Rise of cloud computing and the increase in the number of companies adopting this technology to offer services to users, draw more criticism about data privacy. Especially all sorts of data breaches and security scandals we hear about around the world, magnify these concerns.
The unclarity of service providers about the location where our data is stored and who can access it makes everything worse. These are the main reason why we recently observe different regulations and laws regarding data privacy being devised such as General Data Protection Regulation that came into force in May 2018.
In this article, we try to dissect the importance of data privacy in order for the reader to understand why it’s so important to know their right to sovereignty over their data.
What Does Data Sovereignty Mean Today?
Data sovereignty is simply the right of sovereignty over your data. To be more precise, it’s a person’s right to
- Access
- Disclose
- Control
their own data.
This right is considered to be violated if a third party including the government access someone’s data without their consent.
Although this seems to be an obvious human right, it came a long way to reach its current format. The importance of data sovereignty became more and more evident through a cascade of different law cases regarding individual data privacy starting with the Snowden revelations.
How It Started
Let’s look at some of the most influential early examples of conflicts and law cases that each played a crucial role to shape the data sovereignty we know today.
2013 – NSA huge information leak: This incident is also called the Snowden Revelation after Edward Joseph Snowden, an employee of the CIA leaked highly classified information about the National Security Agency (NSA) in 2013.
The leaked information showed countless surveillance programs on personal data and communications around the world. This led to a large awareness and debates globally about data privacy and security.
This is considered a waking call for tech giants to start questioning the pros and cons of existing legislation regarding cloud storage.
This awareness finally led to other important legal cases in different fields such as data and communication.
2013 – Microsoft served to disclose user’s data: In 2013, Microsoft was served with a warrant issued by a New York state judge based on a Federal Bureau of Investigation (FBI) case. Microsoft was challenged to hand over the personal data of a specific user saved in Microsoft data centers.
At first, it seemed to be unimportant as these kinds of investigations over personal properties take place all the time.
Moreover, based on the SCA Act (Stored Communications Act addresses disclosure of stored electronic communications by third-party internet service providers) Microsoft was obliged to disclose the data in question.
There was a catch though, the data was not located in United States territory but in Irland. If it wasn’t the case, we probably didn’t even know about this incident today. Everything escalated when Microsoft refused to give access to those data indicating the SCA Act does not compel American companies to give access to data stored in servers outside the United State.
Ultimately, the US government could not force Microsoft to disclose any customer data.
2015 – Safe Harbor Agreement on transferring personal data: In 2015, in the Max Schrems case, the safe harbor agreement to transfer personal data between the EU and US was declared invalid by the Court of Justice of the European Union. According to EU Data Protection Directive, transferring personal data to third countries is possible only if they provide an adequate level of protection which the US clearly lacked an equal level of protection against surveillance for personal data.
All the abovementioned cases alongside the rise of cloud storage showed the current flaws in data sovereignty laws, especially what it meant for businesses. There was clearly a contradiction in surveillance programs under the name of public safety and the individual’s freedom rights.
Why Is It So Important?
Before going into details, let’s take a look at this list:
- Each day, we generate 5,000,000,000,000,000,000 bytes (5 exabytes) of data
- It is estimated to reach 175,000,000,000,000,000,000,000 bytes (175 zettabytes) by 2025, with a compound annual growth rate of 61%.
- Data centers and the public cloud will respectively store 51% and 49% of the data
- IoT will comprise 90,000,000,000,000,000,000,000 bytes (90 zettabytes) of data in 2025
- International Data Corporation estimated 46% of the worldwide data in 2025 will be stored in the public cloud platform
Now let’s see how people think about privacy and the vulnerability of their personal data according to Pew Research Center
When people asked; what does digital privacy mean to you?
Themselves / their personal information and possessions / the desire to keep things to themselves | 17% |
Control over information / possessions / self / deciding what aspects of their lives are accessible to others | 14% |
Privacy is a myth / means nothing / doesn’t exist | 9% |
Having their information sold / third party involvement | 6% |
Crime / hacking fraud / any means of illicit activity | 5% |
General security references, i.e. ”secure”, “guarded”, “protective” | 4% |
Other people and organizations not being able to access their possessions or private life | 3% |
Tracking / surveillance / monitoring / spying | 3% |
Company measures / how websites / companies should secure data / terms of service / privacy settings | 2% |
Personal information is only accessible with the person’s knowledge or consent | 2% |
Threat from the government regarding themselves / possessions / or private life | 1% |
Now you might see the problem. There is clearly an unbalance in the amount of data we produce and the knowledge of our data privacy.
Considering the increase in cloud computing and the rate of generating new data every day, we must come to a general definition of our privacy to prevent our data from being exploited.
What It Means for Businesses
Besides individual privacy, this subject also concerns organizations. Corporations must be aware of not only regulations but also the claim made by some governments that they have the authority to seize data from servers located on their territory.
It is no longer acceptable to conceal oneself behind a veil of ignorance. Businesses must understand where their data is stored and then take the necessary steps to ensure compliance with the regulations that govern that location. Furthermore, they must ensure that their cloud provider provides strict security and has protocols in place in the event of a data breach or the need to destroy any data.
If you came so far, you might also find these articles interesting: