How To Navigate The Data Location Minefield

Andrew Roughan, business development director at IO UK examines the difficulties of applying physical laws to the digital world

Location (n): A particular place or position

The idea of location used to be a simple concept in a physical world where we have clear-cut boundaries defined by physical co-ordinates. However, the emergence of the digital realm has meant that boundaries between cities, countries and continents have blurred. A document for a US company could be created in an office in London, but stored in a data centre in Germany – and it then becomes tricky to decipher exactly which laws that document has to comply with.

The recent Safe Harbor ruling for example states that the data of any European citizen cannot be kept in the US or fall under the remit of PRYSM. And by the end of this month both the EU and US will have to authorities will have to establish an alternative data-sharing agreement.

But what impact will this have on global businesses and the data centres that host their valuable data?

Collision course of the digital and physical worlds

New technologies and innovations mean that digital societies and geographical boundaries can no longer work together coherently. Trying to define the boundaries of digital content is becoming increasingly challenging and Safe Harbor rulings in 2015 highlight the complex nature of the digital data protection landscape.

data-breachBusinesses and service providers are now assessing how this affects their offerings, with many adding clauses into existing contracts in order to work around the ruling. However, this approach is merely a temporary band-aid for an issue that needs to be addressed from the roots – current laws just cannot effectively manage our digital world. It’s no longer possible to manage the digital world regionally – it needs a global view.

Drawing the lines of the digital battleground

Virtualisation is the foundation of every cloud, and as businesses increasingly move towards storing data in public and private clouds pinpointing the exact location of where this data is stored becomes tricky. And trying to shoehorn virtualisation into physical characteristics seems counter-productive.

Post-Snowden and Safe Harbor, data sovereignty and the role and location of data centres have been pushed to the top of the agenda. US companies have moved to globalise their data centre footprints, so they could keep their customers’ data in regional data centres, rather than consolidated in the US.

Microsoft was quick to announce it would be opening a German data centre in conjunction with Deutsch Telekom shortly after the Safe Harbor ruling – a move to further distance itself and its European customers’ data being associated with an American tech giant governed by PRYSM.
But a global data centre footprint is only part of the solution to complex data sovereignty and custody challenges. Businesses of all sizes can now operate on a global level – from huge conglomerates like Amazon to small “Etsy-like” retailers – which means everyone needs to concern themselves with the location of their customer data and which laws it needs to abide by.

Safe Harbor has catapulted data location, the laws, and the ethics surrounding them into the mainstream. And until governments and businesses look at these issues at a global level versus a regional level the complexity of this minefield is only going to worsen. In the meantime businesses and organisations will need to thoroughly assess the location of their European customers’ data and move its physical location out of the US. Data centres with a global footprint and premises located in various countries will help businesses ensure their data is compliant with that geographies data laws – but this is only a patch for a global issue that digital world cannot simply be governed by physical laws.

Are you a data centre expert? Try our quiz!