Why is this splintering happening? Most of it stems from a combination of effects of individual states trying to maintain their own national “data sovereignty.” Most notable of those effects are data privacy and data localization regulations as well as restrictions on data deemed inappropriate by governments. Today, over 30 world regions/nations impose data sovereignty regulations, including the EU, Brazil, China, and India. With new measures being proposed and considered in governments weekly, more countries are jumping on board the trend to splinter the internet. As Keith Wright, Executive Vice President and COO of the Congressional Black Caucus Foundation, Inc. recently noted, “Never have so many governments, authoritarian and democratic, actively blocked internet access to their own nationals.” This won’t just be bad news for free speech and thought, the Splinternet is already a formidable threat to businesses operating in multiple countries. As such, US-based enterprises need to reverse their state of denial and educate themselves regarding data sovereignty and how to manage their business data through it. The fact is, not all countries are playing by the same rules. Different nations have different rules governing the use and movement of all kinds of data. If you remain unaware long enough or do nothing to respond, you will find your applications and services cut off from your valuable consumers in certain countries/regions. Simultaneously, you will face anywhere from 0.5 to 4 percent of your total annual revenue in fines, depending on whether you run afoul of EU’s GDPR, China’s Cybersecurity Law, or other penalty-enforced regulations.
Nations of all kinds have started this new Cold War
Numerous organizations have already been impacted by the barriers to free data flow imposed by ‘The Great Firewall of China.’ Yet, that represents just the tip of the data sovereignty iceberg when operating within China. Under the China Cybersecurity Law, the country has implemented and enforced a vision for the internet that is diametrically opposed to that of the US, and China’s government has attracted numerous copycat regimes around the world to take a similar approach. It’s a significant blow to the US vision of free and open access to information flowing between individuals, nations, and organizations. As national governments seek ways to control citizens and gain a lock on power, countries like Vietnam, Thailand, and others are both curbing content types accessible by their citizenry and establishing strict controls on the movement of data, particularly data that originates within their national borders. But, it’s not just the China model and other nation-followers that threaten US-based businesses operating globally. We have started to see enforcement of the EU’s GDPR with fines running into the millions of dollars. Brazil now enforces their new General Data Privacy Law (LGPD), a law very similar to the EU’s GDPR and stricter regarding international data processing. From a business perspective, it doesn’t seem to matter if the splintering of the internet is caused by policies meant to protect citizens, like GDPR and LGPD do, or if the policies are meant to give government more authoritarian control as in China, Russia, and Thailand. For businesses, the end result is the same — they must adapt data strategies to remain viable and compete within all these regions.
Why US companies have been slow to respond to the Splinternet
Companies based outside the United States have long been aware of their own national/regional developments regarding data sovereignty. By contrast, for decades, US technology leaders who often act as leading ‘voices of the internet’ have espoused the value of the American approach of a free and open Internet wherein all types of data move freely and without regard for borders. So, while Facebook’s Mark Zuckerberg has called for a ‘common global framework’ of internet rules — and the web’s creator Tim Berners-Lee has developed a ‘Contract for the Web’ that sets forth an ethical set of internet principles — much of the world is staking claims to a walled-off, splintered battleground. Therefore, many US-based companies are lagging behind global competitors when it comes to preparing for and embracing this new norm. These US companies have yet to develop region-specific data compliance strategies and have failed to begin implementing global data movement strategies to support their applications running around the world. And this could be their doom.
How to tell if your company is at risk
To know if your company is lagging behind the competition, especially foreign competitors, ask yourself a few basic questions regarding data sovereignty:
Do we have an international data strategy? Can we manage data movement specific to the EU? India? China? Other regions? Can we respond — fast — to important national or regional regulatory changes? Can we avoid being blocked from operating in each nation/region by instantly changing our data management settings?
If you cannot say “Yes” to each of the above questions, then your international operations are at risk, and it is time for you to modernize your IT operations and data mobility strategy to align with the new Splinternet reality. This does not mean a one-time effort to comply. Instead, you must establish a consistent and ongoing means for managing your data to comply with a growing number of complex, geo-specific regulations.
How to manage your data in the Splinternet era
You recognize that your applications and services need to share and access data in real time, everywhere, to make your business run. If yours is like most IT operations groups, you are managing your ‘big data’ (and international data) from centralized data lakes today that feed data to apps and services that run in the cloud. Yet, that will not comply with most data sovereignty regulations, leaving you with a choice — rely on a more decentralized data approach, or pull out of certain geographic regions. Assuming you have strong business reasons for operating in the multiple regions you do today, then ending your reliance on centralized data lakes becomes your obvious strategy. Fortunately, there are solutions out there to help you gain a compliant data sovereignty stance, with most favoring the use of distributed data repositories combined with intelligent data collection and provisioning approaches that can be modified on-the-fly to adjust to any new regulations that come down the pike. Why is readying your data compliance strategy so important today, even if you are only doing business in the US and Europe? The EU’s GDPR became formal law in May of 2018. That meant member countries and the EU governing authorities were busy interpreting violations and identifying ways to respond. In 2019 and beyond, their focus will start to shift to enforcement — and not just enforcement against the biggest tech giants, but against organizations across a broad range of B2C and B2B industries. So your company better be ready for the new data reality.