Techno-nationalism & data sovereignty
Globalisation increased GDP by US$25tn over the past decade through integrated global supply chains, free trade and free flow of capital, according to Gartner. It suggests that we are now entering a new phase of opportunities accruing to companies that can operate more efficiently in a nationalised environment.
With a 30+ year career, Sébastien Marotte has held executive roles at some of the world's highest-profile software companies including Google, Hyperion, and Oracle. He most recently led Google Cloud's EMEA Channels as Vice President, having previously served as Vice President of Google Cloud EMEA for eight years. As an early leader at Google Cloud, Marotte was responsible for much of the foundational growth and development across EMEA, including the launch of G Suite (now Google Workspace).
He is well-known in the industry as a dynamic leader with exceptionally high standards and incredible integrity. Now President of EMEA at Box, who were formed in 2005 to make it easy to access information from anywhere and collaborate with anyone, they now work with 97,000 companies and 68% of the Fortune 500 our customers.
Data sovereignty now a top priority for regulators
“With Gartner predicting that nearly two-thirds of the world’s population will have their personal data protected under new privacy regulations by next year, it is clearer than ever that data sovereignty is a top-priority for regulators,” said Marotte.
Marotte believes that the hybrid workforce and dynamic compliance landscape have reshaped the way organisations are approaching data privacy laws, and suggests as an initial step to safeguarding against future data sovereignty obligations, “business leaders should first understand where their data resides, before looking at the issue of data sovereignty more broadly.”
“We’re seeing data residency requirements ramp up across Europe already; in France, President Macron is pushing for a more ‘sovereign, united, democratic Europe’ and openness in the technology industry is paramount to achieving that.”
Data as a huge strategic asset for governments
“In the right hands, data can be a huge strategic asset for both central and local governments. It can be used to inform decisions on a whole host of issues, including resource allocation, distribution of benefits, and policy changes, as well as to track performance and evaluate progress towards goals set out by governments,” said Jason Foster, CEO and Founder, Cynozure.
A tech consultancy, Cynozure was founded in 2016 with the ambition to reshape how people think about data and analytics, preferring a ‘People first, business first and outcome focused’ approach. Foster set out to establish a new precedence on data strategy in a traditionally tech-led data industry.
“For many governments around the world, data is now a critical component of the decision-making process. We saw it in the UK during the COVID pandemic, when data shaped policy in almost real-time. Data-led insights were - and continue to be - an invaluable asset for local and national decision makers.
“But data has a trust issue and the use of it is still perceived with scepticism by many. Do - and indeed, should - citizens trust the government to do the right thing with their data? How can we ensure data does not become weaponised against people, as we have seen happen in the past with murky election targeting? How do we prevent the giant global corporations like Amazon and Facebook from having greater power, control, and access to data than governments do?” said Foster.
For the full potential of data to be realised, Foster argues that these challenges “need to be faced head on” and that “we need clear rules and regulations for how AI can be deployed, and the governments must set out what is and isn’t allowed”.
Foster cites the example of even artificial intelligence (AI) deciding targets in warfare: “When it comes to the widespread deployment of new technologies, ethics is of equal importance as law and only then will the public trust how their data is being used.”
The difference between data residency and data sovereignty
“These terms are similar as they both relate to where data is stored, but they are very different,” said Phil Bindley, Managing Director of Cloud and Security at Intercity; an innovative and people-centric IT services company.
“Data residency refers to the geographical location of data, whereas data sovereignty relates to the laws and governance structures that data is subject to, due to the geographical location of where it’s processed.
He adds: “the location of data has become increasingly important due to an increased demand for cloud storage as many businesses shift to hybrid and remote working. In real terms, ParkMyCloud reported that three quarters of enterprises now define their strategy as hybrid or multi-cloud.”
While cloud-based services can offer organisations significant value in terms of collaboration, Bindley suggests that using these applications “leads to an increase in international data transfers”.
This can result in compliance issues for users and providers, he suggests, “due to the ever-changing and differing data protection and privacy laws across the world.
Following the UK’s exit from the European Union, data transfers from the UK to the EU are safeguarded by the Adequacy Decision announced on the 28th of June 2021, meaning personal data can continue to flow between the two without the need for organisations to ensure appropriate safeguards apply.
While the UK’s data protection regime is deemed adequate until 27th June 2025, this will only be renewed if the UK continues to protect the personal data of EU residents, in line with the EU GDPR rules. If UK data protection law significantly diverges from the EU GDPR, the Commission could withdraw this decision,” said Bindley.
How do these laws affect businesses?
Taking a multi-cloud approach means businesses will be storing data across the different sites that they use for different activities, such as HR or payroll.
Bindley doesn’t suggest turning back the clock on cloud migration, but “it’s important to closely examine where your data resides, what’s in the small print, and whether your cloud services provider is being transparent.”
Once data is in the cloud, “a lot of businesses will assume its security is the responsibility of whoever runs that cloud, such as Microsoft for Microsoft 365”. However, the security for that data is still down to the business itself, and “it’s the business that will be at risk if the data is breached or lost”, according to Bindley.
“Having clarity over what data is held and where it sits in terms of its sovereignty and residency is vital, so staff and customers can be assured their data is in safe hands.
Despite its importance, keeping track of data within these different sites often falls to the wayside for SMEs, as they don’t employ a Data Control Officer who can take responsibility for it, meaning no staff member or division feels accountable for keeping data secure,” he said.
The risks of not keeping track
If there was a breach, Bindley said it’s wise to know who is responsible for the security of the compromised data: “The Information Commissioner’s Office (ICO) will come down much harder if the correct measures are not in place, so businesses must be able to demonstrate they have done all they can”.
In 2020, British Airways was fined after users of its website were directed to a fraudulent site, where hackers were able to harvest the personal data of around 400,000 people, including login and travel booking details, names, addresses and credit card information.
“The ICO issued a fine of £20mn - the largest fine under GDPR to date, as it found that the hack was the result of BA’s negligence. Not only did this have a huge financial consequence for the company, which was already suffering financially under lockdown rules, it caused a catastrophic blow to its reputation.
If you avoid thinking about your business’s data protection, either because you don’t understand how to take the first step or feel it’s not your responsibility, and then something goes wrong, there could be business-ending consequences,” said Bindley.
- UiPath and Amelia partnership to drive the future of workDigital Transformation
- The Top 10 largest technology companies in AsiaEnterprise IT
- Transition to multicloud a risk worth taking, report showsCloud & Cybersecurity
- How cloud can deliver customer communications fit for 2023Digital Transformation