Data protection and data sovereignty are increasingly important in the digital economy and on a strategic level.
Why is it important?
Data sovereignty, protection and privacy are key aspects for building trust and creating added value. Data protection and data privacy have become an essential right; due to the leading role of data in our modern economy. As a result, data sovereignty measures have been adopted around the world to protect citizens’ data. Although data management does not only benefit consumers but also companies and nations.
What is data protection?
Data protection refers to the process of safeguarding important, confidential and personal data to avoid it getting corrupted, compromised or lost. It is also known as data privacy and information privacy. Data protection or privacy also consists of ensuring that data is only accessible for authorized purposes and that it can be restored in the event of being rendered unusable or inaccessible for some reason.
During the past years, many countries and regions have passed data protection regulations. The European Union’s General Data Protection Regulation (GDPR) is one of the most well-known rules, but there are many others, such as the Privacy Act in Canada or the General Personal Data Protection Law in Brazil (Lei Geral de Proteção de Dados Pessoais in Portuguese).
The Data Protection Day or Data Privacy Day has been celebrated internationally on January 28th, since 2007. Its goal is to promote best practices and raise awareness about the importance of protecting personal and confidential data.
What is data sovereignty?
Data sovereignty is a concept that refers to the fact that data processed by an organization is subject to the laws and regulations of the country or region where it is located. So, businesses must comply with data privacy regulations, guidelines and best practices within their location or the location where they provide their services. Data sovereignty also refers to the organizations’ ability to operate independently and to protect their data against potential interferences.
During the last years, many governments have passed laws regarding how data is stored, protected and used. Not only to protect their citizens’ data, but also to avoid other nations acquiring it. Since data regulations also limit how businesses and organizations can transfer personal data abroad. On this matter, the European regulatory framework — limiting personal data transfer outside the European Union — has become a standard and is a step forward in respect to data sovereignty.
Data protection and sovereignty are important aspects to consider when migrating to the cloud. At Stackscale, customers know where their data is hosted. Our infrastructure and cloud services are located within the European Union and secured by its regulations — we currently have data centers in Amsterdam and Madrid.
Why is data sovereignty important?
Data sovereignty is important because it helps countries to protect their citizens and companies’ private and confidential data, as well as to avoid other countries acquiring that data. Data privacy protection is more important than ever and companies must ensure their customers and employees’ sensitive data is safe wherever that data is stored and shared.
Data sovereignty vs Data residency
When talking about data sovereignty, the concepts of “data residency” and “data localisation” often come up in the conversation. So, let’s see what’s the difference among data sovereignty, data residency and data localisation.
- Data residency refers to the geographical location where organizations specify that their data is collected, processed and stored.
- Data localisation refers to the fact that data must stay within the borders of the country or region where it was created.
- Data sovereignty refers to the fact that data is also subject to the laws and regulations of the country or region where it is physically stored.
What is digital sovereignty?
Digital sovereignty, also known as “technological sovereignty”, is the ability of a State or region to control their digital resources, keeping them away from external influences. Digital sovereignty in the European Union is seen as a strategic matter in order to strengthen the EU’s role in the digital economy, promoting and protecting the Union’s fundamental values.
The concept of digital sovereignty is focused on achieving a lower dependence on overseas infrastructures, platforms, Internet access points, etc.
The European Digital Strategy & the Digital Single Market
The EU’s digital strategy is focused on strengthening European digital sovereignty and on setting standards. In order to create a strong, competitive digital economy, the EU Digital Strategy focuses on aspects such as:
- Boosting the growth potential of the digital economy, while adopting technologies that respect European values.
- Empowering citizens to be aware of how they act and interact with data, both online and offline.
- Building a climate-neutral and resource-efficient economy.
- Creating a fair Digital Single Market where businesses can compete on equal terms and individuals’ rights are respected.
- Improving access to digital goods and services across Europe, both for consumers and businesses.
As for the European Union’s Digital Single Market, it is built on 3 pillars:
- Ensuring better access for consumers and businesses to digital goods and services across Europe.
- Creating the right environment for digital networks and innovative services to flourish.
- Maximizing the growth potential of the digital economy.
Digital Services Act and Digital Markets Act
The Digital Services Act (DSA) and the Digital Markets Act (DMA) are legislative proposals by the European Commission, playing an important role within the European Digital strategy. The DSA and DMA form a package of new rules applicable across the whole European Union to create a safer, more competitive and open digital space.
The main goals of the Digital Services Act and the Digital Markets Act package are to:
- Create a safer digital space where the fundamental rights of all users are protected — fighting against disinformation, illegal content, etc.
- Ensure users can freely change providers and services, as well as benefit from fair prices.
- Boost and promote innovation, growth and competitiveness within the European Single Market.
- Prevent “gatekeepers” — large online platforms and companies — from abusing their power, thus creating a fairer environment for all businesses.
Data sovereignty laws in the European Union
Following the release of their main regulation in 2016, the General Data Protection Regulation (GDPR), the European Union is a leader in data protection worldwide. After this regulation, the EU has passed other laws such as the free flow of non-personal data (FFD) in 2018 and the EU Cybersecurity Act and the Open Data Directive in 2019.
The General Data Protection Regulation (GDPR)
The General Data Protection Regulation (GDPR) unifies data protection regulations within the European Union. It establishes strict rules on how EU citizens’ personal data must be stored, collected and processed; both within and outside the European Union. The GDPR entered into force in May 2016, establishing May 2018 as the deadline for Member States to put it into effect. This regulation replaced the 1995 European Data Protection Directive.
The GDPR applies both to data controllers — organizations using cloud services that process EU citizens’ data — and data processors — organizations providing cloud services that process EU citizens’ data.
This regulation, although flexible for certain aspects, applies to all EU Member States, creating a common data sovereignty and protection framework within the region. Organizations must implement security and data collection and protection measures to protect EU citizens and residents’ private data in order to comply with the GDPR.
The Data Protection Law Enforcement Directive (LED)
The Data Protection Law Enforcement Directive (LED) is a piece of legislation that establishes rules on the processing of personal data by criminal law enforcement authorities and on the free movement of such data. It entered into force in May 2016, establishing May 2018 as the deadline for Member States to put it into effect.
The regulation on the free flow of non-personal data (FFD)
The goal of the regulation on the free flow of non-personal data is to boost the benefits of the data economy. It is applicable from May 2019. The FFD contributes to the creation of a competitive digital economy within the EU. Together with the GDPR, it aims to guarantee the free movement of non-personal data across the Member States of the European Union.
The EU Cybersecurity Act
The EU Cybersecurity Act establishes a UE cybersecurity certification framework for digital products, services and processes. In addition to strengthening the EU Agency for cybersecurity (ENISA).
The Open Data Directive
The Open Data Directive provides a common legal framework to facilitate the reuse of public sector information. It also aims to make high-value data available for reuse and strengthen transparency. It entered into force in July 2019.
The Data Governance Act
The Data Governance Act, adopted by the European Commission in November, 2020, aims to boost data sharing across sectors and Member States to leverage the potential of data for the benefit of EU citizens and organizations.
Some of the Data Governance Act’s goals are to:
- Increase trust in data sharing.
- Strengthen mechanisms to increase data availability.
- Overcome technical obstacles to the reuse of data.
- Support the development of common European data spaces in strategic domains.
To sum up, there is no doubt that data protection and data sovereignty are a priority nowadays.
The IT sector is continuously evolving and new trends and technologies such as the cloud, the Internet of Things or Artificial Intelligence are becoming increasingly relevant in our daily lives. A clear example of this is how cloud adoption among enterprises in the EU keeps growing. On this matter, the EU is making great efforts to protect digital sovereignty, and boost innovation and competitiveness within the European Union.
At Stackscale, we always develop our products and services with security, privacy, transparency and efficiency in mind. Besides, we are proud to say that we opt for open standards and protocols to develop our Private Cloud solutions. Since that enables our customers to keep greater control over their IT environment.