Sovereign cloud and the 5G network: an assessment

Global interest in data sovereignty and privacy is rapidly increasing

Most countries have data protection regulations in place or are drafting data protection policies. The EU’s General Data Protection Regulation (GDPR) and its predecessor, the Data Protection Directive (DPD), have been instrumental in guiding discussions on data protection and privacy worldwide. Both pieces of legislation have had an impact on attitudes to data protection, prompting other countries and regions to adopt similar frameworks to safeguard the information of their residents. 

The publication of the GDPR was a watershed moment in the history of data protection legislation, showcasing the possibility of enforcing comprehensive laws across a large geographical area. This is leading to further supranational efforts to protect sensitive information. However, although countries generally agree on the principles of data protection, their legislation varies in scope and detail and the introduction of supranational legislation remains a difficult and expensive process. As a result, many companies err on the side of caution and introduce restrictive data policies that are not well-aligned with those of their neighbours and trading partners.

Renewed interest in data sovereignty is being driven by the expansion of the global digital economy and the ease with which digital mechanisms generate, process and use customer data, including across borders. Data sovereignty, which Analysys Mason defines as data that is subject to the regulations of the country of origin, is fundamental for providing adequate levels of data protection to digital economy participants. Data sovereignty is associated with the ideas of data localisation and data residency, which set out what, how and if at all data can leave the jurisdiction where it was produced. Laws based on these concepts can make it difficult for enterprises to operate internationally due to different regulations they need to meet in each country.

This report assesses the challenges that public clouds pose for enterprises that want to continue to comply with data sovereignty rules.