Data Sovereignty in the AI Era

As artificial intelligence continues to gain traction in virtually every aspect of everyday lives both from a personal and business perspective, data sovereignty is gaining importance. Data sovereignty is not new. Data sovereignty refers to the concept that data is subject to the laws and regulations of the country where it is collected, stored and processed. Each nation has the authority to govern the data within its borders and enforce its own data usage, protection, and privacy laws. Also, certain regulations may limit the placement of data to a short list of countries. Data sovereignty involves many types of data such as financial data, personal information, and intellectual property.

The European Union General Data Protection Regulation (GDPR) is an example of data sovereignty. GDPR mandates that personal data of EU citizens must be protected according to EU laws, regardless of where the data is stored or processed. The main aspects of GDPR include data location where a company operating within the EU must store and process personal data of EU citizens on servers located within the EU or in countries that the EU has determined to have adequate data protection laws. Companies, even those based outside the EU, must comply with GDPR if they handle personal data of EU citizens. This includes implementing appropriate technical and organizational measures to protect the data. If data needs to be transferred outside the EU, the receiving country must have equivalent data protection laws, or the company must use specific mechanisms such as Standard Contractual Clauses (SCCs) or Binding Corporate Rules (BCRs) to ensure the data is protected appropriately.

GDPR is just one example of data sovereignty forcing organizations to pay close attention to where their data is kept and have full control over the movement, if any, of data. While traditionally, data sovereignty has been focused on compliance, AI introduced a new impetus for data sovereignty – control over AI. Due to the increasing importance of AI, many countries and government agencies are keen on investing in AI for competitive advantage rather than falling behind. To control their AI destiny, many countries are paying close attention to the location of data and data processing. Therefore, they are building sovereign AI infrastructures with local providers to mitigate dependencies on providers that have infrastructure abroad or must comply with the regulations of another country.

To effectively ensure data sovereignty, organizations must understand the data protection and privacy laws pertaining to their data whether it is due to the nature of the data or due to the specific regulations of the country or countries where data is stored and processed. It is paramount to develop and enforce robust data governance policies that align with the legal requirements of the jurisdiction. Organizations must conduct regular audits and assessments to ensure compliance and continually educate employees and stakeholders about data sovereignty requirements and best practices to ensure compliance throughout the organization.

Arguably, the largest challenge of data sovereignty arises from the nature of cloud computing. Unless an organization decides to manage all its data on premises with its own IT or leverage a provider that supports “On Premises as a Service,” a cloud provider or providers control the placement of data, metadata, and copies of data. While public cloud providers enable you to determine the location of the primary copy of the data, the provider may create more data copies for disaster recovery or other reasons in another country or send metadata to another country.

Therefore, for compliance, organizations should understand well the policies of the cloud provider pertaining to data sovereignty. For AI control, organizations should build sovereign AI only with providers that enable “On Premises as a Service” storing all data, including all secondary copies of the data and metadata on servers located within the desired country thus mitigating the risk of foreign access to crucial AI data.

About the Author

Yoram Novick is the President and CEO of Zadara. He has deep expertise in enterprise systems, cloud computing, storage and software and a proven track record of over 25 years of building successful startups. He is known as a company founder, CEO, and former board member and advisor to various technology companies such as Topio, Maxta, Storwize, Druva, and Kapow. Yoram holds 25 patents in the systems, storage, and cloud domains. He holds both a bachelor’s and a master’s degree in computer science from Ben-Gurion University of the Negev.

Sign up for the free insideAI News newsletter.

Join us on Twitter: https://twitter.com/InsideBigData1

Join us on LinkedIn: https://www.linkedin.com/company/insideainews/

Join us on Facebook: https://www.facebook.com/insideAINEWSNOW