More clouds over Africa: What will they bring?

Google announces the establishment of its first cloud region in Africa.

Google announced that it would be establishing its first cloud region on the African continent in South Africa at the beginning of October 2022. The news follows the establishment of cloud regions and data centres on the African continent by other top cloud service providers like Amazon Web Services (AWS) and Microsoft Azure. In order to provide full-scale cloud infrastructure for Africa, Google said it will also expand its network via the Equiano subsea cable and construct Dedicated Cloud Interconnect sites in Johannesburg, Cape Town, Lagos, and Nairobi with the intention of building full-scale cloud capability for Africa.

This development means that South Africa is now a part of Google’s global network of 106 zones and 35 cloud regions. In essence, Google cloud regions give customers access to a variety of services, including cloud storage, computing engines, and essential management tools. Cloud regions let Google deploy cloud resources from specific geographic areas. The decision to establish a cloud region in South Africa aims to bring Google cloud services closer to regional clients, allowing them to innovate, deliver faster and more securely, creating dependable experiences for their clients, and assisting in the business acceleration.

According to Google, the main beneficiaries will be African entrepreneurs as well as regular Google users who would gain from improved product development, such as voice typing support, street view imaging, and so on. However, the establishment of a cloud area also has an unanticipated side effect that may support data sovereignty for African nations. Due to cascading legacies of colonialism and structural adjustment, African societies were not well positioned to take advantage of the digital transformation and have frequently fallen behind in the adoption and deployment of particular technologies. This has often caused them to regulate those same technologies much later than they should.

Data is one such technology that is always finding new applications and uses. Due to the extraterritorial nature of data and the above mentioned delays, African countries ultimately find themselves at the mercy of other countries’ data rules and regulations in the absence of their own. Principles of data sovereignty may help advance the idea that African nations are capable and active participants in how their data is governed.

What is data sovereignty?

Data sovereignty focuses directly on questions like “Who controls the flow of data at each stage?”, “What duties do the parties involved have?”, and “Whose laws govern these data transactions, and why?” Law and policy approaches, as will be discussed below, can guide the conceptualisation of how to think about what answers should be considered.

One re-emerging issue is that there are currently no international agreements on cross-border data transfers, which are the foundation of the global digital economy. Certainly, there are conflicting ideas about how to govern transfers, which is, to put it mildly, an issue. Big Tech companies and the countries where they are headquartered, and which profit the most from cross-border data flows, often seek to promote digital trade regulations that guarantee the “free flow of data” which cater to their financial interests.

Today’s world economy is, in a nutshell, dependent on data. Transactions and communications are highly dependent on constant, real-time data flows, frequently across boundaries and borders. According to the World Economic Forum, an estimated 70% of new value created in the economy over the next decade will be derived from digital platform business models. Realtime business intelligence analysis of cross-border data flows will be essential to managing their supply chains, operations, value propositions, and business models. Big IT firms already enjoy a competitive edge thanks to their extensive infrastructure for data processing, storage, and analysis (but most African countries and companies do not yet have these capabilities). However, on the other end of the scale, some countries see these unchecked data transfers as a threat to their digital sovereignty. Edward Snowden’s disclosure of a US government-run surveillance programme that tracked the communications of individuals and foreign leaders furthered this cynicism.

Thus, the best way to understand data sovereignty is as a form of data control often times by the state, although this may apply to large organisations as well. What I mean by data control is the ability to maintain complete oversight or total control over the storage and movement of all and any data produced within the territory. Derived from data protection law, oversight usually entails maintaining the ability to check, perform validation, document, report, and monitor issues using data that are typically included in such oversight.

It’s crucial to establish data control for two reasons. Firstly, for many firms and organisations, controlling data is frequently seen as a crucial tool for obtaining value from data and maintaining data security. Control over data is crucial for accountability, too. This generally enables us to identify the responsible party in cases of violations or non-compliance with data processing laws and standards. In terms of law, accountability is essential for outlining the duties and rights that a data handler (collector, aggregator, and analyst) will have at each stage of the data lifecycle.

Data localisation, a policy measure that, in its strictest form, mandates that organisations maintain data solely inside the territory in which it has been collected, or for personal data where the people whose data has been collected live, is an important concept related to data sovereignty. In fact, data localisation is one way that data sovereignty can be achieved. Other ways include applying the data rules/laws of the country of collection or where people whose data is collected live to the data even when it is transferred to or stored in another country. This frequently implies that in addition to the rules imposed by the country where the data was originally collected, the data is now subject to the laws of the country where it is physically stored, which may also include additional rights and obligations for data subjects (any person whose personal data is being collected, housed, or processed). This distinction is crucial for companies as well since different governments have varying access rights to information that is located within their borders. States regularly use data sovereignty to protect the rights of their citizens, for instance, through data protection regimes that manage international data flows and protect data subjects’ rights or through agreements that set data protection standards and mutually beneficial data exchange protection.

Is data sovereignty important?

In 2021, the African Union Commission (AUC) commissioned Research ICT Africa (RIA) to support the development of a Data Policy Framework for Africa. The framework presents a set of detailed recommendations and arising actions to guide member states through the formulations of data policy in their domestic context, as well as recommendations to strengthen cooperation among countries and promote intra-Africa data flows. The key objective here is to see African countries being able to fully extract value from data for sustainable development. The framework, amongst other things, emphasises how opportunities can be realised and how associated risks could be mitigated by creating an enabling and trusted environment. This trusted environment, it emphasises, may be developed where residents are guaranteed sovereignty over their data, free from outside interference, and subject to African values and norms.

The establishment of the data region and questions around data sovereignty are also critically linked to some of RIA’s work on the ethical and responsible use of artificial intelligence (AI) for development in the African context. Some of these projects include the African Observatory on Responsible Artificial Intelligence, Africa Just AI and the AI in Africa Policy (AI4D) projects. Artificial intelligence is a technology that is heavily reliant on the ready availability of huge swaths of data. The data that is utilised to guide and refine AI operations is a determining factor in how well that AI performs. Such performance also has real implications for ethical issues. For example, data sets that are racially imbalanced, gender or racially biased will often result in AI results that carry and propagate the same biases.

On a continent as unequal as Africa, the use of AI technologies may be met with scepticism for these reasons. However, there is widespread agreement that data sovereignty can be an important enabler for AI. For instance, by maintaining oversight on data, governments and African businesses would be able to develop context-specific data sets and policies that are fully cognisant of the distinct socio-economic conditions of the continent while having the chance to identify and remedy any unjustifiable biases.

Therefore, in the absence of global standards on data movement and usage, the initiative to build a cloud region on the continent is a positive step in guaranteeing that Africa can participate in the data economy willingly, competently, and to some extent, on its own terms.