Source: Fortune
Summary
Asia-Pacific governments are increasingly asserting control over data produced by citizens, businesses, and public bodies, citing geopolitical uncertainty and concerns over foreign tech dependence. They believe data is a core national asset that should be stored locally. However, this approach is based on a flawed assumption that sovereignty is defined by where a server physically sits, rather than by who controls access to the data. Regulators are exercising digital sovereignty in various ways, including data localization mandates, certification processes, and restrictions on cross-border data transfers.
Our Reading
The numbers tell one story. Regulators are using data localization as a means to assert control, but this approach carries its own security risks. A fire at a South Korean data center knocked 647 government services offline, and an estimated 850 terabytes of government data may have been permanently lost. Data localization can also deny people access to innovative products and services, and can be anticompetitive. The practice can also prevent the world’s best large language models from using domestic content to improve their accuracy in low-resource languages.
True sovereignty isn’t about isolation, but about ensuring that customers and government agencies are empowered. This can be achieved through technical guarantees, global standards, and a strategy of relying on multiple cloud providers. A national risk-based data classification framework can also help regulators assess a company’s privacy and security processes.
The announcement sounds familiar. Data localization is a flawed approach to digital sovereignty, and a more balanced approach is needed. Trade agreements like the Australia-Singapore and EU-Singapore digital economy agreements can serve as models for a more balanced approach to data sovereignty.
Author: Evan Null
