top of page
Search

Cyber Sovereignty: National Security Implications of Data Protection

“The emergence of a contested multipolar world…has been paralleled by profound technological change and deepening digitalisation of economies and societies.” ~ Marcin Szczepański (European Parliamentary Research Service)


Cyber Sovereignty: National Security Implications of Data Protection

Illustration by The Geostrata


The genesis and emergence of the modern state in its current form can be traced to the early modern ideas of the social contract furthered by various political thinkers, chief among them Thomas Hobbes. Surviving the English Civil War and the withering away of the Republic of England, Hobbes’ ideas were coterminously influenced by the state, society and time in which he lived. In his seminal work Leviathan or The Matter, Forme and Power of a Commonwealth Ecclesiasticall and Civil, giving a conception of the modern state, Hobbes charts the progress by which the modern state has emerged, consolidating order out of the state of nature in which life was ‘solitary, poor, nasty, brutish, and short.’


While the modern state evolves over time, the core ideas on which it was sustained remain the same. Among them was the idea of sovereignty, which was best described by a sixteenth-century political philosopher, Jean Bodin, who observed sovereignty as "the absolute and perpetual power of a republic."


In this digital world, however, that absolute and perpetual power of the state is being diminished by profound technological advancements. While the advent of modern tech such as artificial intelligence and cloud computing is thoroughly transforming modern life in the civilian sphere, the same leads to magnanimous dilemmas when it comes to national security.


Such tech dilemmas compel us to revisit the concept of sovereignty, advancing and morphing it into cyber sovereignty. The multidimensional, multimodal, and multifaceted nature of the existing cyberspace demands a comprehensive overview of the security environment vis-à-vis cyber and data security. This piece aims to highlight the interconnectedness between cyber & data spectrums and its implications on national security. 


In simpler terms, cyber sovereignty refers to any nation-state's efforts to control its segment of the internet and cyberspace in the same manner as they control their borders.


Israeli scholar and cyber policy analyst Dr. Lev Topor, in his 2024 book Cyber Sovereignty: International Security, Mass Communication, and the Future of the Internet, highlights how in the absence of any external controls in the domain of cyberspace, countries constantly seek to establish what he termed as “Sovereign Cyber Domains (SCD),” which will function as tightly controlled cyberspaces protecting overall national security.


Collection, processing, and storage of data play an important role in establishing such SCDs across the globe. In a way, every aspect of modern life is associated with data. As mathematician Clive Humby rightly puts it, “Data is the new oil.


Like oil, data is valuable, but if unrefined, it cannot really be used. It has to be changed into gas, plastic, chemicals, etc., to create a valuable entity that drives profitable activity. So, data must be broken down, analysed for it to have value.” As beauty lies in the eyes of the beholder, the value of data lies with the entity that is collecting and analyzing it.


Just like oil, data is another weapon that can be used, subverted and manipulated by the adversary if and when the need arises. 

Along with the rise of 5G internet and due to the increasing growth in various AI and Internet of Things (IoT) technologies, by the end of 2025 the global volume of data created, captured, consumed and copied is projected to be 181 zettabytes (around 181000000000000 gigabytes).


Such a huge amount of data is no less than an arsenal of opportunities for state and non-state actors. While non-state entities such as big tech use this data to boost their business performance indicators, if fallen into the wrong hands, manipulation and subversion of this data can lead to intense catastrophes.


To avoid such eventualities, countries around the world aim to regulate the collection and processing of data, especially personal data. The European Union's General Data Protection Regulation (GDPR) is a good example of such regulations.


The GDPR sets out strict rules for processing personal data, aiming to protect the fundamental right to privacy of EU citizens. In order to maintain the explicitness, it mandates the entities collecting personal data to process it by lawful, fair, and transparent means. It further limits the capacities of the organisation to collect data beyond their business needs to avoid usage of data for mala fide purposes.


The GDPR, since its inception, has been a template for various countries that wish to strengthen their mechanisms for data protection. Up until 2023, India did not have any standalone law that governed data protection.


In 2023, to form the personal data protection and regulatory regime in India, the Government of India published the Digital Personal Data Protection Act, 2023 (DPDP Act). Most recently, in January 2025, India’s Ministry of Electronics and Information Technology (MeitY) released a draft of the Digital Personal Data Protection Rules, 2025, which will chart out the functioning of the Data Protection Board of India.


While these rules sparked controversy due to associated ambiguity and their potential for misuse, with time and with necessary amendments, this proposed framework will ultimately strengthen the structure of data security in India.

The collaboration with like-minded countries and organisations can lead to comprehensive enhancement of global data protection architecture with the aim of preventing the misuse of data. On the cybersecurity front, to minimise the damage of any potential threats from data leakages, the Zero Trust Architecture (ZTA) has to be maintained. Further, due to the conjoined civil-military nature of data and the cybersecurity space, the cumulative efforts and whole-of-government approach become sine qua non for national security purposes.


Last year, in June 2024, India’s Chief of Defence Staff (CDS) General Anil Chauhan unveiled the Joint Doctrine for Cyberspace Operations, which rightly advocates civil-military fusion for continuous training and capability development. The combination of timely research and development along with capacity building and zero trust architecture will negate the potential threats in these domains, simultaneously building up India’s cyber sovereignty.


 

BY DARSHAN GAJJAR AND NISHTHA AHUJA

Darshan is an Assistant Professor of Politics and

International Relations at ILSASS, CVM University,

and Nishtha is a Data Analyst



Comments

bottom of page