by Andrew White | February 7, 2017 | Comments Off on The Subtleties of Data Sovereignty
The ongoing complexities and issues related to data privacy and security that spans jurisdictions around the globe were explored in a Comment piece in today’s US print edition of the financial times.
In “Virtual sovereignty can help you govern data“, Andrew Burt (chief privacy officer at Immuta) and Craig Mundie (former chief research and strategy officer at Microsoft) highlight that there are several dynamics involved in determining sovereignty and so control over data. They include considering where the creator of the data existed at the time the data was formed. This location could very well differ to where the data is now stored. And finally the third aspect could be the location from from where the inquiry is being undertaken.
For example, new data about a financial transaction is physically executed in the United Stares. Thus the data and the system used are subject to US federal and state jurisdiction. That data is then moved and housed in a cloud or server physically sitting in Ireland. Now that equipment and data is subject to that country’s and EU jurisdiction. Finally the Japanese state police, via Interpol, seek access to that data in support of a criminal money-laundering case. Now the inquiry has to work through Japanese, Interpol, EU, US and Irish jurisdictions. Or does it?
So then the question arises- which takes precedence and why? And other questions emerge- why can’t entities harmonize their regulations in order to make them simpler? This draws out the point that countries have different views on privacy and security and so there won’t likely be any universal harmonization – perhaps just regional blocks that support similar conditions.
This will keep us all, and the lawyers, busy for a long time to come.
View Free, Relevant Gartner Research
Gartner's research helps you cut through the complexity and deliver the knowledge you need to make the right decisions quickly, and with confidence.Read Free Gartner Research
Comments or opinions expressed on this blog are those of the individual contributors only, and do not necessarily represent the views of Gartner, Inc. or its management. Readers may copy and redistribute blog postings on other blogs, or otherwise for private, non-commercial or journalistic purposes, with attribution to Gartner. This content may not be used for any other purposes in any other formats or media. The content on this blog is provided on an "as-is" basis. Gartner shall not be liable for any damages whatsoever arising out of the content or use of this blog.