Let’s call for data sovereignty – yes, but…
Digitalization being the new normal, cross-border data flows are a prerequisite for digitalization and the protection of the data processed when people are acting online becomes more and more important.
Given national differences in data protection regimes the level of protection varies country by country. This leads to additional measure required to be taken when data flows across regions to protect the data as required.
One reaction to this effort is the call for data sovereignty.
While data sovereignty, where understood as control over what data is processed, for what purpose, where and by whom and free choices to allow this or not, is a must.
Data sovereignty, understood as a requirement to localize data without balancing purpose and benefits against the risks, is set to fail.
A general call for data localization not only limits the global economic growth but finally weakens the level of protection instead of strengthening it.
Digitalization requires international data flows, so does online security: The determination whether an online device is acting in a legitimate or bad manner and the gained threat data needs to be share globally to ensure global security and data protection.
Keeping know-how on cyberthreats in one region not only puts the other regions at disadvantage. It also prevents attack detection in the other regions.
Valuable time is lost, and attack mitigation gets harder as the attack already happened. In worst case localization of threat data eases data breaches as security measures cannot be applied in time.
So data localization should not be applied in a generalized manner.
Unfortunate this results in the decision between pest and cholera, as one either complies with data transfer requirements by implementing data localization or one complies with data security requirements by implementing state of the art security measures.
But only where this careful assessment is done, an informed decision can be made and one really lives up with the principles of data sovereignty.
Lernziele
Rise awareness about the tradeoff between data privacy and threat protection