the World Wide Web,61 it is still struggling to provide an environment that attracts or encourages the growth of start-ups. Whereas 182 unicorn start-ups with valuations of one billion US Dollars or more have emerged in the United States and 94 have risen in China, only 45 unicorns are located in Europe, of which five are French.62 As a consequence, the concentration of power among a handful of foreign tech companies has instilled a fear of imperialism in France, a fear of losing autonomy and becoming dependent on foreign corporations that are capable of interfering in its governance. This fear was expressed notably in a 2013 French senatorial report written by Senator Catherine Morin-Desailly for the Senate’s Commission on European Affairs.63 The report pitched the European Union as a colony of the digital world dependent on foreign powers that possessed critical technology:
‘Europe is on the brink of becoming a colony of the digital world, as it has become dependent on foreign powers and because, without exaggerating, one can say that she is threatened by underdevelopment.’64
This fear is not groundless, since corporations may be subject to political pressure that can take the form of laws with an extraterritorial reach, which can lead to the ‘suspension of products and services to foreign government or key industries in another country.’65 United States sanctions have, for instance, prevented the Chinese technology company Huawei from concluding a licence with Google to run Android on its smartphones in 2019.66
Digital sovereignty, in this economic perspective, comes into play in two different ways.67 The first way is for States to try to influence tech giants by using what has been called technological diplomacy. In 2017, Denmark appointed the first ‘Tech Ambassador,’ and by doing so, coined the term of ‘techplomacy.’68 His mandate encompasses the United States, China and Europe. He has offices in Palo Alto, Beijing and Copenhagen.69 Instead of interacting with States, the Tech Ambassador visits the headquarters of companies such as Google, Facebook or Amazon. By referring to diplomacy, this policy puts corporations and sovereign States on the same footing. This new strand of diplomacy aims to ‘influence the direction of technology’ and ‘the international agenda’ around its policy, and to push forward ‘Danish interests and values.’70 France has followed in Denmark’s footsteps; in 2017, it nominated its first Digital Ambassador, David Martinon, who was replaced in 2018 by Henri Verdier.71 The role of the Digital Ambassador is to coordinate the conception of French positions on international issues that concern the digital realm and to promote them to international partners and public and private actors.72 One of his economic diplomatic missions is to contribute to the international attractiveness of the French ecosystem for digital innovation.73 The goal is to support French corporations for exportation purposes and to attract foreign investment.74
In parallel with these diplomatic initiatives, States compete with each other at the international level to create their own champions or unicorns. They try to establish strategies and ecosystems that would stimulate innovation and support the growth of new companies taking the lead in different sectors. In practice, this consists of States financing tech industries, launching initiatives, or creating legal environments that attract start-ups and tech entrepreneurs. Most actions in this direction in relation with the blockchain have been taken at the European Union and French level.
Blockchain appears in this frame as an opportunity for the European Union to redeem itself through different initiatives. First, funding for blockchain research was proposed in the Horizon 2020 work programme, and from a special fund started by the European Commission shared with artificial intelligence.75 In 2017, the European Commission opened a call for tender to set up and run a European expertise hub on blockchain and DLTs, so that the European Union may ‘stay at the forefront, build expertise and show leadership’ in this field.76 The call resulted in the launch, in 2018, of the European Union Blockchain Observatory and Forum, whose purpose is to ‘accelerate blockchain innovation and the development of blockchain ecosystems with the EU.’77 Quite ironically, the lead contractor of the chosen consortium was ConsenSys, a corporation with its headquarters in Brooklyn. ConsenSys was replaced in 2020 by Intrasoft, a European IT Solutions and Services Group. In its two-year existence, the Blockchain Observatory and Forum has identified and mapped blockchain initiatives, developed an online platform with a forum to share knowledge, organized 18 thematic workshops (e.g. blockchain for government and public services, blockchain and digital identity), published 13 reports and nine academic papers and, finally, made recommendations.78 In parallel with the Observatory’s work, in 2018, 21 Member States signed a Declaration creating the European Blockchain Partnership to build the European Blockchain Services Infrastructure (‘EBSI’), a blockchain for cross-border services (notarization, data sharing, self-sovereign identity capability, authenticating diplomas).79 As of 2020, nine additional countries have signed the Declaration. Finally, in 2019, the International Association for Trusted Blockchain Applications (‘INATBA’) was launched to improve public-private cooperation between the Member States, international organizations, private entities such as developers, and users of DLTs.80
France has also jumped on the bandwagon and presented its blockchain strategy in April 2019 at the ‘Paris Blockchain Conference.’81 The PACTE law and the fiscal framework for crypto-assets represent the first phase of this strategy as they are supposed to procure legal certainty to corporations. The French government has expressed pride in being among the pioneer States to regulate digital assets.82 Hopefully, this framework will hold a brighter future than another avant-garde French law, the 2009 HADOPI Act, which was supposed to break down the sharing of copyrighted content on peer-to-peer networks and set an example for other States to follow.83 Even though the government hailed this law as ground-breaking and inventive, its application proved to be costly, outdated, and unconstitutional.84 In 2019, the Ministry of Economy and Finance launched a blockchain task force to encourage industries to develop projects using blockchains. Several applications are prioritized for study in specific sectors (construction, food industries, the energy sector). Funding is also available notably through the ‘Plan Deeptech’ launched in 2019 by BpiFrance, a public investment bank.
Although European and French initiatives are announced triumphantly, critics argue that they offer a shoestring budget in comparison to the investments in research and developments made by tech giants and the governments of the United States and China.85 This argument is rather valid, for instance, in the case of research and development relating to artificial intelligence: the European Union has invested four to five billion Euros overall, whereas corporations in the United States and in China and the Chinese government spend roughly 30 to 40 billion Euros per year.86 Achieving digital sovereignty requires massive investments that are still missing in France and Europe. As a consequence, the European Union is unable to compete at the same level as China and the United States. The only option left for the European Union, as is demonstrated in the next section, is to control access to its market of almost 500 million consumers by imposing conditions that respect its values, such as the General Data Protection Regulation (‘GDPR’).87
A new call for digital sovereignty grew in the 21st century as a reaction to threats relating to cybersecurity and espionage. Cases of cyber attacks, such as the series suffered by Estonia in 2007, exposed how a State could be crippled in an insidious way without the aggressor setting foot on its territory.88 Moreover, recent scandals have shown that tech giants may collaborate with governments and that the divide between private and public interests is in some respect blurred and ambiguous. In this respect, the revelations made by Edward Snowden in 2013, disclosing the National Security Agency’s (‘NSA’) widespread surveillance program, incited States to reassess the flow of data across borders.89 The Cambridge Analytica scandal, in 2018, shined an additional light on how data collected by companies like Facebook could be used to target voters and sway elections.90 In this thread, digital sovereignty is conceptually understood as a means to protect State security and its data.
The first measure explored by France to protect national data was to attempt to relocate servers to its territory by developing sovereign clouds. At the beginning of the 2010s, France invested 156 million Euros in two projects, Cloudwatt and Numergy, aiming to establish sovereign clouds.91 These clouds were intended to guarantee the safety of State and corporations’ data by storing it on servers located on French territory.92 The reasoning was that relocating data to national territory would subject it to domestic legislation rather than to foreign laws. Cloudwatt and Numergy failed miserably, whereas the French corporation OVH, which was excluded from these projects, has become without public subsidies the largest hosting provider in Europe.93 This called into question the capacity of a State to bet on the right actors. Despite the fiasco, the idea of a sovereign cloud did not disappear. Germany initiated, in 2019, a European data-infrastructure project called ‘GAIA-X.’ France has quickly lent its support to the project, as it channels all of the discourse relating to digital sovereignty it holds dearly.94 The goals stated in the first brochure presenting the GAIA-X are to strive for data sovereignty, reduce dependencies, make cloud services attractive, and to create an ecosystem for innovation.95
Issues raised by these cloud projects were echoed in the context of blockchain. In accordance with the principle of digital sovereignty, data processed through blockchains should not escape domestic regulations. Still, the decentralised and immutable structure of DLT poses significant challenges to the right to data protection recognized in the European Union. The GDPR’s mechanisms are built on the premise of a central accountable entity processing data, which means that its application to blockchain is by no means straightforward.96 The legal uncertainty generated by this situation may stifle blockchain innovation in Member States. Corporations may fear that their activities would be sanctioned. As a consequence, the French Data Protection Authority (la Commission nationale de l’informatique et des libertés (‘CNIL’)) published, in 2018, guidelines on how to ensure the compatibility of the GDPR with DLT.97 The guidelines seek a balance between two aspects of digital sovereignty (i) imposing national regulations: the fulfilment of the requirements laid out in the GDPR (mainly identifying data controllers, the effective exercise of right to erasure) and (ii) technological independence: building a framework to attract and grow domestically blockchain innovation.98
Finally, even when national data is located on a State’s territory and under its jurisdiction, cybersecurity might still be an issue. Estonia, for instance, has been called a digital republic because it has deployed a single digital platform to make available to its citizens important public services like voting or filing taxes.99 The backbone of this platform is a blockchain whose purpose is ‘to enforce the integrity of government data and systems.’100 Estonia has devoted considerable attention to ensuring the continuity of its digital platform and services. As of 2017, Estonia and Luxembourg concluded an agreement to set up an Estonian ‘data embassy’ in Luxembourg as a fail-safe in case of cyber-attacks or an invasion.101 The data stored in the embassy would permit the government to continue to operate. In the event of an invasion, there may be a disconnection between the State and its territory raising critical legal issues. The agreement between the Republic of Estonia and the Grand Duchy of Luxembourg on the hosting of data grants immunity to the embassy and declares its premises inviolable.102 The choice of terminology relating to diplomacy to designate a data centre strongly links this development to a traditional understanding of sovereignty.
Through the study of the emergence of the notion of digital sovereignty and its interactions with blockchain, this article shows the tensions and frictions born from the last twenty years of the Internet’s evolution. As a result, digital sovereignty may manifest itself in many different forms: the will to regulate online activities and actors, the need to compete for economic independence from tech giants while trying to establish the same dominance, and the protection of data. Still other avenues, regrettably less explored by States,103 exist to achieve sovereignty. First, States may invest in public research, instead of investing in private corporations or offering them attractive legal frameworks. Major inventions like the Internet and the World Wide Web are the fruit of public research projects. In addition, when funding research programs, States may support models that rely on the notion of the commons, such as the open-source software or free software movements. The Internet was conceived under ‘a global common good approach.’104 The VLC media player software illustrates how this path may prove immensely successful. This free and open-source software was developed as a project in a French institute of research and higher education, l’École Centrale Paris. In 2020, VLC media player was downloaded more than 3 billion times, and it has 400 million users.105 These approaches are moreover consistent with another understanding of digital sovereignty, which stresses users’ self-determination and control over data and software. Civil society and activists may indeed invoke digital sovereignty as a channel for empowerment and emancipation from not only tech giants, but also governments. This conception of digital sovereignty, which was at the heart of Bitcoin’s autonomy, is gradually fading away in the corporatization and institutionalisation of blockchain.