Community hub
Recent from talks
Contribute something to knowledge base
Content stats: 0 posts, 0 articles, 0 media, 0 notes
Members stats: 0 subscribers, 0 contributors, 0 moderators, 0 supporters
Subscribers
Supporters
Contributors
Moderators
Hub AI
Data sovereignty AI simulator
(@Data sovereignty_simulator)
Hub AI
Data sovereignty AI simulator
(@Data sovereignty_simulator)
Data sovereignty
Data sovereignty means that data generated within a country's borders is governed by that nation's laws and regulatory frameworks; this ensures local control over data access, storage, and usage.In other words, a country is able to control and access the data that is generated in its territories. An example of a nation's data sovereignty policy would be Australia's Privacy Act 1988, which established the Australian Privacy Principles (APPs) that regulate the handling of personal information by government agencies and private sector organizations. The APP contains 13 principles for how all personal or organizational data in Australia is meant to be kept. For many countries, the issue of data sovereignty is presented as an issue of national security with concerns over being able to protect citizens' personal data. Data can be used to help improve medical care, reinforce national security as well as have a positive impact on many economic and social infrastructures but may also be used for identity theft and other data related attacks.
The concept of data sovereignty is closely linked with data security, cloud computing, network sovereignty, and technological sovereignty. Unlike technological sovereignty, which is vaguely defined and can be used as an umbrella term in policymaking, data sovereignty is specifically concerned with questions surrounding the data itself. The issue of managing data sovereignty can be considered more complex when introducing the idea of cloud computing, where data can be accessed globally; meaning organizations and companies must comply with multiple nations data laws. Data sovereignty is also associated with data localization, the requirement that data be stored within a specified region, and data residency, the actual location in which the data is stored, such as cloud servers.
Data sovereignty as the idea that data is subject to the laws and governance structures within one nation, is usually discussed in one of two ways: in relation to Indigenous groups and Indigenous autonomy from post-colonial states, or in relation to transnational data flow. With the rise of cloud computing, many countries have passed various laws around the control and storage of data, which all reflect measures of data sovereignty. More than 100 countries have some form of data sovereignty laws in place. With self-sovereign identity (SSI), the individual identity holders can fully create and control their credentials, although a nation can still issue a digital identity in that paradigm.
The Snowden revelations on the National Security Agency's (NSA) PRISM program provided a catalyst for global data sovereignty discussions. It was revealed that the US was collecting vast swaths of data not only from American citizens, but from around the world. The program was designed "to 'receive' emails, video clips, photos, voice and video calls, social networking details, logins and other data held by a range of US internet firms" such as American tech companies like Facebook, Apple, Google, and Twitter, among others. In the wake of the revelations, countries became increasingly concerned with who could access their national information and its potential repercussions. Their worries were further exacerbated due to the US Patriot Act. Under the act, US officials were granted access to any information physically within the United States (such as server farms), regardless of the information's origin. This meant that any information collected by an American server would have no protection from the US government.
Another instance that put data sovereignty in the news was a case between Microsoft and the US government. In 2013, the Department of Justice (DoJ) demanded that Microsoft grant the DoJ access to emails "related to a narcotics case from a Hotmail account hosted in Ireland". Microsoft refused, stating that this transfer would result in the company breaking data localization and protecting laws in the EU. The initial ruling was in favor of the US government, with Magistrate James Francis concluding that American companies "must turn over private information when served with a valid search warrant from US law enforcement agencies". Microsoft asked for an appeal and went to court again in 2016 with the case Microsoft v. United States. John Frank, the VP for EU Government Affairs at Microsoft, stated in a 2016 blog post that a US court of appeals ruled in favor of Microsoft, supporting the notion that "US search warrants do not reach our customers' data stored abroad". On October 23, 2017, Microsoft said it would drop the lawsuit as a result of a policy change by the Department of Justice (DoJ) that represented "most of what Microsoft was asking for."
Discussions of Indigenous data sovereignty for Indigenous peoples of Canada, New Zealand, Australia, and the United States of America were underway as of 2017[update]. Data sovereignty is seen by Indigenous peoples and activists as a key piece to self-governance structures and an important pillar of Indigenous sovereignty as a whole. The decolonization of data is seen by activists as a way to give power to Indigenous people to "determine who should be counted among them" and would be able to better reflect the "interests, values and priorities of native people". Scholars also argue that given the power over their own data, Indigenous peoples would be able to decide which data gets disseminated to the public and what does not, a decision typically made by the settler government. According to author Peter Yu, as discussed in his article on the Power of Data in Aboriginal Hands, the significant gaps in statistical data that can be seen with indigenous people is highlighted in importance. It is believed that by restoring control over data, new possibilities for improvement will open and lead to increased understanding, dialogue, accountability, and even "informed decision-making" which one could argue would give the power back to indigenous people. Currently some researchers, such as Ray Lovett, argue that there is a significant issue when looking at statistical expertise and capacity. In fact, it is believed that if statistical capacity is increased it could be the exact pivoting point that indigenous peoples will need in order to better "assert data sovereignty".
In New Zealand, Te Mana Raraunga, a Māori data sovereignty network, created a charter to outline what Māori data sovereignty would look like. Some of the requests in the charter included "asserting Māori rights and interests in relation to data", "advocating for Māori involvement in the governance of data repositories" and "Supporting the development of Māori data infrastructure and security systems".
In Canada, Gwen Phillips of the Ktunaxa nation of British Columbia has been advocating for Ktunaxa data sovereignty and other pathways towards self-governance in the community.
Data sovereignty
Data sovereignty means that data generated within a country's borders is governed by that nation's laws and regulatory frameworks; this ensures local control over data access, storage, and usage.In other words, a country is able to control and access the data that is generated in its territories. An example of a nation's data sovereignty policy would be Australia's Privacy Act 1988, which established the Australian Privacy Principles (APPs) that regulate the handling of personal information by government agencies and private sector organizations. The APP contains 13 principles for how all personal or organizational data in Australia is meant to be kept. For many countries, the issue of data sovereignty is presented as an issue of national security with concerns over being able to protect citizens' personal data. Data can be used to help improve medical care, reinforce national security as well as have a positive impact on many economic and social infrastructures but may also be used for identity theft and other data related attacks.
The concept of data sovereignty is closely linked with data security, cloud computing, network sovereignty, and technological sovereignty. Unlike technological sovereignty, which is vaguely defined and can be used as an umbrella term in policymaking, data sovereignty is specifically concerned with questions surrounding the data itself. The issue of managing data sovereignty can be considered more complex when introducing the idea of cloud computing, where data can be accessed globally; meaning organizations and companies must comply with multiple nations data laws. Data sovereignty is also associated with data localization, the requirement that data be stored within a specified region, and data residency, the actual location in which the data is stored, such as cloud servers.
Data sovereignty as the idea that data is subject to the laws and governance structures within one nation, is usually discussed in one of two ways: in relation to Indigenous groups and Indigenous autonomy from post-colonial states, or in relation to transnational data flow. With the rise of cloud computing, many countries have passed various laws around the control and storage of data, which all reflect measures of data sovereignty. More than 100 countries have some form of data sovereignty laws in place. With self-sovereign identity (SSI), the individual identity holders can fully create and control their credentials, although a nation can still issue a digital identity in that paradigm.
The Snowden revelations on the National Security Agency's (NSA) PRISM program provided a catalyst for global data sovereignty discussions. It was revealed that the US was collecting vast swaths of data not only from American citizens, but from around the world. The program was designed "to 'receive' emails, video clips, photos, voice and video calls, social networking details, logins and other data held by a range of US internet firms" such as American tech companies like Facebook, Apple, Google, and Twitter, among others. In the wake of the revelations, countries became increasingly concerned with who could access their national information and its potential repercussions. Their worries were further exacerbated due to the US Patriot Act. Under the act, US officials were granted access to any information physically within the United States (such as server farms), regardless of the information's origin. This meant that any information collected by an American server would have no protection from the US government.
Another instance that put data sovereignty in the news was a case between Microsoft and the US government. In 2013, the Department of Justice (DoJ) demanded that Microsoft grant the DoJ access to emails "related to a narcotics case from a Hotmail account hosted in Ireland". Microsoft refused, stating that this transfer would result in the company breaking data localization and protecting laws in the EU. The initial ruling was in favor of the US government, with Magistrate James Francis concluding that American companies "must turn over private information when served with a valid search warrant from US law enforcement agencies". Microsoft asked for an appeal and went to court again in 2016 with the case Microsoft v. United States. John Frank, the VP for EU Government Affairs at Microsoft, stated in a 2016 blog post that a US court of appeals ruled in favor of Microsoft, supporting the notion that "US search warrants do not reach our customers' data stored abroad". On October 23, 2017, Microsoft said it would drop the lawsuit as a result of a policy change by the Department of Justice (DoJ) that represented "most of what Microsoft was asking for."
Discussions of Indigenous data sovereignty for Indigenous peoples of Canada, New Zealand, Australia, and the United States of America were underway as of 2017[update]. Data sovereignty is seen by Indigenous peoples and activists as a key piece to self-governance structures and an important pillar of Indigenous sovereignty as a whole. The decolonization of data is seen by activists as a way to give power to Indigenous people to "determine who should be counted among them" and would be able to better reflect the "interests, values and priorities of native people". Scholars also argue that given the power over their own data, Indigenous peoples would be able to decide which data gets disseminated to the public and what does not, a decision typically made by the settler government. According to author Peter Yu, as discussed in his article on the Power of Data in Aboriginal Hands, the significant gaps in statistical data that can be seen with indigenous people is highlighted in importance. It is believed that by restoring control over data, new possibilities for improvement will open and lead to increased understanding, dialogue, accountability, and even "informed decision-making" which one could argue would give the power back to indigenous people. Currently some researchers, such as Ray Lovett, argue that there is a significant issue when looking at statistical expertise and capacity. In fact, it is believed that if statistical capacity is increased it could be the exact pivoting point that indigenous peoples will need in order to better "assert data sovereignty".
In New Zealand, Te Mana Raraunga, a Māori data sovereignty network, created a charter to outline what Māori data sovereignty would look like. Some of the requests in the charter included "asserting Māori rights and interests in relation to data", "advocating for Māori involvement in the governance of data repositories" and "Supporting the development of Māori data infrastructure and security systems".
In Canada, Gwen Phillips of the Ktunaxa nation of British Columbia has been advocating for Ktunaxa data sovereignty and other pathways towards self-governance in the community.