Data Privacy: Who Will Win the Data Policy War?

PinIt

Winners in the war triggered by new data usage regulations will be companies that can leverage their own data as well as the data of their partners and customers while complying with all regulations.

Ever since AWS launched in 2002 and made cloud computing mainstream, data usage expansion across all industries has been unstoppable. But this has also resulted in a growing number of restrictions and regulations on data usage and data privacy.

The European Union has acted as the data privacy flagship by introducing new rules to guarantee its citizens’ rights against the ever-growing internet industry by slowly but surely clipping the wings of Google, Facebook, and other internet behemoths. Countries with large markets such as China and India are also instituting data privacy regulations. Even in the U.S., state governments, as with California, are devising their own.

See also: The Invasion of Digitization: A Threat to User Data Privacy

Another driving force behind data privacy advancements has been governments’ drive to protect their economic interests. Some governments also have rather dark motives behind their data privacy protection initiatives. These are usually states that are not really examples of a functioning democracy. When requiring that citizens’ data be stored domestically, their main goal is apparently to have more control over their people.

To stay competitive, businesses around the world keep striving towards leveraging more and more customer data. But this also means that government regulations on personal data are increasingly impacting the global business environment.

The trillion-dollar question is, literally, who is going to win this standoff? But before answering this question, we need to understand where exactly the data war is being fought.

Frontlines in the battle over data

Governments are trying to find a balance between data privacy rights and a flexible business environment. Two aspects of the business environment need to be considered here. First, businesses serving domestic markets need to have enough flexibility to keep their customers happy, as well as a competitive environment for them to grow. Second, governments want to ensure that other countries do not take advantage of their citizens or businesses.

The EU has demonstrated a slow but steady determination to create favorable market conditions for businesses while protecting the rights of its citizens. This has produced two significant results, namely the GDPR and the latest EU cloud initiative, which aims to spend more than $12 billion (10 billion euros) over seven years.

The GDPR first and foremost aims to improve the data privacy rights of the European people. However, the restrictions on data processing introduced by the GDPR hurt non-EU businesses as a side effect since almost all of today’s technology giants are based outside of Europe.

The new data privacy rules also have a significant effect on global internet business affairs. Everyone who wants to compete in the EU market must adopt the new rules. It is a win for consumers as well as for governments that are actually trying to make sure that other countries are not misusing their citizens’ data.

At the same time, global internet businesses are adapting to emerging data policies by introducing new product features that either comply with the new rules or are just trying around them at the expense of their customers.

Cookie consents are a simple example. The intentions have been good. Users should have a choice on how much data they leave behind when visiting a website. But the results are abysmal. Cookie notifications tend to be manipulative and difficult to understand. Users who do not consent have to deal with cookie walls, which make navigating through the website inconvenient or impossible. It is also safe to say that an average cookie policy is far longer than the snippet of information an average website visitor is looking for.

The EU’s latest weapon in the data policy wars—the EU cloud initiative—directly targets overseas market leaders such as AWS, Google Cloud, AliCloud, and Microsoft Azure. As the European tech scene has not been able to give birth to a cloud service provider that can compete with the top players, the EU has decided vast resources on initiatives to help fill this gap. When announcing the initiative, the EU admitted that the advancement of European cloud providers is essential to increase the competitiveness of local businesses and provide citizens, as well as public agencies, with greater choice regarding trustworthy data-processing infrastructure and services. How the foreign internet giants will respond is yet to be determined.

The U.S. as a cloud superpower

The lack of strong cloud service providers in Europe is mostly due to the EU market’s peculiarities. Delivering a highly competitive solution for 27 different countries with different languages, cultures, and regulations is much more difficult than in large and relatively monolithic markets such as the U.S. or China. According to Crunchbase, there are 2,928 cloud computing companies in the U.S. versus only 1,901 in the EU. Compared to the $43 billion that the U.S. cloud computing industry has raised, European peers have garnered only $8 billion.

Another driving force behind the European cloud initiative is rising protectionism and trade wars. Right now, most of the large European tech companies are dependent on U.S. cloud providers. Therefore, the EU has little leverage when negotiating with the U.S. on the topics such as taxation of the European revenue of U.S. internet giants. This could actually be a key trigger for launching the cloud initiative.

The cloud services market in the U.S. is advanced and pretty well balanced, with AWS, Google Cloud, and Microsoft Azure covering the majority of the market and a large number of smaller providers satisfying various niche markets. The fact that the U.S. market is also offering highly specialized but scalable services such as AWS GovCloud illustrates a dramatic gap compared to Europe.

This is why the EU decided to invest an unprecedented amount into a single initiative. The global economy is shifting rapidly towards a data-dominated environment. It is clear that any country or region without its own data infrastructure will become dependent on other countries. An historical parallel with oil-producing countries and oil-dependent economies is appropriate to characterize the gloomy future of countries with no local competitive cloud providers. An open question is when other governments will follow the EU’s example.

It is quite normal for SaaS and PaaS service providers to have products deployed across many regions and perhaps even between different cloud providers or private servers. There may be various reasons for this scattered approach, such as local government data domiciliation regulations, customer requirements, latency, and cost management. Data storage behind all the applications tends to grow infinitely. While a single data repository might be desirable, it is becoming harder and more expensive to migrate everything into a single cloud location.

When looking at all these diversification trends, it is apparent that this “egg” can be unscrambled. The final nail in the coffin of the single-cloud solution is probably the recent surprise news from AWS that in 2021 they will launch EKS Anywhere. This will enable operating Kubernetes clusters anywhere, meaning companies can distribute their services across any regions and cloud providers. When the infamously vertical AWS is officially starting to support multi-cloud container management service, there likely is no turning back.

Race to solve multi-cloud data interoperability

The new reality of diversified cloud computing opens up a race to win a new segment in the industry. Multi-cloud and data interoperability services are a fairly new and quickly growing market driven by previously discussed reasons and pushing towards segregated databases. But there is another and maybe even more powerful force—for literally every industry, staying competitive means running sophisticated data operations.

These days, almost every participant in the supply chain manages at least some data. If a business would like to benefit from customer data or the proprietary data of its vendors, it needs access to this data. But now that the GDPR, CCPA, and other data privacy regulations have started educating consumers about their privacy rights, they are increasingly uninterested in making their personal data accessible without clear control over how and by whom it will be used. Similarly, vendors and business partners are fiercely protective of their proprietary data since it is essential to their revenue streams.

This has presented the cloud computing industry with a challenge. How do you create a solution that is able to analyze data from multiple sources using data virtualization techniques while also leaving the involved datasets in their original location? At the same time, how do you respect the rights associated with these data sources?

The results of data analysis must be presented in an anonymized form without revealing the original data. At the same time, the owners of the rights to datasets need to have full control over their data and a verifiable way to audit its usage.

In truth, it is relatively easy to create a custom solution to securely virtualize and analyze data subsets from a small number of predetermined datasets. It remains a nearly insurmountable task to create a fully customizable data management system that can semi-automatically connect to any third-party data source while securing all the participating data owners’ rights. The toughest challenge is to ensure the system is fast and scalable, as more and more data needs to be handled in real time for applications such as autonomous vehicles.

An interoperability solution centered on data rights management should have the ability to enable close collaboration between even the toughest competitors. Mutually analyzing virtualized data subsets for agreed-upon purposes without revealing the original data could benefit both parties. One potential example is the analysis of autonomous vehicle data for regulatory purposes.

Another illustration is the partnership between Intertrust and InCountry. It provides an integrated platform for managing data residency and data rights that gives users complete control over data localization and processing. Data subject to residency regulations stays safely in the country of its origin, allowing it to be queried from any location while maintaining it in a secure execution environment.

This approach provides the ability to automatically store any customer’s personal data in a data center located in the customer’s home country. From the service provider’s point of view, the data can still be managed as if it were in a single database.

The winners of the war triggered by the wave of data usage regulations will be companies that find ways to leverage their own data as well as the data of their partners and customers while complying with all regulations. The next few years of this fast-developing cloud computing segment will be fascinating.

Kalle Kägi

About Kalle Kägi

Kalle Kägi is Vice President of European Operations and Corporate Development at Intertrust. He has more than 25 years of experience in creating infrastructure for trusted computing and data governance. He is the founder of Planet OS, a data infrastructure company for geospatial IoT, and served in various founding and executive roles at Flydog Design, Baker Tilly Baltics, and BDO Eesti AS. A graduate of the University of Tartu, Estonia, Kägi is a past co-chair of the Smart Ocean and Smart Industries Working Group of the World Ocean Council.

Leave a Reply