If you don’t control your data, who does? A European strategist explains Data sovereignty in practice

“What’s the problem?”

That was the response Austrian data strategist Fritz Fahringer got when he raised concerns about companies using private emails to train AI systems when he spoke to an employee at a major US tech company.

The exchange stayed with him. It reinforced something he had already seen firsthand: In parts of the global tech ecosystem, access to customer data is more than a technical capability. It’s a business model.

To Fahringer, that represents a growing breach of trust between technology providers and the organizations that depend on them.

Fahringer, who previously led the development of datahub.tirol(новое окно) — one of Europe’s first trust-based regional data spaces, has spent years designing secure data-sharing systems and digital infrastructure for businesses and public institutions.

He saw firsthand how uncertainty over who can access, control, or benefit from data has held organizations back. It has slowed innovation, increased risk, and made leaders hesitant to adopt new technologies.

Fahringer isn’t alone in questioning these assumptions. For many European organizations, the possibility that providers may access, analyze, or monetize sensitive information is becoming a practical business risk(новое окно).

Could a provider processes or transfers data in a way that conflict with GDPR(новое окно) or local regulations, the company using the tool may still be responsible? Could sensitive customer data, product plans, negotiations be exposed, accessed internally by the provider, or used in unintended ways? Could their data might be used to train models or improve services that ultimately benefit the provider or even competitors?

These are the concerns that bring businesses to VALTYROL, Fahringer’s business that is singularly focused on helping decision-makers take a more intentional approach to how their data is handled.

In this conversation, we speak to him about how breaking away from inherited tech dependencies — and owning the systems your data flows through — often begins with everyday tools like email and meetings

Let’s start with the fundamentals. Why should companies question who they depend on to run their technology?

Because those decisions have long-term consequences. If you rely heavily on providers whose priorities or legal environments you don’t control, you can gradually lose strategic flexibility and visibility over how your data is used.

In the past, it was sometimes difficult to explain why sovereignty matters. Many people didn’t really think about where their data was stored or who ultimately had access to it.

But in the age of AI — and also with the current geopolitical tensions — people are starting to understand that data is a strategic resource. If your data is stored and processed by companies outside your jurisdiction, you lose a certain level of control over how it can be used.

That’s why many organizations in Europe are beginning to rethink their dependencies. They want to understand who operates their infrastructure and what happens to their data.

What’s stopping businesses from breaking away from default reliance on global technology providers?

When I started my own company, I wanted to do things differently from the beginning.

My digital tools were scattered across many providers — Gmail, different cloud services, a VPN from another company. Most of them were based in the United States.

I decided to move everything into a more sovereign setup. I switched my email, password manager, VPN, and cloud storage to Proton.

It was important for me to bring everything together in one ecosystem that aligns with the values I talk about professionally.

But I know this well: Moving your entire IT infrastructure at once is very difficult. Most companies have built their systems over many years.

Sovereignty has to happen step by step. Some of the easiest places to start are communication tools — email, meetings, and collaboration platforms. These are areas where companies can adopt more sovereign solutions without rebuilding their entire IT architecture.

Over time, those decisions add up to a more independent and resilient digital infrastructure.

Why are tools like private email, VPNs, and secure meetings important for businesses today?

Businesses shouldn’t have to choose between usability and privacy.

A lot of work today happens outside the office — on trains, in cafés, or while traveling. In those situations, you’re often connecting through public networks, so using a VPN is a simple way to protect your connection.

But communication tools are just as important. Email and video meetings are where a lot of sensitive information is exchanged.

When you look at the common meeting tools, each one comes with a trade-off. Zoom has limitations on free calls. Microsoft Teams can be difficult to use. Google Meet works well, but then your data sits inside Google’s ecosystem.

So in many cases you’re choosing between different disadvantages.

What I liked about Proton Meet is that it removes that trade-off. It’s simple to use, and at the same time it respects privacy. For me, that combination is very important.

What made Proton stand out compared to the tools you were using before?

What stood out to me was that Proton offers a complete ecosystem.

With many services, you get only one piece — maybe email, or maybe storage — and everything else comes from another provider. Over time you end up with a fragmented setup.

Proton offered email, Drive, VPN, password management, and other tools within the same privacy-focused system. For a small business, that combination is very powerful.

It allowed me to move away from a patchwork of different services and consolidate everything under a provider that prioritizes privacy.

How do clients or partners react when they see that you’re using Proton?

Often people notice the Proton email address and ask about it.

They say something like, “Oh, you really take this seriously.”

For me, it’s not about selling Proton or convincing people to switch. But it shows that I try to live by the principles I talk about — especially around data sovereignty. When people see my Proton email, they realize I take sovereignty seriously.

It becomes a signal that these values are not just theoretical.

What advice would you give to European businesses that want to take more control over their data?

Moving your entire IT infrastructure at once is very difficult. Most companies have built their systems over many years.

But sovereignty can happen step by step.

Many European businesses are curious about AI, but at the same time they are cautious about how their data is used.

When data goes into large platforms outside Europe(новое окно), companies often feel that they lose control over it. They worry that the data could be used to train models, generate value somewhere else, or even benefit competitors.

One practical approach is to start building a more sovereign stack over time. For example, I combine regional providers with European privacy-focused tools. My website is hosted with an Austrian provider that I can reach and trust locally, while Proton provides the communication infrastructure — email, storage, meetings, and VPN.

This kind of setup allows companies to keep more control over their data while still using modern digital tools.

You don’t have to change everything overnight. But each step toward more trusted infrastructure helps build a more independent and resilient digital environment.