The Governance of Personal Data Sovereignty in the Banking Sector

Sammanfattning: Concerns related to the control of personal “digital data” have resulted in initiatives being taken globally to safeguard the individuals’ control over their own data. The EU’s General Data Protection Regulation (GDPR) being a significant example in this connection. Specifically, two protective rights regarding respectively the right for data to be forgotten and their portability have been brought in to enhance individuals’ control over their data. As a consequence, data governance which signifies the “power relations between all the actors affected by, or having an effect on, the way data is accessed, controlled, shared and used, the various socio-technical arrangements set in place to generate value from data, and how such value is redistributed between actors” (Micheli et al., 2020, p. 3) has become a crucial endeavour for governments and businesses around the world. A scrutiny of different models of data governance highlighted the notion of personal data sovereignty (PDS) which indicates enhanced empowerment of data subjects through self-determination. PDS, additionally, entails an appropriate combination of empowerment, economic development, enhanced knowledge and profit to participating private organisations. Further, data subjects, in PDS, have the power to access, regulate, share and investigate their information at all times. In this regard, the present study investigated the manner in which banks in Sweden manage the sustainability of the sovereignty of their data. Based on the problem statement, the research question of the study was formulated as follows: “How do banks govern personal data sovereignty?” The research strategy used for the present study was an exploratory survey design with a quantitative approach to obtain data from executives in Swedish banks. The present study used a survey strategy. Survey strategies employing questionnaires are widespread since they permit standardised data to be obtained from a large population in a very economical manner. Further, the data collected can be easily compared. Moreover, the survey strategy is viewed as reliable, in general, by people and it is also relatively straightforward both for the researcher to explain and for the participants to understand. A custom questionnaire was designed for the study based on insights obtained from existing academic and business research. Sections in the questionnaire were designed to obtain data related to areas such as, data governance in Sweden, personal data, usage of personal data, and PDS. The study’s findings reveal that banks in Sweden take different measures to help their customers maintain their PDS. As a result, bank employees seem to robustly understand personal data, how their banks utilize the personal data of customers, and the extent to which customers are aware of banks’ use of their personal data. It could also be concluded that banks were using measures which were in line with existing Swedish and EU data protection standards and laws. The study’s findings contribute to further research concerning data sovereignty and use of personal data in the banking sector. Further, it can aid banks to manage their global customers’ data. The study was constrained chiefly by the limited empirical literature associated with the study’s topic and the restricted time available for the study