What does personal digital sovereignty actually look like in practice? That was the question I kept returning to on Friday, sitting in the gilded library of The Royal Society in London. The occasion was “Data Access for Public Benefit,” a working session convened by CoCoDa (with the Open Data Institute) and the Data Transfer Initiative (DTI). Researchers, policy experts, and technologists gathered to tackle a problem that has frustrated the academic and civic communities for years: how do you unlock personal data for public good research without recreating the very surveillance architectures you are trying to hold accountable?
The conversations were rich. But as someone building technology that processes personal data privately on the device, I found myself listening through a particular lens. Much of the day’s discussion centred on top-down frameworks: regulatory mandates, platform compliance reports, gatekeeper obligations. All necessary. Yet the most compelling thread, for me, is the one that points in the opposite direction entirely.
Personal Digital Sovereignty Starts From the Bottom Up
Digital sovereignty is having a moment. Governments across Europe are investing in sovereign cloud infrastructure, data localisation requirements, and AI compute capacity. These are important moves. But China and California are a long way ahead, and sovereignty exercised only at the national or institutional level still leaves the individual as a passive subject of someone else’s data strategy.
Personal digital sovereignty inverts that. In a free society, the most resilient architecture organises data around the individual, on their own device. Not in a government warehouse, not in a platform’s training corpus, but in the pocket of the person who generated it.
This is not a theoretical position. It is an architectural one. And the infrastructure to support it already exists: billions of smartphones with a combined neural compute capacity roughly 50 times greater than the world’s most powerful supercomputer.* On-device AI turns every one of those phones into a node in a distributed, sovereign network. The scale problem is already solved. What remains is the orchestration.
Distributing Personal Digital Sovereignty Through Commerce
Sovereign infrastructure that depends on government funding alone will always be fragile. The more durable path runs through commerce. When app publishers embed on-device AI to deliver Private Personalisation, reduce cloud inference costs, and generate consented first-party data, they create a distribution mechanism that scales through market incentives rather than policy mandates.
This is the approach we are taking at DataSapien. Our Device Native AI Platform gives brands the tools to deploy personal intelligence directly inside their existing mobile apps. Every deployment puts another node into a growing network of private, personal AI, not because a regulation required it, but because the business case demanded it.
Gatekeepers, Portability, and the Sovereignty Gap
Of course, platforms may resist. Sharing data access commoditises the very asset their AI models are trained on. The EU’s Digital Markets Act is making progress here. Seven designated gatekeepers (Alphabet, Amazon, Apple, ByteDance, Meta, Microsoft, and Booking) now face binding obligations around data portability and interoperability. Updated compliance reports were submitted to the Commission just days before this event, on 9 March 2026.
Progress is real, if uneven. TikTok’s compliance, for example, has drawn criticism for its limited approach to data access. But the regulatory direction is positive, and it is already enabling new business models. Fabric (onfabric.io), for instance, uses DMA-mandated data portability tools from Google and Meta to help individuals and developers to curate personal context and bring it to whichever AI they choose. This is exactly the kind of innovation that emerges when regulation cracks open gatekeeper data silos: individuals gain agency, and new intermediaries compete on trust rather than data hoarding.
When Sovereignty Enables Research
Here is where the conversation at The Royal Society became genuinely exciting. If millions of apps carry on-device AI and personal data wallets, you have something that was never built for research but is profoundly useful to researchers: a distributed infrastructure for studying human behaviour at scale, without centralising sensitive data.
The D3I project (Digital Data Donation Infrastructure), presented at the event by Dr Laura Boeschoten and the team from Utrecht University in the Netherlands, is pioneering exactly this model. Individuals donate digital trace data to academic research, with processing handled locally so that only the relevant subset is ever shared, and only with informed consent.
In the retail space, DataBonds (databonds.co.uk) is already building this from the consumer end, creating a platform where shoppers consolidate their purchasing data from multiple retailers into one secure place and choose whether to donate it for research or receive rewards in return. It is a practical demonstration of data donation reimagined: the individual decides what to share, with whom, and on what terms.
DataSapien’s Device Native AI Platform takes this a step further by keeping all personal data on-device. A person opts in. An AI model runs a query locally on their phone. What comes back is an insight, not a data dump. For organisations, this means richer, more accurate data (multivariate signals triangulated at source rather than inferred in the cloud), dramatically lower compliance overhead (no personal data to store, secure, or breach-notify against), and a consent model that turns participants into willing collaborators rather than reluctant subjects. For researchers, it opens access to populations who would never agree to bulk data export but will happily contribute a specific, anonymised insight.
Organisations That Empower Their Users Will Win
This points to a broader shift in how organisations build digital relationships. The brands, healthcare providers, retailers, and public services that lead in the next decade will not be the ones that extract the most data. They will be the ones that empower their users with the most intelligence. When an organisation gives its customers a private, personal AI inside the app they already use every day, it is not giving something away. It is building a relationship founded on trust, participation, and mutual value.
That is the commercial case for personal digital sovereignty. The organisations moving fastest are the ones embedding on-device AI now, not because regulators told them to, but because they understand that empowered users are more engaged users, and more engaged users are more valuable.
From Sovereign Devices to Sovereign Studies
Take this one step further. A researcher defines a study protocol. On-device AI executes it across millions of participants. Only aggregated, anonymised results are returned. The study moves to the participant, not the other way around. No raw data leaves anyone’s phone. No central repository becomes a honeypot for breach or misuse.
This is not speculative. The computational foundation exists today in every modern smartphone. What is needed is the orchestration layer, the SDK, the governance framework, and the trust architecture to make it work at scale. We explored this shift in detail in our recent post on how on-device AI is changing panel data collection.
Governing Personal Digital Sovereignty
Trust does not materialise from good intentions. It requires infrastructure of its own. Two initiatives discussed at the event point toward what a global governance layer for personal data might look like.
The GliaNet Alliance, of which DataSapien is a member, is building a framework of fiduciary governance for the digital era. Member companies voluntarily commit to duties of care and loyalty toward their users, modelled on the common law obligations of doctors and lawyers. It is an attempt to create accountable intermediaries in an ecosystem that currently has very few.
IEEE MyTerms (standard 7012-2025) takes a complementary approach. Instead of consenting to a platform’s terms, individuals proffer their own machine-readable privacy terms as contractual agreements. If a service accepts, both sides hold matching, immutable records of what was shared, when, and why. Consent receipts become auditable, enforceable, and portable.
Together, these initiatives represent the beginnings of a governance layer that could underpin a new era of ethical data access, built from the individual outward. As we have written before, GDPR does not block innovation; centralised architecture does. The governance tools are catching up with the engineering.
What Comes Next for Personal Digital Sovereignty
The day at The Royal Society reinforced a conviction I have held for some time. The data access challenge will not be solved by better platform regulation alone, though regulation matters enormously. It will be solved when the default architecture of personal data shifts from centralised extraction to distributed, on-device intelligence. That is personal digital sovereignty in practice, not as a policy aspiration, but as an engineering reality.
That shift is already underway. The question is whether we build the governance, the commercial models, and the research frameworks fast enough to match the pace of the technology.
From where I sat on Friday, the answer felt cautiously, but genuinely, optimistic.
StJohn Deakins is CEO and Co-Founder of DataSapien, the world’s first Device Native AI Platform. DataSapien is a member of the GliaNet Alliance and the MyData community.
* A rough calculation: modern smartphone chipsets (Apple A17 Pro, Snapdragon 8 Gen 3, MediaTek Dimensity 9300) deliver 30-45 TOPS (trillion operations per second) from their neural processing units. Older and mid-range devices sit around 10-15 TOPS. Using a conservative blended average of 15 TOPS across an estimated 5 billion smartphones globally gives approximately 75 exaOPS of combined neural compute. For comparison, Frontier at Oak Ridge National Laboratory, currently ranked among the world’s fastest supercomputers, peaks at around 1.2 exaFLOPS. TOPS (typically INT8 operations) and FLOPS (floating point operations) are not directly equivalent, and distributed idle devices are not a coordinated supercomputer. But as a directional measure of the latent sovereign compute already sitting in people’s pockets, the comparison is striking.