In the data economy, data sovereignty is often conceptualized as data providers’ ability to control their shared data. While control is essential, the current literature overlooks how this facet interrelates with other sovereignty facets and contextual conditions. Drawing from social contract theory and insights from 31 expert interviews, we propose a data sovereignty conceptual framework encompassing protection, participation, and provision facets. The protection facets establish data sharing foundations by emphasizing baseline rights, such as data ownership. Building on this foundation, the participation facet, through responsibility divisions, steers the provision facets. Provision comprises facets such as control, security, and compliance mechanisms, thus ensuring that foundational rights are preserved during and after data sharing. Contextual conditions (data type, organizational size, and business data sharing setting) determine the level of difficulty in realizing sovereignty facets. For instance, if personal data is shared, privacy becomes a relevant protection facet, leading to challenges of ownership between data providers and data subjects, compliance demands, and control enforcement. Our novel conceptualization paves the way for coherent and comprehensive theory development concerning data sovereignty as a complex, multi-faceted construct. © The Author(s) 2024.