Sensitive data governance has traditionally been framed in terms of confidentiality, access control, and legal compliance. However, contemporary digital environments demand a more expansive conceptualization of sovereignty, one that extends beyond physical custody and legal ownership to include control over meaning-making and knowledge production. Drawing on archival theory, this Conference argues that sensitive data sovereignty evolves across three interrelated dimensions: custodial control, infrastructural autonomy, and cognitive sovereignty. By situating archival principles within legal, technological, and ethical debates, the Conference demonstrates how archives can offer critical insights into the governance of sensitive data across temporal, cultural, and geopolitical boundaries.
Preservation, Provenance, and Control
Archival science has historically operated at the intersection of memory, power, and governance. The management of sensitive records, ranging from state secrets and pastoral letters to medical records and personal correspondence, has long been governed by principles of custody, provenance, original order, and chain of custody. These principles emphasize the preservation of authenticity and contextual integrity while restricting access to protect privacy, state security, or cultural sanctity. Sovereignty, within this framework, is exercised through physical control and legal jurisdiction over records.
Traditional archival infrastructures, secure vaults, access registers, classification systems, and retention schedules, materialized a form of sovereignty rooted in exclusion and territorial control. The authority of the archive lay in its ability to determine who could access information, under what conditions, and for what purpose. In this sense, archives were not merely repositories of memory but instruments of governance, shaping historical narratives and institutional legitimacy.
Digital Disruption and the Limits of Legal Sovereignty
The digital transformation fundamentally disrupted this custodial model. Sensitive data became dematerialized, infinitely replicable, and instantly transferable across borders. Cloud infrastructures, distributed databases, and cross-border data flows severed the intrinsic link between physical custody and informational control. As a result, traditional notions of sovereignty based on territorial containment proved inadequate.
In response, regulatory frameworks such as the EU’s General Data Protection Regulation (GDPR) and Kenya’s Data Protection Act (2019) sought to reassert sovereignty through procedural and regulatory mechanisms. Principles such as purpose limitation, data minimization, consent, and privacy by design reflect an attempt to translate archival access controls into digital environments. These frameworks represent an evolution from physical to legal sovereignty, where control is asserted through compliance and oversight rather than custody alone.
However, this regulatory phase exposes a critical contradiction. While data may be legally protected under national or regional laws, the infrastructures that store, process, and analyze it; servers, platforms, and algorithms, often remain under foreign corporate or geopolitical control. This infrastructural dependency undermines substantive sovereignty, creating asymmetries in power, accountability, and benefit-sharing. Legal compliance, therefore, does not automatically translate into meaningful control over data use or outcomes.
Cognitive Sovereignty and the Archival Imperative
Archival theory offers a further, often overlooked, dimension of sovereignty: control over interpretation and meaning. Archives emphasize that records derive significance not in isolation but through context, provenance, and relational coherence. When sensitive data, such as indigenous knowledge, community health records, or electoral data, is extracted and analyzed by external systems, its meaning risks distortion or erasure.
This concern gives rise to the concept of cognitive sovereignty: the right of communities and institutions to interpret their data within their own cultural, historical, and ethical frameworks. Cognitive sovereignty resists epistemic colonialism, where external analytical models generate knowledge and narratives divorced from local realities. From an archival perspective, principles such as respect des fonds and original order find contemporary expression in demands for culturally attuned data analytics and locally governed AI.
Cognitive sovereignty thus reframes data governance as an epistemic struggle, not merely a technical or legal one. It insists that sovereignty is incomplete if communities retain data ownership but lose authority over how knowledge is produced from that data.
Upstream Governance and Constitutional Design
The necessity of cognitive sovereignty underscores the limitations of reactive legal frameworks. Contemporary data governance requires an upstream approach, embedding constitutional and ethical safeguards into the design of socio-technical systems. Rather than relying on post-hoc remedies after harm has occurred, preventive governance integrates oversight, proportionality, and purpose limitation at the infrastructural level.
In cross-border contexts such as health research and humanitarian data sharing, technical capacity often outpaces governance. Archival insights highlight the importance of designing systems where accountability and contextual integrity are integral, not supplementary. Constitutional values; human dignity, equity, and the rule of law, must therefore guide system architecture, ensuring that infrastructural power is aligned with public interest rather than extractive efficiency.
Kenya’s Health Data Framework and Practical Sovereignty
Kenya provides a compelling case study of layered data sovereignty. The 2010 Constitution establishes foundational protections for privacy and national sovereignty, operationalized through the Data Protection Act (2019) and complemented by sector-specific legislation such as the Health Act. Together, these instruments create a robust legal environment for health data governance.
Yet sovereignty must ultimately be measured by outcomes, not statutes. The value of nationally governed data lies in its capacity to generate context-specific solutions. Locally trained diagnostic tools, informed by regional disease profiles and co-morbidities, exemplify how cognitive sovereignty can translate into improved service delivery. Academic and archival institutions play a crucial role in transforming decades of stored records into actionable knowledge through ethically governed analytics.
Ethical Discernment and the Good Samaritan Logic
Beyond law and technology lies an ethical imperative. Digital systems operating in sensitive domains must serve human dignity and the common good. Ethical traditions, including Catholic social teaching and African communal epistemologies, converge on the principle that data exists for people, not the reverse.
This perspective reframes sovereignty as relational responsibility. Data governance models must prioritize proximity, care, and accountability, particularly for vulnerable communities. Systems that extract data without sustained responsibility replicate historical patterns of exploitation. Ethical data stewardship, by contrast, emphasizes continuity of care, benefit-sharing, and moral discernment in algorithmic design.
Africa, Epistemic Autonomy, and Community Governance
Africa’s contemporary data challenges reflect a longer history of epistemic extraction and institutional dependency. The uncritical adoption of external models; whether political, educational, theological, or technological, has perpetuated cycles of dependency. In the digital era, failure to assert data and AI sovereignty risks reproducing these dynamics through new technological means.
Community-based data governance offers a corrective framework. Individual consent models, while necessary, are insufficient for data that is collectively generated and socially consequential. Recognizing community consent, clarifying custodianship roles, and localizing authorization processes strengthen agency and equity. Such approaches transform communities from passive data subjects into active stakeholders in knowledge production.
Conclusion
Looking at this conference from an archival perspective, insinuates that, sensitive data sovereignty is not a static legal status but a dynamic, multi-layered struggle. It encompasses custodial control, infrastructural autonomy, and cognitive self-determination. The ultimate mandate of archives in the digital age is to ensure that sensitive records remain embedded within their rightful intellectual, cultural, and moral contexts. Ethical data governance on the other hand, particularly in Africa, depends on systems that protect not only data, but the dignity, knowledge, and agency of those from whom it originates.
By Phlip Opiyo
Librarian – JHIA
