Implementing Data Sovereignty: Requirements & Challenges from Practice

Abstract

Data sovereignty, the possibility to keep control over data, is gaining increasing attention in both research and industry. Due to complex supply chains and a strong trend toward digitization, digital assets are essential to be fast and competitive. As a result, companies need to share data while retaining control over it to prevent unwanted leaks of sensitive data. However, implementing effective data governance, access, and usage control mechanisms can be challenging, especially in cross-company data sharing networks and ecosystems like dataspaces. In this paper, we examine the industrial landscape and interview eleven experts from software providers and producing organizations to identify their requirements and challenges of existing data sovereign solutions. Based on Grounded Theory and semi-structured interviews, we explore the motivations and issues behind data sharing from an Information Systems and Software Engineering point of view. The findings include current industrial contexts, use cases, and solutions with data sovereignty's technical and non-technical implementations. Seven requirements and thirteen challenges were observed throughout a qualitative analysis. Clustered by organizational, technical, personal, and emotional viewpoints, they are discussed with initial approaches for mitigation. The results identify current practical needs and will enable the design of future data sovereignty solutions in theory and different practical domains.