Cloud solutions enable data collection and storage without geographic borders. Concern for privacy along with regulations are raising awareness for where data resides and the impact of regional laws. How organizations define where their data is stored across geographical boundaries is in part what defines data sovereignty.
According to a 2021 Data Sovereignty Now survey when asked if data sovereignty is deemed important within your organization; 60% consider it either extremely important or very important. An additional 19% classify it as somewhat important. But… this same report also noted “that people and organizations still find it difficult to put data sovereignty into practice.”1
CareAR now makes it easy to operationalize data sovereignty for EMEA or Canadian customers by provisioning their CareAR tenant (i.e., account) in Germany or Canada. For tenants provisioned in these regions, all configuration data, user data, and usage history is stored in the region of choice (one of Germany, Canada, or the United States) if requested. This added level of data management offers security, privacy and other benefits.
Currently, 92% of the western world’s data is stored in the United States.2 CareAR’s data flexibility enables organizations to “act locally” by defining where their augmented reality associated a data will be stored.
What is Data Sovereignty
Data sovereignty is a governmental policy or law noting data is subject to the data and privacy laws of a specific geographical location. In some regions this means mandating that some forms of data cannot go beyond the physical boundaries of a country or a region. Data residency and data sovereignty are not identical.
- Data Residency — Is where a business specifies that their data is stored in a specific geographic location of their choice.
- Data Sovereignty — A business specifies that their data is stored in a specific geographic location of their choice and is also subject to the laws of the country in which it is physically stored.
There is not a specific “Data Sovereignty regulation” that spans the globe or even regionally such as within European Union policy. Some nations demand local storage and regulate how data can be moved out beyond their borders.
GDPR and Data Sovereignty – Under the GDPR, any information collected from citizens of the EU must reside in servers located in EU jurisdictions or in countries with a similar scope and rigor in their protection laws. This applies to “personal data” defined as name, address, ID card/passport number, income, cultural profile, Internet Protocol (IP) address, data held by a hospital or doctor.
Note that “similar scope and rigor” in GDPR does not require data collected in member countries to be confined in the EU. It prohibits data transfers from the EU to a country that lacks “adequate” data protection unless certain safeguards are provided.
Canada PIPEDA – The Personal Information Protection and Electronic Documents Act, identifies Canadian data privacy laws enacted in 2018. PIPEDA in Canada is similar to GDPR in the data sovereignty realm with respect to the fact that PIPEDA does not mandate that companies keep their data within Canadian borders. It does specify how Canadian citizens’ information can be stored, and there are some regional differences within Canada.
CareAR data sovereignty enables global organizations with data management benefits that comply with GDPR and PIPEDA and extend value beyond by defining Tenant boundaries with a choice of Germany, Canada, or the United States. The adoption of 5G networks and proliferation of connected devices will make data sovereignty increasingly important as data storage shifts towards local and edge storage.
Get started today by taking advantage of the CareAR data sovereignty feature within CareAR Assist and Instruct.
- Data Sovereignty Now, Data Sovereignty Monitor 2021 Survey Results, November 2021
- Oliver Wyman, European Data Sovereignty Syncing values and value, 2020