Introduction
Data colonialism emerges as a critical lens for analyzing the power dynamics underlying the ubiquity of digital technology in our lives. Far from being a neutral ground for exchange, the digital space has become a territory of intensive extraction, where personal and behavioral data are systematically collected on a massive scale by a concentrated number of global corporations and state actors.
This phenomenon, as Nick Couldry and Ulises A. Mejias (2019) argue, is not merely a technical issue, but a new historical phase that reproduces and updates the exploitative logic of historical colonialism. The "raw material" of this era, as sociologist Marcelo Buz (2020) points out, is "internet user data, especially personal data," transforming human experience itself into a resource to be exploited (Buz, 2020).
This transformation is driven by what Shoshana Zuboff (2019) has called "surveillance capitalism," an economic model that claims human experience as free raw material for covert commercial practices of extraction, prediction, and sales. In this logic, previously diffuse or intimate information (our location, online searches, social networks, consumer preferences, even inferred emotional states) is converted into "behavioral surplus" (Zuboff, 2019), strategic assets that generate predictive value and market power.
The geopolitical dimension of this extraction is undeniable and profoundly asymmetrical. Michael Kwet (2019), for example, documents how Silicon Valley tech giants consolidate their dominance over emerging digital economies in the Global South. His example of South Africa, where Google and Facebook monopolize online advertising to the point of being considered an existential threat to local media (Kwet, 2019), illustrates a broader pattern: data generated locally in less developed countries is captured and processed, with the resulting value accruing predominantly outside these territories, replicating the center-periphery dynamic observed under traditional colonialism.
This extractive relationship recalls Saskia Sassen's (2014) analysis of the "extractive logics" in contemporary global capitalism, where not only natural resources but also social and financial capabilities are removed from local contexts to benefit global centers. In the case of data colonialism, digital infrastructure (platforms, undersea cables, data centers) facilitates this new form of plunder, often under a veneer of "connection" and "development."
Furthermore, as Safiya Umoja Noble (2018) points out in her analysis of oppression algorithms, the systems fed by this extracted data often encode and perpetuate racial and social biases, insidiously reinforcing structural inequalities.
Therefore, analyzing the phenomenon through "data colonialism" is not merely a metaphor, but a recognition of the continuities in relations of power, exploitation, and dispossession. This article proposes to examine this concept in depth, exploring its intersections and distinctions with related notions such as data imperialism, data extractivism, digital sovereignty, and the broader process of datafication, seeking to offer a clearer understanding of the geopolitics of information in contemporary times.
Data colonialism and its conceptual foundations
The term data colonialism refers to the massive appropriation of personal and social information by corporations and states, analogous to classic colonial exploitation practices. Just as historical colonialism appropriated land and human resources, data colonialism "appropriates human life so that data can be continually extracted from it for profit."
One might think that we live in a new digital frontier, but authors like Couldry and Mejias argue that today's quantified world is “continuation and expansion” of ancient colonialism and capitalism. The convenience of the connected world is not free: it is “paid for with vast amounts of personal data transferred through obscure channels to corporations that use it to generate profit.”
In this sense, data colonialism establishes new relations of domination, in which citizens become subjects of a data economy, under the justification of "connection" or "personalization." Analogous to historical colonialism, which implemented its own laws and doctrines upon seizing new territories, data colonialism operates by rewriting digital rules through the simple extraction of data.
Recent events in the US illustrate this dynamic: Elon Musk's so-called Department of Government Efficiency (DOGE) has been accused of appropriating sensitive public data on an unprecedented scale. Recent researchers note that this episode can be seen as "the largest appropriation of public data by a private individual in the history of a modern state," a clear parallel to colonial terra nullius. In this new logic, what is expropriated is not land or bodies, but data—the raw material that sustains the political, economic, and even cultural power of large digital platforms.
It is important to highlight that, according to Mejias & Couldry (2019), this is a "new colonialism," a parallel with historical colonialism, and not just a metaphor (Couldry & Mejias, 2019). In other words, current practices share the "core missions" of ancient empires—especially extraction and expropriation—replicated in four stages: exploitation, appropriation, expansion, and, ultimately, even "extermination" of competitors or alternative modes (Arun, 2025).
Hadar (2025) himself, in an essay for Lawfare, emphasizes that Couldry & Mejias argue that there is a continuity between former colonial empires and Big Tech platforms, linking informational dimensions of domination to the current legal and institutional apparatus (Hadar, 2025). In this context, data extractivism is also used to emphasize that technology companies extract data like minerals: large volumes are obtained with little compensation to individuals (Arun, 2025).
Instead of slave labor on sugar plantations (as in colonial times), today algorithms and artificial intelligence systems “capture” our online activity and transform it into commercial products—be it targeted advertising, credit decisions, or consumer recommendations. As Kwet (2019) notes, the design of digital infrastructure follows a colonial pattern: the proprietary internet, centralized services on a few platforms, and “corporate clouds” function as the exhaust routes of the past (Kwet, 2019). Global platforms spy on users, process their data, and sell back customized content, reproducing an architecture of digital dependency (Kwet, 2019).
Beyond direct analogies with resource extraction, we argue that a crucial element of data colonialism lies in what we term “Colonial Infrastructural Invisibility”This concept seeks to capture how digital architectures themselves—platforms, recommendation algorithms, terms of service, and even user interfaces—are designed to naturalize data extraction, making it an invisible and seemingly benign part of the everyday online experience. The convenience of "free" services, personalization, and continuous engagement function as mechanisms that obscure asymmetrical power relations and the underlying extractive logic, analogous to how colonial infrastructures (railways, ports) were presented as progress, while primarily serving the plundering of resources for the metropolis. This invisibility makes it difficult for the data source subjects themselves to perceive the plundering, consolidating digital domination.
Another key concept is datafication – the conversion of increasingly broad aspects of social life into quantifiable data. This transformation has been highlighted by Big Data scholars such as Viktor Mayer-Schönberger: the world is moving from “predicting reality with limited data” to “redefining reality from data” (Mayer-Schönberger, 2013). With the ubiquity of smartphones, sensors, and social networks, almost every human interaction is mapped, recorded, and analyzed. Thus, entire economic chains and spheres of personal life are subject to information extraction.
Surveillance is intensifying: location data, biosignals, purchasing behaviors, and even facial interactions are enriching technology and artificial intelligence giants. This situation reinforces data imperialism—the idea that certain countries (especially the US and China) have global dominance in the possession and use of this data. Buz (2020) notes that the US and China, current leaders in the digital economy, account for approximately 90% of the market value of the largest online companies (Buz, 2020). In short, data colonialism occurs when digital infrastructures, devices, and social networks—dominated by a few international actors—exhaust information from weaker populations, keeping them dependent on external services.
Datafication, extractivism and data imperialism
The process of datafication leads to the transformation of citizens into mere “data sources,” in a sense close to the “commoditization” of colonial labor. As Zuboff (2019) argues when discussing surveillance capitalism, monopolistic companies claim private experiences as raw material, selling back predictions and persuasions (Zuboff, 2019). This brings the notion of data closer to an economic asset, similar to natural resources—an idea encapsulated in jargon. “data is the new oil”.
However, unlike physical raw materials, data is constantly produced by people themselves. Unpaid "digital labor" appears in the creation of likes, comments, and registrations. This dynamic has been called data extractivism by various authors: algorithms and interfaces are designed to maximize engagement and clicks, while users often receive free services in return. This model has a bias toward accumulation by expropriation similar to that described by Marx and Harvey (Marx, 1867; Harvey, 2003) – individuals' data is seized without their voice or participation in the value created.
In terms of data imperialism, countries whose technology companies export services and platforms tend to exert intense influence on international data governance. The dependence of Brazil and many Latin American countries on servers, applications, and "clouds" based in the United States, for example, is comparable to a situation of neocolonial domination. The UNCTAD report, which reveals how Latin America occupies this position, is cited. “inferior” in the global digital value chain (UNCTAD, 2021).
Instead of producing technology locally, many countries import ready-made solutions, allowing added value and data control to remain abroad. The "borrowed internet" thus perpetuates an asymmetry: Brazilian satellite users may generate data in Brazil, but this data flows to storage and processing in data centers abroad. However, data extraction also occurs domestically: dominant national corporations can collect data from their own citizens without any fair exchange of value.
In Brazil, for example, large banks and platforms hold private customer databases and often sell information to third parties or promote their own products (sometimes in unfair competition with smaller companies). This internal market illustrates how the problem is structural: this curious class of personal data has become a source of profit both globally and locally.
Digital sovereignty and data regulation
Faced with these challenges, the discourse of digital sovereignty is growing, advocating that each country control the flow and processing of its citizens' data. In Brazil, political progress has been made in this regard: the General Personal Data Protection Law (LGPD, 2018) recognizes the strategic role of information. Brazilian authorities emphasize that data is “assets” of the State. The president of Dataprev, Rodrigo Assumpção (2024), stated that “data is an asset that the State needs to have control and governance over” (Assumption, 2024).
Similarly, the Brazilian Artificial Intelligence Plan calls for the creation of a Government Cloud, aiming to maintain critical platforms under the national public domain (Brasil, 2021). Recently, the Brazilian courts clarified that foreign technology companies (so-called "Big Tech") can only operate in the country if they comply with local laws (Reuters, 2025). In these cases, sovereignty is articulated by the requirement of submission to national legislation, something comparable to the "local component" requirements imposed in industrial policies.
In the European Union, digital sovereignty is pursued through strict regulation and proprietary infrastructure initiatives. The GDPR (General Data Protection Regulation) imposes strict principles of data minimization and consent, restricting the freedom of giants to indiscriminately exploit personal information (Laier and Romani, 2024).
In 2024, the Court of Justice of the European Union reinforced that Facebook cannot freely use all personal data for advertising without time or use limitations, invoking the GDPR's data minimization principle (Laier and Romani, 2024). Furthermore, the EU is investing in alternatives to the American model: the GAIA-X project, for example, aims to create a European data cloud ecosystem that reduces dependence on AWS, Google Cloud, and Microsoft. As reported by Foo Yun Chee (2022), Antitrust Commissioner Margrethe Vestager said that Gaia-X seeks “reduce the European bloc’s dependence on Silicon Valley giants” and generate more local competition (Chee, 2022).
Recently, even American companies have announced solutions specifically for this context: Amazon Web Services has planned a European Sovereign Cloud dedicated to governments and regulated sectors, recognizing the demand for data autonomy in the region. Taken together, these regulatory efforts illustrate the concept of digital sovereignty: keeping data under national or regional custody and jurisdiction, seeking to equalize the asymmetrical relationship with foreign providers.
In China, digital sovereignty is a cornerstone of technology policy. The country has adopted strict laws (such as the Data Security Law and the Personal Information Protection Law of 2021) that require local storage of "sensitive data" and strictly control its external access. Beijing actively promotes the idea of cybersovereignty, defending its controlled internet model as an alternative to the Western model.
Internationally, Chinese initiatives (e.g., the "New Silk Road Digital Front") accompany infrastructure projects aimed at extending Chinese surveillance systems and standards beyond its borders. These moves, combined with the dominance of Chinese technology companies (such as Huawei, Alibaba, and Tencent), exemplify another aspect of data imperialism: not only the collection of its own data, but also the export of a model of control and technology to other countries, especially in the Global South. Thus, Chinese digital sovereignty serves both to protect its domestic data reserves and to project digital influence abroad.
Practical cases and regional examples
The LGPD defined standards for the use of personal data, but its application still faces concerns about data extraction by big tech. In 2024, the ANPD required Facebook and Instagram to explicitly inform Brazilian users how data would be used to train Artificial Intelligence (Laier and Romani, 2024; Reuters, 2025). The agency even temporarily suspended a new privacy policy from Meta (formerly Facebook) because it found it violated consent rules. This episode demonstrates Brazil's efforts to control local data and protect individual rights.
In the legal sphere, the Brazilian Supreme Federal Court reaffirmed the need for platforms to comply with national laws: Minister Alexandre de Moraes declared that large foreign companies “they will only continue to operate if they respect Brazilian legislation” (Reuters, 2025), in reference to the suspension of Twitter/X in 2022 for failing to comply with court orders.
At the same time, there are also concerns about foreign data espionage. Chinese telecommunications companies, for example, have already faced global suspicion regarding the data security of their networks (such as Huawei and 5G). These examples highlight that, although Brazil still relies on international services, regulatory agencies are vigilant in imposing limits and demanding sovereignty over national data.
In the case of the US, a paradox exists: much of the problem of data colonialism stems from American companies, yet the country itself has fragmented data protection legislation. There is no comprehensive federal privacy law like the European one; regulations are set by states and specific sectors. This gives tech giants considerable domestic freedom, further fueling their accumulation of data worldwide. The US has only a few indirect mechanisms of digital sovereignty, such as the dispute surrounding the Cloud Act, which allows the US government to access user data stored abroad by companies under its jurisdiction.
The lack of a strong regulatory stance is part of the scenario in which US-based companies often claim the right to collect data without borders, in a kind of "childish" vision of global technological freedom. However, sudden changes arise. At the end of 2023, the new EU-US data transfer agreement (US-Europe Data Framework) attempted to update rules following the gaps in the Privacy Shield, demonstrating how Mexico and Brazil align with GDPR standards. Still, compared to more regulated players, the US approach focuses on rapid innovation, leaving much of its digital sovereignty to foreign countermeasures and occasional antitrust sanctions.
In addition to the GDPR and GAIA-X already mentioned, the EU is adopting other measures. European authorities are investigating and fining data collection operations by large firms: for example, the European Commission is preparing a record fine for Meta for improperly exporting European user data to servers in the US (Laier and Romani, 2024; Reuters, 2025). A package called the Digital Markets Act (DMA) was also approved, requiring platforms considered "gatekeepers" to open up data to competitors and users, reducing their exclusive control.
Countries like France and Germany consider national sovereignty initiatives important: a European digital identity system has been created, and there is discussion, for example, about establishing a "railway" for sensitive military/strategic data under NATO jurisdiction. Specific cases exemplify this mindset: French authorities recently considered banning the Chinese app TikTok, citing risks to the data security of European citizens. Thus, the EU seeks to protect its "data colonies" through strict regulation and incentives for local alternatives.
As mentioned above, China implements strict controls over data flow. For example, data generated in China (or collected from Chinese citizens by companies) is subject to Chinese security and safety laws, which in many cases prohibit export without government approval. On the other hand, overseas Chinese companies, such as Huawei Mobile Services or the messaging app WeChat, can collect information from international users and, critics say, send some of that information to servers in China, where Chinese jurisdiction would apply.
Although Beijing denies hegemonic intentions, this asymmetry is reminiscent of colonial practices: a system for collecting data from foreign populations over which the Chinese state claims sovereignty. Furthermore, on the global stage, China sells surveillance technologies (facial recognition cameras, digital social credit systems, AI chips) to other developing countries. There are reports of internet infrastructure financing in African nations under Chinese standards; while these are not de facto monopolies, they create dependence on Chinese suppliers. These examples illustrate a unique case of “digital colonialism”: not to displace people, but to expand a model of data control and exploitation of its own.
Conclusion
Data colonialism reveals itself as an extension of classical colonialism into the global digital environment. Hegemonic companies and states accumulate extraordinary advantages by extracting massive data from populations around the world, thus reproducing historical inequalities and creating new forms of dependency.
As we've seen, these processes combine the collection of personal data and digital infrastructure in ways that are often invisible to ordinary citizens, but with profound impacts. Different regions of the world adopt different strategies: while technology-exporting countries struggle to shape global rules (formerly led by the US, now also by China), weaker importing nations demand digital sovereignty and protection policies.
In Brazil, measures like the LGPD and recent lawsuits signal concern about the "colonization" of national data; in Europe, strict regulations and investments in its own cloud are ways to resist external domination; China is advancing its own data "wall," imposing internal control and an exportable model.
This multifaceted panorama suggests that there is no simple solution: legislation must be continually updated, and there must be international cooperation to prevent abuses. For legal practitioners, the challenges include balancing individual rights (privacy, informational self-determination) with economic interests and national sovereignty, as well as ensuring that data exploitation does not violate fundamental values.
Faced with this complex scenario, responses focused solely on state sovereignty and regulation, although essential, may be insufficient if not accompanied by a process that we propose to call “Cognitive Reappropriation of Data”. This concept goes beyond legal or technical control over information flows, pointing to the need for a fundamental change in perception and valuation of data by individuals and communities. It involves fostering a critical awareness of how our digital footprints are generated, appropriated, and monetized, challenging the dominant narrative that reduces them to mere commodities or externalities of connected life. Cognitive Reappropriation involves developing not only digital literacy, but also a ethics of personal and collective information, where data is understood as an extension of identity, autonomy, and social memory, whose management must prioritize dignity and the common good, not just profit or control. Only through this profound cognitive shift, combined with regulatory frameworks, can we achieve true digital decolonization.
Ultimately, decolonizing data means creating a framework in which the collection and exploitation of information are transparent, consensual, and mutually beneficial, respecting the autonomy of each society.
The debate remains open, but it is undeniable that this dynamic requires firm responses—both from legal forums and public policies—to prevent the digital future from resembling yet another chapter of colonial domination, this time in the form of algorithms.
REFERENCES
ARUN, Chinmayi. 'Data Colonialism' and the Political Economy of Big Tech. Lawfare, March 7, 2025. Available at: https://www.lawfaremedia.org/article/data-colonialism–and-the-political-economy-of-big-tech. Accessed on: April 25, 2025.
BRAZIL. General Law on Personal Data Protection. Law No. 13,709 of August 14, 2018. Official Gazette of the Federative Republic of Brazil, Brasília, DF, August 15, 2018.
BRITO, Ricardo. “Brazil prosecutors open investigation into Cambridge Analytica”. Reuters, March 22, 2018. Available at: https://www.reuters.com/article/idUSKBN1GX39Z . Accessed on: April 28, 2025.
BUZ, Marcelo. “Digital colonialism”. National Institute of Information Technology – ITI, April 3, 2020. Available at: https://www.gov.br/iti/pt-br/centrais-de-conteudo/opiniao-do-diretor-presidente/colonialismo-digital . Accessed on: April 20, 2025.
COULDRY, Nick; MEJIAS, Ulises A. The Costs of Connection: How Data Is Colonizing Human Life and Appropriating It for Capitalism. Stanford: Stanford University Press, 2019.
COULDRY, Nick; MEJIAS, Ulises A. The Costs of Connection: How Data is Colonizing Human Life and Appropriating It for Capitalism. Stanford: Stanford University Press, 2019.
HU, Yiming Ben. “China’s Personal Information Protection Law and Its Global Impact.” The Diplomat, August 20, 2021. Available at: https://thediplomat.com/2021/08/chinas-personal-information-protection-law-and-its-global-impact/ . Accessed on: April 28, 2025.
KWET, Michael. “Digital colonialism is threatening the Global South”. Al Jazeera, March 13, 2019. Available at: https://www.aljazeera.com/opinions/2019/3/13/digital-colonialism-is-threatening-the-global-south . Accessed on: April 22, 2025.
LAIER, Paula Arend; ROMANI, André. “Meta will inform Brazilians how it uses personal data to train AI.” Reuters, September 3, 2024. Available at: https://www.reuters.com/technology/artificial-intelligence/meta-inform-brazilians-how-it-uses-their-personal-data-train-ai-2024-09-03 . Accessed on: April 24, 2025.
LE MONDE. “China rejects claim it bugged headquarters it built for African Union”. The World, January 30, 2018. Available at: https://www.theguardian.com/world/2018/jan/30/china-african-union-headquarters-bugging-spying. Accessed on: April 28, 2025.
MANNION, Cara. “Data Imperialism: The GDPR's Disastrous Impact on Africa's E-Commerce Markets”. Vanderbilt Journal of Transnational Law, v. 53, n. 2, p. 685–725, 2021. Available at: https://scholarship.law.vanderbilt.edu/vjtl/vol53/iss2/6 . Accessed on: April 28, 2025.
NOBLE, Safiya Umoja. Algorithms of Oppression: How Search Engines Reinforce Racism. New York: New York University Press, 2018.
REUTERS. “Musk's DOGE agents access sensitive government personnel data, Washington Post reports.” Reuters, February 6, 2025. Available at: https://www.reuters.com/world/us/musks-doge-agents-access-sensitive-opm-personnel-data-washington-post-reports-2025-02-06/ . Accessed on: April 28, 2025.
SASSEN, Saskia. Expulsions: Brutality and Complexity in the Global Economy. Translated by Cicero Araújo. Rio de Janeiro; São Paulo: Paz & Terra, 2016.
US CONGRESS. Clarifying Lawful Overseas Use of Data Act (CLOUD Act). Public Law 115-141, 23 March. 2018. Available at: https://www.congress.gov/115/plaws/publ141/PLAW-115publ141.pdf . Accessed on: April 28, 2025.
ZUBOFF, Shoshana. The Age of Surveillance Capitalism: The Fight for a Human Future at the New Frontier of Power. New York: PublicAffairs, 2019.
Português do Brasil 
English