Who owns your data? We might not have a clear answer

The question of data ownership sounds straightforward. If it is your data, then you own it.

But in practice, it is rarely that simple.

Data moves across platforms, systems, and third parties. It is collected in one place, processed in another, and often stored somewhere else entirely. By the time it is used, multiple actors may have touched it, shaped it, or derived value from it.

So the real question is not just who owns the data, but who controls it, who benefits from it, and who is responsible for it.

Data sovereignty is about control, not just ownership

Data sovereignty refers to the idea that data is subject to the laws and governance structures of the country where it is collected or stored. But at a practical level, it is also about control. Who decides how data is used? Who can access it? Where does it live?

The European Commission’s overview of data governance and sovereignty highlights how governments are increasingly focusing on keeping sensitive data within specific jurisdictions and ensuring it is handled according to local regulations.

This shift is not just regulatory. It reflects a growing recognition that data is not only an asset, but also a source of power.

The complexity grows with AI

As AI systems become more widely used, the question of data ownership becomes more complex. AI models rely on large volumes of data, often aggregated from multiple sources.

In many cases, organisations are using data they did not originally create, or data that has been transformed through multiple layers.

The 2025 report from World Economic Forum  on data governance and AI points out that unclear data ownership and usage rights are becoming a major challenge for organisations adopting AI.

This creates tension. Businesses want to move quickly, but unclear data rights can introduce legal, ethical, and operational risks.

Ownership without clarity creates risk

When organisations assume they “own” their data without fully understanding where it comes from or how it can be used, they expose themselves to risk.

This includes regulatory penalties, reputational damage, and loss of trust. It also creates internal confusion, where teams are unsure what data they can safely use to train models or inform decisions.

Data sovereignty, in this sense, is not just a legal issue. It is an operational one.

A more useful way to approach data

Instead of asking who owns the data, it is more useful to ask three questions. Where did this data come from? What rights do we have to use it? And what responsibilities come with it?

Clear answers to these questions create a stronger foundation for using AI and data-driven systems effectively.

If you are trying to make sense of data ownership and AI in your business, Hui Newnham helps companies turn these questions into clear, practical strategy.

You can book a free strategy call with him, and follow him on LinkedIn for grounded insights on AI and data.