Issue of Data Sovereignty should be prioritised!


The increased digitalization of organizations, driven by the rapid adoption of technologies such as cloud computing and data analytics, has increased the importance of data. Enterprises are increasingly adopting cloud-based services in order to take advantage of the many business benefits of not having to purchase, manage, upgrade, and replace systems and applications. Of course, all amidst all this data still has to “live” somewhere. But a question is whether all types of data keeping is necessary?

With the technology evolving and prominence of Social media and cloud computing, it creates anytime-anywhere access to information and systems. Most customers don’t give much thought to where their data is stored. That needs to change. Data Sovereignty covers privacy regulations that a government mandates for digital data that has originated, been converted, or stored “in the country.” Data created in a country will be subject to the laws of that country. Data Sovereignty privacy regulations are designed to keep sensitive data inside a country’s borders and strictly define what data may be exported across borders. These laws vary from country to country and region to region.

Digitisation is essential to India’s transition into a digital native country. It’s also true that data sovereignty presents technical and legal challenges when moving on-premises systems and information stores to the cloud. Privacy and data-hosting laws vary by country and state, and some are stricter than others.

To maintain data sovereignty, organizations need to guarantee that their data remains within the jurisdiction that they choose and remains governed by the laws of that jurisdiction. Encryption replaces sensitive data with a mathematically derived value which, ideally, can only be read by an authorized entity-machine or human that has the same encryption keys that were used to create the value. A survey says that the little lock icon on a browser’s URL line indicates that data, such as a payment account number (PAN), is encrypted as it flows between the browser and the online store. This level of security is now ubiquitous for financial web transactions and helps to ensure that no “man in the middle” can read the encrypted PAN and other information.

Many countries are drafting stricter data residency and sovereignty laws, which require data to remain in the country in order to protect their citizen’s personal information. Private corporations are also adapting similar policies for their digital data. Ideally, a country’s data has to be inside the country itself.

Technology companies have come up with various innovative features to attract the subscribers and viewers to post their pictures, videos through their platform. The question that comes is why they are giving everything for free. It is simple, they want the data. This data can be used in many ways like target advertisements, buying patterns, social behaviours, your circle of people around you and many more.

Location, Boundary and Security are three important things to be controlled with the power of law of land. As on today 80 countries have their own data sovereignty laws. The strictest data sovereignty laws, like those in Germany, France, and Russia, mandate that its citizens’ data is stored on physical servers within the country’s physical borders. There are even some specific industries – governments come to mind – that demand the same. For example, certain United States federal agencies require their data be stored exclusively within the United States and the countries within the European Union (EU) have restrictions on the transfer of PII data to countries outside of EU.

Businesses use data to create value, and many can only maximize that value when data can flow freely across borders, yet a growing number of countries are enacting barriers that make it more expensive and time consuming, if not illegal, to transfer data overseas.

Canada passed its Digital Privacy Act, which not only strengthened its existing Personal Information Protection and Electronic Documents Act, but counteracted significant portions of the Patriot Act. In case of Germany, company- and employee-specific data in particular cannot leave Germany.

As the global economy shifts further into a connected information space, the relevance of data protection and the need for controlling privacy will further increase. Data protection is a global issue, the information economy is increasingly prominent and it promises to provide many opportunities, but could also generate some potential drawbacks.

However, the benefit of cloud computing is that data can be easily and quickly transferred to multiple locations across the globe – but, along with sovereignty issues, that also brings data security and privacy concerns.