AI & Data: Who Really Holds the Power?
AI & Data:
Who Really Holds the Power?
A wake-up call on data, privacy, and digital dependency in the age of generative automation.
Editor's Note
The term 'artificial intelligence' has become one of the most heavily deployed pieces of marketing language in modern technology. Before we examine the deeper structural questions this paper addresses, it is worth pausing on that point. Much of what is commercially branded as 'AI' is, more precisely, generative automation, sophisticated statistical systems trained on vast quantities of human-produced data to predict and produce plausible outputs. This distinction is not pedantic. It matters because it shapes how we understand risk, accountability, and power.
When we call something 'intelligent', we instinctively extend to it a degree of trust and authority we might not otherwise grant. When we understand it as automation, however impressive, we are more inclined to ask who built it, who controls it, and whose interests it serves. This paper encourages precisely that second posture.
The pages that follow are not an argument against technology. They are an argument for understanding it clearly, using it wisely, and insisting that it remains accountable to the people it is meant to serve.
Introduction: The Question We Have Stopped Asking
When was the last time you genuinely stopped to consider who actually owns your digital life?
Your photographs. Your financial records. Your professional reputation. Your private correspondence. Your voice, your face, your behavioural patterns, your preferences, your fears. Where do these things live? For the vast majority of people in the developed world, the answer is the same: on servers they have never seen, inside data centres they will never visit, governed by terms and conditions almost none of them have fully read, and operated by a remarkably small number of corporations accountable primarily to their shareholders.
We call this arrangement progress. We call it the information economy. We call it the future.
But embedded within that framing is an assumption worth interrogating that dependency and convenience are the same thing; that surrendering control of your data is a natural and acceptable price for the services you receive in return; and that the systems managing your digital life are broadly benign, stable, and reversible.
None of those assumptions should be accepted without scrutiny. This paper sets out to offer that scrutiny, not to alarm, but to equip.
We are not passively evolving into a digital world. We are being actively steered into one by design, by incentives, and by the quiet accumulation of choices that feel individual but, in aggregate, are structural.
Section 1: The Race Nobody Asked You to Join
The Architecture of Urgency
Every technology cycle of the past three decades has been accompanied by the same fundamental message: adopt or be left behind. Whether it was the early internet, the smartphone, social media, cloud migration, or now generative AI, the social and commercial pressure to participate has been relentless.
This urgency is not accidental. It is engineered. Technology companies are not merely selling products; they are engineering adoption curves. Network effects, the mathematical reality that a platform becomes more valuable as more people use it, create powerful incentives to grow user bases as rapidly as possible. Marketing expenditure, free-tier pricing models, and product design built around psychological reward loops are all mechanisms in service of that goal.
The implicit contract presented to consumers is straightforward: use the service for free in return for providing your data. What is rarely made explicit is that this data is not merely stored, it is processed, modelled, sold, and used to train the very systems that will be used to persuade, predict, and in some cases, manipulate future behaviour.
Who Is Actually Racing and Towards What?
The technology race of the current era is not being run between individuals. It is being run between a small number of extraordinary concentrations of capital, the hyperscale technology corporations that control cloud infrastructure, foundational AI models, semiconductor supply chains, and the data pipelines that feed them.
Governments are racing too, for geopolitical reasons that have little to do with consumer welfare. The United States and China are engaged in a structural competition over AI dominance that is reshaping trade policy, export controls, and academic research. The European Union is attempting to codify governance frameworks, most notably through the EU AI Act, that reflect a different set of values: data sovereignty, transparency, and citizen rights.
In this contest, individuals are not participants. They are the resource being competed over. Our collective data, our behaviour, our language, our imagery, our preferences, is the raw material being processed to build the next generation of systems that will, in turn, shape our choices.
Most of us are not participants in this race. We are the fuel.
The discomfort of this framing is worth sitting with. It does not mean the technology is without value; it is plainly valuable in countless ways. But it does mean that the question 'what is this technology for?' has two very different answers, depending on who you ask.
Section 2: Your Entire Life Lives on a Switch Someone Else Controls
The Aggregation of Dependency
Consider carefully the list of systems many people now rely upon for their basic functioning in modern society. Identity documents and verification systems are increasingly digital and biometrically linked. Financial access: bank accounts, payment systems, credit records, digital wallets, all mediated by institutions operating on digital infrastructure, subject to operational failures, regulatory interventions, and cyberattacks. Professional reputation: LinkedIn profiles, published work, platform accounts, and email archives. Social relationships, messaging platforms, shared photographs, and community groups. Voice and expression: podcasts, social media, newsletters, content platforms.
Every one of these systems has what we might call a switch. And in virtually every case, that switch is not held by the individual who depends upon it. A corporation, a regulator, a government, or, in some cases, a combination of all three hold it.
The switch can be thrown for various reasons. A platform can suspend an account for violating its terms of service, which are unilaterally set and can be unilaterally changed. A government can order a service to be blocked or restricted within its territory. A financial institution can freeze an account pending investigation. A cyberattack can render an entire service temporarily or permanently unavailable. A commercial failure can mean the service ceases to exist, along with everything stored within it.
The Extreme Scenario Is Not Theoretical
It is worth spelling out what the aggregation of these dependencies can mean in practice, not as a conspiracy theory, but as a straightforward architectural observation.
In an extreme scenario, a person could simultaneously lose access to their financial accounts (frozen or inaccessible), their professional network (account suspended or platform unavailable), their communication channels (messaging services disrupted or blocked), their identity verification systems (digital ID infrastructure compromised), and their historical records (cloud storage offline or data deleted).
This is not a scenario requiring a vast conspiracy. It requires only a moderate convergence of ordinary risks: a financial crime investigation, a platform policy change, a geopolitical incident affecting infrastructure, or a significant cyber event. The vulnerability arises not from any single failure but from the concentration of dependency.
The question that follows from this is not 'how likely is it?' but 'what would I do if it happened?' For most people, the honest answer is deeply uncomfortable.
The architecture of the digital world has created fragilities that most people have never been asked to think about, and the systems creating those fragilities have little incentive to draw attention to them.
Data as Privacy and as Prediction
The data surrendered in exchange for digital services is not merely stored as a static record. It is continuously processed to build predictive models of individual behaviour. These models are used to target advertising, price financial products, assess creditworthiness, make hiring recommendations, and, in the most advanced applications, shape the information environment in which individuals make decisions.
There is a meaningful difference between a system that responds to your choices and a system that shapes them. Many of the most commercially valuable AI applications sit firmly in the latter category. Recommendation algorithms do not merely surface content you might enjoy; they progressively narrow the information environment to maximise engagement, which is not the same thing as maximising understanding, wellbeing, or informed decision-making.
When we talk about data privacy, we often focus on the risk of data breaches and the exposure of personal information to malicious actors. That risk is real and significant. But it is arguably less consequential than the risk of data being used entirely as intended: to build extraordinarily accurate models of individual psychology and behaviour, which are then used to influence decisions at scale.
Section 3: The Billion-Dollar House of Cards
Corporate Fragility in the Digital Age
The structural vulnerabilities of digital dependency apply not only to individuals but to the institutions and corporations that serve them. Consider a modern enterprise valued in the billions, a financial services firm, a technology company, or a media organisation. Much of that value is not physical. It exists in cloud infrastructure, proprietary datasets, software repositories, digital intellectual property, and customer relationships mediated entirely through digital channels.
The physical instantiation of that value, the servers, cables, and facilities that make it real, is typically concentrated in a small number of locations operated by an even smaller number of hyperscale cloud providers. Amazon Web Services, Microsoft Azure, and Google Cloud collectively underpin a remarkable proportion of global digital commerce. Each of them has experienced significant outages in recent years, some of which cascaded across thousands of dependent services simultaneously.
The implications of this concentration are not merely commercial. They are geopolitical. A coordinated cyberattack on critical cloud infrastructure, a physical disruption to undersea cables, or a state-level decision to restrict access to specific services could trigger economic disruption at a scale that traditional security frameworks were not designed to address.
The New Shape of Economic Warfare
The geopolitical dimensions of digital infrastructure dependency are becoming impossible to ignore. The restrictions on semiconductor exports imposed by the United States government on China, and the corresponding Chinese restrictions on rare earth materials used in chip manufacturing, are early examples of how digital infrastructure has become a front in strategic competition.
More concerning is the vulnerability of civilian infrastructure. Power grids, water treatment systems, financial clearing networks, and healthcare systems across the developed world have all been identified by their operators, governments, and security researchers as inadequately protected against sophisticated cyberattacks. Several have already been successfully attacked.
The Ukraine conflict provided a live demonstration of how cyberattacks can be integrated with kinetic military operations to disrupt communications, undermine trust in institutions, and degrade operational capacity. The lessons from that conflict are being studied carefully by governments, militaries, infrastructure operators, and malicious actors.
For individuals and organisations operating in this environment, the question is not whether these vulnerabilities exist but whether they have thought seriously about what they would do if those vulnerabilities were exploited in ways that directly affected them.
You don't need armies to disrupt a system built on digital dependency. Sometimes a corrupted algorithm or a severed cable is sufficient.
Section 4: Awareness Is Not Anti-Technology. It Is Survival
The False Binary
At this point, a predictable objection arises: surely the alternative to digital dependency is Luddism? Surely criticising the architecture of the digital world implies rejecting the benefits it provides?
It does not, and this paper explicitly rejects that framing. Smartphones have connected billions of people to information and economic opportunities they would not otherwise have had access to. Cloud services have democratised computational power, driving extraordinary scientific and commercial progress. Generative AI systems are already demonstrating their capacity to assist in medical diagnosis, legal research, drug discovery, and educational access in ways that can benefit people who were previously excluded from such resources.
The question is not whether to use technology. The question is whether we use it with sufficient understanding of its architecture, its incentives, and its risks. There is a meaningful distinction, one worth drawing clearly, between using technology and being fully dependent on systems we cannot see, audit, influence, or exit.
The Generation That Has Never Known Otherwise
There is an additional dimension of urgency here that relates to the youngest generation of digital citizens. An entire cohort of young people is growing up without any lived experience of a world before ubiquitous digital connectivity. Their identities are formed on social platforms. Their friendships are maintained through messaging applications. Their sense of reality, what is true, what is important, what is normal, is shaped by algorithmic curation they have never been taught to recognise, let alone question.
This is not inherently catastrophic. Previous generations grew up shaped by television, by newspapers, and by advertising, all of which were curated, commercially motivated, and capable of distortion. The difference lies in scale, personalisation, and the speed of feedback. An algorithm that learns in real time from your responses and continuously optimises its outputs to maximise your engagement is qualitatively different from a television schedule.
The educational and policy response to this challenge has been, in most jurisdictions, conspicuously inadequate. Digital literacy, the ability to understand how digital systems work, how data is collected and used, how algorithmic curation shapes information environments, remains a marginal element of most school curricula. This is a significant gap with significant consequences.
Section 5: The Questions We Should All Be Asking
From Consumers to Citizens
Democratic societies have historically demanded accountability from concentrations of power within governments, monopolies, financial institutions, and media organisations. The mechanisms developed to assert that accountability, regulation, transparency requirements, competition law, and public-interest journalism are imperfect yet real.
The digital economy has, for much of its existence, positioned itself as something different: as innovation rather than power; as service rather than extraction; as progress rather than politics. That positioning has been extraordinarily successful. Technology companies have accumulated concentrations of economic, social, and informational power that dwarf those of many national governments, whilst simultaneously resisting many of the accountability mechanisms applied to more traditional forms of power.
The regulatory environment is shifting. The EU AI Act, the UK's emerging AI governance frameworks, the US Executive Orders on AI, and the proliferation of data protection regimes globally represent a belated but genuine effort to bring the digital economy within accountability structures appropriate to its actual power and influence. But regulation is always retrospective; it responds to power that has already been accumulated. The more immediate lever is public awareness and expectation.
Five Questions Every Digital Citizen Should Ask
The following questions are not radical. They are the same kinds of questions citizens have historically asked of governments, financial institutions, and media organisations. In the digital age, we should also be asking about technology systems.
- Who owns my data, and what precisely are they permitted to do with it? Not the headline description in the privacy policy, but the operational reality.
- What happens to my professional and financial life if the platforms I depend upon become unavailable, whether temporarily or permanently?
- Am I choosing this technology because it genuinely serves my needs, or because I have been steered towards it by incentive structures I do not fully understand?
- Do real alternatives exist if I want more control over my data and my digital presence? What would it cost in time, money, or convenience to exercise that control?
- Are the organisations building and operating these systems genuinely accountable to the people who depend upon them, or primarily to their shareholders and regulators?
What Responsible Engagement Looks Like
Responsible engagement with digital technology does not require technical expertise. It requires a shift in posture from passive consumption to informed participation. This means, at least selectively, reading the privacy policies of the services you depend upon for critical functions. It means maintaining offline backups of essential documents and records. It means diversifying your professional and financial digital presence where possible, rather than concentrating it within a single ecosystem. It means understanding, in outline, how the systems you use collect and process data about you.
For organisations, responsible engagement means taking digital resilience seriously as an operational risk category, not just cybersecurity in the narrow sense of preventing breaches, but the broader question of what happens when digital systems you depend upon become unavailable or unreliable. Regulatory frameworks such as the EU's Digital Operational Resilience Act (DORA) are beginning to mandate this thinking for financial services firms. The underlying logic applies much more broadly.
For policymakers, responsible engagement means investing seriously in digital literacy education, ensuring that competition in digital markets is genuine rather than nominal, and designing AI governance frameworks that centre human accountability rather than deferring it to systems that are, ultimately, automated tools with no capacity for ethical judgement.
Section 6: The Most Powerful Thing You Can Do Right Now
Critical Awareness as an Act of Agency
There is a version of awareness that is passive, a vague sense that something is not quite right, that the technology we use is extracting more from us than it gives back. That awareness, if it leads nowhere, is not particularly useful.
What is useful is critical awareness: a deliberate, ongoing process of examining the digital systems you depend upon with the same rigour you might apply to a contractual relationship, a financial product, or a professional adviser. Critical awareness means asking not just 'does this work?' but 'how does this work, who benefits from it, and what am I giving up in exchange?'
This is not an exhausting or full-time undertaking. It means building the habit of pausing before adopting new platforms, reading the key sections of privacy policies that describe data use and sharing, and periodically reviewing the digital services you depend on to assess whether your reliance on them is proportionate and well-considered.
Reclaiming Agency in the Digital Age
Agency, in the context of digital technology, does not mean withdrawing from it. It means engaging with it on your own terms rather than on terms set entirely by the organisations that profit from your participation. It means making explicit, considered choices about the technologies you adopt rather than drifting into dependency through the accumulated weight of convenience.
It also means advocating as a citizen, as a professional, as a consumer for accountability structures appropriate to the actual power that digital technology now exercises over public and private life. The regulation of AI and digital platforms is no longer a niche technical policy question. It is one of the defining governance challenges of our era, with consequences that will shape the relationship between individuals, institutions, and power for decades.
The organisations that build and operate the systems we depend upon will not, without external pressure, prioritise your interests over their own. That is not a moral failing peculiar to the technology industry; it is the structural reality of commercial organisations operating in competitive markets. The pressure must come from informed citizens, from regulators, from journalists, and from the people who work within those organisations and who can choose to exercise their own agency in how the systems they build are designed.
The future will not be shaped by those who adopt technology the fastest. It will be shaped by those who understand it deeply, question it thoughtfully, and insist that it serves humanity rather than quietly controlling it.
Conclusion: Who Is Holding the Switch?
The central metaphor of this paper is simple. Every digital system you depend upon, financial, communicative, professional, social, has a switch. When the switch is operational, you have access; when it is not, you do not. And in almost every case, that switch is not in your hands.
This is not, in itself, catastrophic. We accept that others control switches in many domains of life, such as the electricity network, the water supply, and road infrastructure. The difference is that we have spent decades building redundancy, regulation, and accountability into those physical systems. We have built standards for what counts as essential infrastructure. We have designed governance frameworks around the assumption that critical systems will sometimes fail and that failure must be managed.
The digital world has been built, extraordinarily rapidly, without most of those safeguards. The concentration of power in a small number of technology corporations, the inadequacy of regulatory frameworks relative to the actual influence of the systems they seek to govern, and the profound dependence of individuals and institutions on digital services they do not control and often do not understand, all of these represent governance gaps with real consequences.
The most dangerous outcome of the digital age is not a dramatic cyberattack or a science fiction scenario of rogue artificial intelligence. It is the quieter, more incremental danger of billions of people who never stopped to ask who is holding the switch and who discovers, only at the moment when it matters most, that it was never in their hands at all.
Slow down. Ask better questions. Insist on accountability. Because awareness, in this context, is not a luxury. It is a form of self-defence.
About The Digital Commonwealth Limited
The Digital Commonwealth Limited (DCW) represents the AI, Blockchain, DePIN, Digital Assets, ScienceTech, and Web3 sectors among its community members. DCW provides research, advisory, insurance, and convening services to support the sustainable growth of the digital economy.
For inquiries regarding DCW services: info@thedigitalcommonwealth.com
DCW Daily Brief & Weekly Roundup, DCW Frontier Focus & DCW Research & DCW Cover DCW Institute can be accessed at https://www.thedigitalcommonwealth.com/newsroom
Disclaimer
This article is provided for educational and informational purposes only and does not constitute professional advice of any kind, including legal, financial, technical, or regulatory guidance. The content provides a general overview of complex topics and risk management that evolve rapidly; information accurate at publication may become outdated as these fields advance.
The strategic recommendations presented reflect general principles rather than prescriptive solutions. Every organisation faces unique circumstances, including specific regulatory obligations, technical infrastructure, risk profiles, and resource constraints, that require customised approaches developed in consultation with qualified professionals. Organisations should engage appropriate legal advisors, technology specialists, compliance experts, and risk management consultants who understand their specific context and applicable jurisdictional requirements before implementing significant technology initiatives or making organisational changes based on this content.
While every effort has been made to ensure accuracy, no warranties or guarantees are provided regarding the completeness, reliability, or suitability of information contained herein. The author and publisher disclaim liability for decisions made or actions taken based on this article. Technology implementations carry inherent risks, and organisations must conduct appropriate due diligence, testing, and risk assessment before deploying new systems or modifying existing infrastructure. References to specific technologies, standards, or approaches do not constitute endorsements or recommendations.
Readers should verify current information from authoritative sources and recognise that subsequent developments may alter or supersede the perspectives presented here. Maintaining ongoing awareness of developments in artificial intelligence, quantum computing, cryptography, and risk management remains essential for organisations operating in these rapidly evolving domains.
Date: March 10th, 2026
Document Prepared by: Eric Williamson, Director of Compliance and Risk
The Digital Commonwealth Limited Classification: Industry Analysis - Public
EAJW © 2026 DCW Research. All rights reserved
