Data Protection
Laws, policies and practices for protecting personal and sensitive data
menu_book
PublicationEU Cloud Sovereignty Framework
Understanding the European Commission's framework for measuring and achieving cloud sovereignty
description
Sovereignskysovdev-logger
Application telemetry often flows to foreign cloud providers, exposing operational patterns and sensitive metadata. sovdev-logger works with self-hosted backends like Grafana and Loki, keeping your observability data under your control and jurisdiction.
description
SovereignskySoftware Database
Every foreign SaaS tool is a potential backdoor for extraterritorial data access. We track what France (SILL), Germany (openCode), Denmark, and other European countries recommend — and aggregate their government-vetted catalogs into one searchable database with sovereign alternatives.
menu_book
PublicationHandbook on Data Protection in Humanitarian Action
The authoritative reference on data protection for humanitarian organisations, covering cloud services, biometrics, digital identity, and risk assessment frameworks
description
SovereignskyNorwegian Digital Sovereignty Index (NDSI)
What gets measured gets managed. NDSI provides a structured framework to assess your organization's sovereignty posture, identify vulnerabilities to foreign control, and track improvement over time - aligned with EU standards and Norwegian regulations.
description
SovereignskyDocuWrite
Cloud document services scan your content and may share data with foreign authorities. DocuWrite runs entirely locally, ensuring sensitive documentation never leaves your infrastructure - critical for classified, legal, or confidential materials.
menu_book
PublicationSafeguarding Humanitarian Organisations from Digital Threats
ICRC analysis of how cyber operations, data breaches, and disinformation cause real-world harm to humanitarian organisations
description
SovereignskyRefugee ID
When 5,000 refugees arrived daily at the Polish-Ukrainian border, there were no IT systems and no way to tell helpers from traffickers. Refugee ID is a QR-based wristband identification system built to protect the most vulnerable.
menu_book
PublicationThe Humanitarian Metadata Problem: 'Doing No Harm' in the Digital Era
Technical analysis of how metadata from telecommunications, messaging apps, cash transfers, and social media can endanger humanitarian beneficiaries and staff
Norwegian Digital Sovereignty Survey
Find out how dependent your organization is on foreign cloud providers
Software Risk Check
Check the sovereignty risk of your software tools
APPI
Japan's data protection law, substantially revised in 2020 and 2022 to strengthen protections and align with international standards.
BDSG
German federal law supplementing GDPR with national provisions for employment data, public sector processing, and video surveillance.
DPDP Act
India's first comprehensive data protection law providing individual rights while maintaining broad government exemptions.
EEA Agreement
Treaty extending EU internal market rules, including data protection regulations, to Norway, Iceland, and Liechtenstein.
ePrivacy Directive
EU directive protecting privacy in electronic communications, covering cookies, spam, and confidentiality of communications.
EU-US DPF
2023 adequacy decision enabling personal data transfers from EU to certified US companies, successor to invalidated Privacy Shield.
FADP
Swiss data protection law substantially revised in 2023 to align with GDPR while preserving Swiss legal traditions.
GDPR
EU regulation giving individuals control over their personal data with comprehensive rights and strong enforcement.
LED
EU directive setting data protection rules for police and criminal justice authorities.
Personopplysningsloven
Norwegian national law implementing GDPR through the EEA Agreement, with supplementary provisions specific to Norway.
PIPA
South Korea's comprehensive data protection law with strong enforcement, individual rights, and strict cross-border transfer requirements.
PIPEDA
Canada's federal privacy law for commercial activities, establishing fair information principles for private sector data handling.
PIPL
China's comprehensive personal data protection law providing GDPR-like rights while operating alongside state access requirements.
Privacy Act 2020
New Zealand's modernized privacy law strengthening individual rights, requiring breach notification, and enhancing enforcement powers.
UK GDPR
Post-Brexit retained version of EU GDPR forming the core of UK data protection law alongside the Data Protection Act 2018.