Pixel Envy

Written by Nick Heer.

Creating Borders Around Data

David McCabe and Adam Satariano, New York Times:

The core idea of “digital sovereignty” is that the digital exhaust created by a person, business or government should be stored inside the country where it originated, or at least handled in accordance with privacy and other standards set by a government. In cases where information is more sensitive, some authorities want it to be controlled by a local company, too.

That’s a shift from today. Most files were initially stored locally on personal computers and company mainframes. But as internet speeds increased and telecommunications infrastructure advanced over the past two decades, cloud computing services allowed someone in Germany to store photos on a Google server in California, or a business in Italy to run a website off Amazon Web Services operated from Seattle.

In authoritarian states, governments use this theory to exercise greater control and surveillance over people. But their behaviour should not be conflated with data sovereignty overall. It is entirely reasonable for individuals to believe their national rights are upheld when it comes to their data, but that has often not been the case. Instead, people individually contract jurisdiction of their photos and location and web history and financial records to companies almost always based in the United States. For many of us, this is a rights regression. This is an unsurprising tidal shift given the U.S.’ notoriously absent personal privacy laws and its exploitative data economy.

Contrary to the Times’ reporting above, a user in Germany is more likely now to have their Google photos stored somewhere closer than a Californian server. Google operates several data centres in Europe. This is not a consequence of GDPR; many of them are older than GDPR’s introduction. Even though internet speeds are faster, latency is still a concern and geographic distance is a significant factor. It would be interesting — albeit niche — if individual users could choose where their data is domiciled, much like corporate users often can.