Data Sovereignty – A boon or a bane?

Data across borders – Data Sovereignty

I really did not want to write Data Sovereignty in the way I have written it now. I wanted to write it in a happy manner, but as recent circumstances appeared, the outlook began to dim. I apologize if my commentary is bleak.

Last week started very well. I was preparing for the iXsystems™ + Nextcloud webinar on Wednesday, August 25th 2021. After talking to the wonderful folks at Nextcloud (Thanks Markus, Uwe and Maxime!), the central theme of the webinar was on Data Sovereignty and Data Control. The notion of GDPR (General Data Protection Regulation) has already  permeated into EU (European Union) entities, organizations and individuals alike, and other sovereign states around the world are following suit. Prominent ones on my radar in the last 2 years were the California Consumer Privacy Act (CCPA) and Vietnam Personal Data Protection Act 2020.

Noble acts

In this borderless digital world, our personal identifiable information (PII) has become a vital sine qua non. In this faceless world, where who we are can easily be misrepresented and faked, the security and the protection of PII is absolutely all-important. That is why I am attracted to the ideals of the data protection acts in many countries that view data privacy as a birthright, a constitutional right. The enactment of these laws of the land are to protect the private and confidential data of the individual or the organization in the land they are conceived.

Data and Business

Data privacy and data sovereignty laws are to build trust. Proprietary information can be used as a competitive advantage as trust is an invaluable asset. And I truly believe that in the pyramid of DIKW (Data -> Information -> Knowledge -> Wisdom), it is TRUST that glues the DIKW pyramid in its shape and form,

Thus, the webinar that iXsystems™ ran with Nextcloud last week was about using Data Sovereignty as a Competitive Advantage, and Trust is the Currency of doing ethical and long term, lasting business relationship, even in the Digital World.

Data and Security

Data security and data protection are like hand and glove. They go together but the first thing on the agenda before security and protection is data control. The identity of the data sources points, the sanctity of accurate and ethical data, the processes and procedures applied to the data, how the data is changed and modified and yet retained its truth are all part of a holistic data management ecosphere. In my mind, these are not much different in the way storage technology architects design a data services platform in an organization. There are the technical implementation aspects along with the technology implications as well. But the most important is to always necessitate the people element with the processes, old and new, that govern that data services framework.

Data Sovereignty and Digital Borders

A day before the webinar, I discovered the news about China’s new Personal Information Protection Law (PIPL). I brushed through the article quickly and I even used it as fodder in my presentation. I thought the article created the effect of Data Sovereignty in the messaging of my presentation.

I was in a buzz after my presentation, but less than an hour, I discovered this article on Reuters – “Exclusive: China eyes pushing  U.S. IPO-bound firms to hand over data control sources“. One of my friends commented that Reuters was biased in reporting news on China. Fine.

But all sorts of things were running through my mind regardless of the Reuters report. The next day, South China Morning Post (SCMP) came up with an even more analytical article – “China’s privacy law borrows a page from Europe’s GDPR but it goes further as Beijing shores up data security“.

In the SCMP article, this paragraph disturbed me a lot. It shook me to the core.

PIPL also includes clauses that allow China to adopt countermeasures against countries that it deems have acted in a discriminatory way against China with respect to personal information protection, or to have harmed the rights and interests of Chinese data subjects and China’s national security and public interest“.

The word “countermeasures” meant that they have the right to defend their data sovereignty (which is fine with me) but can be construed in responding to threats across a borderless world. The digital borders has not been demarcated yet, and the situation, if it calls for it, can surreptitiously present an opportunity for digital colonization.

Stirring in my mind, if one country can enact these laws to protect itself from threats digitally, what is stopping other countries from doing the same? Balkanization could happen again, now in this Pangaea-ic digital domain.

Double Edge Sword

Now I am not sure to think about Data Sovereignty in a positive manner anymore. For the greater good, I have always imagined that the digital world is not a “digital twin” of the our physical world. War, famine, hate and other atrocities should not be part of the digital world. Perhaps I am too idealistic. Perhaps I have watched too many Star Trek episodes and look to the wisdom of Jean Luc Picard, and the United Federation of Planets.

I have a dream to see Data Sovereignty laws live within the dominion of a global Data Federation, united for the greater good of humanity. After last Wednesday, I am conflicted now.

In the fast changing world of Digital Transformation, I am already too naive. I am also scared now.

Tagged , , , , , , , , , , . Bookmark the permalink.

About cfheoh

I am a technology blogger with 25+ years of IT experience. I write heavily on technologies related to storage networking and data management because that is my area of interest and expertise. I introduce technologies with the objectives to get readers to *know the facts*, and use that knowledge to cut through the marketing hypes, FUD (fear, uncertainty and doubt) and other fancy stuff. Only then, there will be progress. I am involved in SNIA (Storage Networking Industry Association) and as of October 2013, I have been appointed as SNIA South Asia & SNIA Malaysia non-voting representation to SNIA Technical Council. I currently run a small system integration and consulting company focusing on storage and cloud solutions, with occasional consulting work on high performance computing (HPC).

One Response to Data Sovereignty – A boon or a bane?

  1. Pingback: Is Data Privacy Possible Anymore? - Gestalt IT

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.