I really did not want to write Data Sovereignty in the way I have written it now. I wanted to write it in a happy manner, but as recent circumstances appeared, the outlook began to dim. I apologize if my commentary is bleak.
Last week started very well. I was preparing for the iXsystems™ + Nextcloud webinar on Wednesday, August 25th 2021. After talking to the wonderful folks at Nextcloud (Thanks Markus, Uwe and Maxime!), the central theme of the webinar was on Data Sovereignty and Data Control. The notion of GDPR (General Data Protection Regulation) has already permeated into EU (European Union) entities, organizations and individuals alike, and other sovereign states around the world are following suit. Prominent ones on my radar in the last 2 years were the California Consumer Privacy Act (CCPA) and Vietnam Personal Data Protection Act 2020.
In this borderless digital world, our personal identifiable information (PII) has become a vital sine qua non. In this faceless world, where who we are can easily be misrepresented and faked, the security and the protection of PII is absolutely all-important. That is why I am attracted to the ideals of the data protection acts in many countries that view data privacy as a birthright, a constitutional right. The enactment of these laws of the land are to protect the private and confidential data of the individual or the organization in the land they are conceived.
Data and Business
Data privacy and data sovereignty laws are to build trust. Proprietary information can be used as a competitive advantage as trust is an invaluable asset. And I truly believe that in the pyramid of DIKW (Data -> Information -> Knowledge -> Wisdom), it is TRUST that glues the DIKW pyramid in its shape and form,
Thus, the webinar that iXsystems™ ran with Nextcloud last week was about using Data Sovereignty as a Competitive Advantage, and Trust is the Currency of doing ethical and long term, lasting business relationship, even in the Digital World.
- [ March 2020 ] Will there be Trust at Digital Events?
Data and Security
Data security and data protection are like hand and glove. They go together but the first thing on the agenda before security and protection is data control. The identity of the data sources points, the sanctity of accurate and ethical data, the processes and procedures applied to the data, how the data is changed and modified and yet retained its truth are all part of a holistic data management ecosphere. In my mind, these are not much different in the way storage technology architects design a data services platform in an organization. There are the technical implementation aspects along with the technology implications as well. But the most important is to always necessitate the people element with the processes, old and new, that govern that data services framework.
Data Sovereignty and Digital Borders
A day before the webinar, I discovered the news about China’s new Personal Information Protection Law (PIPL). I brushed through the article quickly and I even used it as fodder in my presentation. I thought the article created the effect of Data Sovereignty in the messaging of my presentation.
I was in a buzz after my presentation, but less than an hour, I discovered this article on Reuters – “Exclusive: China eyes pushing U.S. IPO-bound firms to hand over data control sources“. One of my friends commented that Reuters was biased in reporting news on China. Fine.
But all sorts of things were running through my mind regardless of the Reuters report. The next day, South China Morning Post (SCMP) came up with an even more analytical article – “China’s privacy law borrows a page from Europe’s GDPR but it goes further as Beijing shores up data security“.
In the SCMP article, this paragraph disturbed me a lot. It shook me to the core.
“PIPL also includes clauses that allow China to adopt countermeasures against countries that it deems have acted in a discriminatory way against China with respect to personal information protection, or to have harmed the rights and interests of Chinese data subjects and China’s national security and public interest“.
The word “countermeasures” meant that they have the right to defend their data sovereignty (which is fine with me) but can be construed in responding to threats across a borderless world. The digital borders has not been demarcated yet, and the situation, if it calls for it, can surreptitiously present an opportunity for digital colonization.
Stirring in my mind, if one country can enact these laws to protect itself from threats digitally, what is stopping other countries from doing the same? Balkanization could happen again, now in this Pangaea-ic digital domain.
Double Edge Sword
Now I am not sure to think about Data Sovereignty in a positive manner anymore. For the greater good, I have always imagined that the digital world is not a “digital twin” of the our physical world. War, famine, hate and other atrocities should not be part of the digital world. Perhaps I am too idealistic. Perhaps I have watched too many Star Trek episodes and look to the wisdom of Jean Luc Picard, and the United Federation of Planets.
I have a dream to see Data Sovereignty laws live within the dominion of a global Data Federation, united for the greater good of humanity. After last Wednesday, I am conflicted now.
In the fast changing world of Digital Transformation, I am already too naive. I am also scared now.