Case Study: Barcelona's Data Sovereignty Strategy

"Data is a common good, like air or water. It should be governed for the benefit of all, not extracted for the profit of a few." — Francesca Bria, Chief Technology and Digital Innovation Officer, Barcelona City Council (2017-2019)

Overview

In 2015, Barcelona elected a new city government led by Barcelona en Comu, a citizen platform rooted in social movements, anti-eviction activism, and digital rights advocacy. The new government brought with it a radical idea: that the data generated by a city's residents and infrastructure is a common good that should be governed democratically, not extracted by platform corporations.

Under the leadership of Francesca Bria, the city's Chief Technology and Digital Innovation Officer, Barcelona launched what became the most ambitious municipal data sovereignty strategy in Europe — and one of the most significant experiments in participatory data governance anywhere in the world.

This case study examines what Barcelona built, what it achieved, and what it reveals about the possibilities and limitations of city-level data sovereignty.

Skills Applied: - Analyzing a real-world implementation of participatory data governance - Evaluating the relationship between political will, institutional capacity, and governance outcomes - Connecting municipal policy to global data governance themes - Assessing the scalability and transferability of governance innovations

The Strategy

Three Pillars

Barcelona's data sovereignty strategy rested on three pillars:

1. Technological sovereignty. The city committed to building its own digital infrastructure rather than depending on commercial platforms. This included:

  • DECODE (DEcentralized Citizens Owned Data Ecosystem): An EU-funded project led by Barcelona that developed privacy-preserving tools enabling citizens to control how their data is shared. DECODE used cryptographic techniques to allow citizens to share specific data attributes (e.g., "I am a Barcelona resident over 18") without revealing their full identity.

  • Sentilo: An open-source sensor platform for collecting urban data (noise, air quality, traffic) that the city controlled, rather than relying on proprietary smart city vendor platforms. Sentilo ensured that sensor data remained under municipal governance rather than being captured by vendors.

  • Open-source procurement. The city adopted a policy favoring open-source software in public procurement, reducing vendor lock-in and ensuring that public digital infrastructure could be independently audited and modified.

2. Data governance and rights. The city established governance frameworks that asserted public authority over urban data:

  • Data sovereignty clauses in contracts. All city contracts with technology vendors were required to include provisions specifying that data generated through city services remained under municipal control. Vendors could use data for service delivery but could not claim ownership, sell it to third parties, or retain it after the contract ended.

  • The Barcelona Data Commons. A governance framework treating urban data as a shared resource governed by the principles of the commons. Drawing on Ostrom's work, the Data Commons established rules for access, use, and benefit-sharing.

  • Ethical digital standards. The city published a set of digital standards requiring that all city-commissioned technology projects respect privacy, transparency, accessibility, and citizen participation.

3. Citizen participation. The city built infrastructure for democratic participation in data governance:

  • Decidim. An open-source digital platform for participatory democracy, used for city budgeting, policy proposals, and governance deliberation. Decidim (Catalan for "we decide") enabled thousands of citizens to propose, debate, and vote on policy initiatives — including data governance policies.

  • Salus Coop. A health data cooperative launched with city support, enabling Barcelona residents to collectively govern the use of their health data for research. Members controlled which research projects could access their data and shared in the governance decisions.

  • Community engagement programs. The city organized workshops, assemblies, and public deliberation processes on data governance topics, building civic capacity for participation.

What Barcelona Achieved

Concrete Outcomes

Infrastructure independence. By building Sentilo and investing in open-source tools, Barcelona reduced its dependency on proprietary smart city vendors. The city could modify, audit, and control its own urban data infrastructure — a practical implementation of the infrastructure sovereignty discussed in Chapter 37.

Data governance as policy. The data sovereignty clauses in city contracts changed the default relationship between the city and its technology vendors. Instead of vendors capturing data as a side benefit of service delivery (the standard model in most cities), data remained under public governance. This affected contracts worth hundreds of millions of euros.

Democratic participation at scale. Decidim became one of the world's largest participatory democracy platforms, with over 40,000 registered users and thousands of policy proposals. While not all proposals were about data governance specifically, the platform demonstrated that large-scale democratic participation in governance is technically and politically feasible.

Data cooperatives as institutional reality. Salus Coop moved from concept to operational cooperative, demonstrating that citizen-governed health data management is possible — not just desirable.

What the Strategy Did Not Achieve

Sustainability beyond political cycles. Barcelona's data sovereignty strategy was closely associated with the Barcelona en Comu government. When political leadership changed, some initiatives lost momentum. The strategy's dependence on specific political actors raised questions about institutional durability.

Scale beyond the city. Barcelona's approach was powerful at the municipal level but could not address national or global data flows. A city can control its own contracts and infrastructure, but it cannot govern the platforms (Google, Meta, Amazon) that its residents use daily — that requires national or EU-level regulation.

Full participation. Despite ambitious engagement programs, participation remained concentrated among more educated and digitally literate residents. The participation deficit was reduced but not eliminated — the most marginalized residents (elderly, immigrant communities, those with limited digital access) were less likely to engage with Decidim or participate in data governance deliberation.

Revenue model. Data sovereignty is economically sustainable when the city can capture the value of its own data. But Barcelona's model did not fully develop a revenue mechanism — the city invested in infrastructure and governance without a clear pathway to financial sustainability beyond public funding.

Barcelona in the Global Context

Barcelona's strategy resonated globally because it demonstrated that data sovereignty is not just a national or corporate concept — it can be practiced at the municipal level by democratic institutions. The city's approach influenced:

  • Amsterdam and other European cities that adopted similar data sovereignty principles in public procurement.
  • The EU's data strategy, which drew on Barcelona's experience in developing concepts of "data spaces" and "data governance acts."
  • The DECODE project, which, although concluded, produced open-source tools and governance frameworks that other cities can adopt.

Sofia Reyes, who visited Barcelona as part of DataRights Alliance's international program, described its significance: "Barcelona showed that data sovereignty isn't just a slogan. It's a set of concrete decisions — about contracts, about infrastructure, about who gets to participate. Every city makes these decisions. Most make them by default, letting vendors capture the value. Barcelona made them consciously."

Lessons for Participatory Data Governance

Barcelona's experience offers several lessons that connect to this chapter's broader themes:

1. Political will is necessary but not sufficient. Barcelona had unusual political conditions — a government rooted in social movements with a genuine commitment to digital rights. But political will alone cannot build governance institutions; it requires technical capacity, legal frameworks, and sustained institutional investment.

2. Infrastructure matters as much as policy. Data sovereignty clauses in contracts are meaningful only if the city has the technical infrastructure to manage its own data. Without Sentilo and open-source tools, sovereignty would have been a legal claim without practical substance.

3. Participation requires investment. Decidim did not emerge spontaneously. It was designed, funded, maintained, and actively promoted by the city government. Participation is not free — it requires institutional infrastructure and sustained commitment.

4. Prefigurative governance works. Barcelona's approach was prefigurative — it built the governance structures it wanted to see, without waiting for national or EU legislation to mandate them. The city's experience then influenced legislation, demonstrating the feedback loop between prefigurative and institutional governance.

5. Cooperatives can be seeded by government. Salus Coop was supported by the city government during its formation, then governed independently by its members. This seeding model — government provides initial support, then steps back — may be a viable pathway for establishing data cooperatives in other contexts.

Discussion Questions

  1. Barcelona's data sovereignty strategy was enabled by a specific political moment — a government rooted in social movements. Is data sovereignty possible under more conventional political conditions? What institutional mechanisms could sustain data sovereignty beyond one political administration?

  2. The strategy's limitation at the city level — inability to govern national or global platforms — is significant. Should cities pursue data sovereignty independently, or should they coordinate nationally or internationally? What would a network of data-sovereign cities look like?

  3. Compare Barcelona's approach with Singapore's Virtual Singapore (Case Study 2, Chapter 38). Both are city-level data governance innovations, but they reflect very different political philosophies. What does this comparison reveal about the relationship between political context and data governance design?

  4. Eli, hearing about Barcelona's strategy, said: "That's exactly what Detroit needs — but Detroit doesn't have Barcelona's budget." How could the principles of Barcelona's approach be adapted for a city with fewer resources? What is the minimum viable version of municipal data sovereignty?

  5. Is the "data as commons" framing more productive than "data as property" for building participatory governance? What are the political and practical advantages and disadvantages of each framing?

Further Investigation

  • Explore Decidim's open-source platform at decidim.org and assess its governance features.
  • Research the DECODE project's publications and open-source tools.
  • Compare Barcelona's data sovereignty clauses with standard city technology procurement contracts in another city. What specific terms differ?