Saint Augustine, a well-known fourth-century philosopher states in the book The City of God – “In the absence of justice, what is sovereignty but organized robbery”? A pirate narrates this quote, captured and brought before Alexander the Great to explain his actions. The pirate asks the Emperor if there was any difference between his actions and those of the king, other than their scale.
Almost 1600 years have passed since the remark by St. Augustine, and while the context may have changed, but the thesis still rings true. Especially, as it related to the current hot topic of the power wielded by the internet behemoths and the challenge around data sovereignty that it has thrown up.
Since the early 2000s internet has become ubiquitous, with 60% of the world population online and logging in an impressive over 1200% CAGR in the past two decades. This pervasiveness has been driven in part by unparalleled affordability and accessibility of internet across the world and a plethora of so-called free services offered by constituents of the world wide web.
Rise of data titans
The relationship between a company and its customers is supposed to be transparent where the customer understands that he pays for a product, which in turn covers the company’s costs and margin, well at least till now. The world of internet has wholly upended these centuries-old business model, the customer does not want to pay for the services he consumes, but the company still needs to make money.
The monetization of data that is generated by the consumers while using the services of these companies has resulted in the rise of new data titans – FAMGA (Facebook, Amazon, Microsoft, Google, Apple). Today, FAMGA is over 25% of the S&P market cap, highlighting the dominance of these tech titans.
Don’t care attitude of citizens
“If you are not paying for the product, you are the product,” so goes an oft-quoted and an apt summary of the current state of affairs. This addiction to getting access to free services has fundamentally changed consumer behaviour that has made them completely ignore the risks posed by these companies tracking their behaviour online.
Analysts often say, “Data is the new oil,” but seeing the addiction to these free services, one might as well say, “Data is the new opium.”
Power of data
As these platforms made the debut in the early 200s, no one in their wildest dreams ever imagined that they would become so integral part of our lives. It is not that the world had not seen new technology adoptions before, but this is probably the only case where the adoption had become so widespread in such a short time.
In an interview a few years back, Mark Zuckerberg, founder CEO, Facebook, was quoted as saying, “We’ve been focused on making the world more open and connected. And I always thought that would be enough to solve many problems”.
Today, Facebook has become a poster child for the problems we are seeing around the amount of data harvested from user behaviour and the subsequent well-documented data abuse. The quantum and diversity of data collected by FAMGA or BAT (Baidu, Alibaba, Tencent) in the case of China have made these organizations quasi nations with immense power to change behaviours and opinions.
Lagging regulatory frameworks
As in Hollywood or Bollywood movies, cops generally show up after a crime is committed, so is the case as far as how legislation and regulators have reacted to this crisis. It was only towards the end of the last decade that regulators started waking up to the potential risks presented by these internet companies, and even then, the focus was around data protection from thefts and frauds.
The understanding of the data being harvested by these companies and the potential for the abuse of citizen’s rights took another decade to come to the forefront, driven by Snowden leaks and the Cambridge Analytica scandal.
The revelations these incidents forced governments to respond by drafting a series of interventions to hold these organizations accountable around how they harvest data.
The ambit of these legislations has now started expanding with countries wanting to control the free movement of data as well as wanting to access the data under the garb of national security or political objectives. Case in point is the IRON WALL that China has created or the attempts by Russia to restrict the free movement of data across its border – leading to a new term “SPLINTERNET.”
Data residency, Data sovereignty, Data localization
Often interchangeably used, these terms have started becoming part of the everyday conversations, as governments and legislations have started weighing down on these companies. However, these have different operational and legal implications.
Data residency; is a stand taken by an organization for storing their data for a matter of convenience, whether operational, legal or tax requirements. As is evident, this is purely a decision driven by the company’s business requirements.
Data sovereignty, on the other hand, is the applicability of the law based on where the data resides. This means that one might have collected data in one country, but it could be moved to another, and the laws applied will be of the country where the data now resides.
Data localization; is the most stringent of all three definitions. In this case, the collected data cannot leave the borders of the country, and it will also be subjected to the local laws. Quite a few countries, including India, are insisting on this provision.
Watch your back, front and sideways
Industries are in the throes of digital transformation, as is evident by the suffix “Tech” one sees on the legacy and next-generation sectors, e.g., Agri-Tech, Health-Tech, Fin-Tech, Ed-Tech. It is now both a necessity as well as a competitive need for businesses to embrace these technologies to re-invent and re-orient business models. Most board and conference room conversations focus on the business impact of these transformations; however, the elephant in the room that no one wants to talk about is; What happens to this harvested data?
Rising consumer awareness, coupled with changing regulatory frameworks, has created a dilemma for enterprises on how they can embrace the new opportunity but still stay on the right side of the law. The companies need to ask a few questions to make sure that their digital transformation strategy doesn’t run afoul of the law.
- What data is being collected?
- Is any of the data identified as sensitive?
- Where is the data physically residing?
- Is the data being moved across countries?
- Which data protection laws are applicable?
- How is the information lifecycle (create/publish/use/retain/removal) being managed?
- What is the data governance mechanism?
- Who is responsible for data governance within your organization?
The digital world is moving away from a ‘laissez-faire’ to interventionist regimes. All enterprises, irrespective of the size and industries will need to understand both the power and attached responsibilities that come with data.