Blog post

Sovereign Data Strategy Home Base

By Andrew White | November 06, 2022 | 0 Comments

Sovereign Data StrategyData-DrivenData StrategyData Sovereigntydata sharingData SecurityData PrivacyData OwnershipCloud Infrastructure

A few months ago I published a note that attempts to weave together what otherwise might be looked at as distinct threads and themes.  I used the term, “sovereign data strategy” to denote the idea that notable sovereign states had a legitimate person or team working behind the scenes.  The distinct themes touch on all the ways in which companies, consumers, and governments use data.  You would know this if I called out the following:

  • EU’s GDPR
  • California’s CCPA
  • US Federal Data Strategy
  • China’s Personal Information Privacy Law

Each of these represent a distinct policy that explains how data about something can be stored, accessed, processed, shared, analyzed or otherwise used.   Today we can watch all these policies in the news.  And many of those firms are reacting to each policy one at a time.  The concept behind sovereign data strategies is that we could assume that there is an organized process behind the scenes pulling these threads together for the benefit of the sovereign state.  As you can imagine, in some states this is quite possible, as with the case with the EU.  With other states, we might never know, such as with China.

Connecting the Dots

The original research is published here (see Trends 2023: Rise and Risks From EU, U.S., China and Other Sovereign Data Strategies and Policies) and this note was covered in the press here (see Computer Weekly’s The rise and risks of sovereign data strategies).  The core material was presented at our Data and Analytics conference series in 2023 and also our global IT Symposium series 2023.  Some recent press coverage while in Sydney, Australia: The market (and other) forces behind the rise of sovereign cloud.

You have to be careful with this stuff.  Data sovereignty is not the same as sovereign data strategy.  Data sovereignty basically refers to regulations concerning where data is stored.  As you parse the tea leaves and read the research, storage is but one dimension of sovereign data strategies.  There are many others.  If you add compute to storage, and focus on infrastructure, you get the cute phrase, “sovereign cloud”.  But that might not include the data itself, or the applications that run on the infrastructure.  It won’t likely include data sharing and all aspects of data access.  Even “applications” can be abused: does that include analytics, BI and AI?

Since this is a fast moving space, I thought I would put a page up and update it with news and advice that emerge every day.  This is that page.  I can’t promise that this is everything you need to know; but I can try to keep it up to date.  Hopefully it proves useful.  I organize the notes, press clippings and advice around the silod or segmented policy categories.  This will never be complete, or entirely up to date.  But I will do my best when I get a free moment to update the list.

Overall Sovereign Data Strategies and Mitigating Practices

Cloud Infrastructure (storage, compute, edge)

Cloud Applications (business applications, application development/Software Engineering, Analytics and BI etc.)

Data Privacy/Protection

Data Security

Data Storage

Data Sharing

AI Explainability

The Gartner Blog Network provides an opportunity for Gartner analysts to test ideas and move research forward. Because the content posted by Gartner analysts on this site does not undergo our standard editorial review, all comments or opinions expressed hereunder are those of the individual contributors and do not represent the views of Gartner, Inc. or its management.

Comments are closed