Choosing a collaboration tool to gain data sovereignty

The rise of data sovereignty is forcing companies to think twice before selecting collaboration tools. Protecting citizen data is at the core of the increasing prevalence of data sovereignty laws and regulations around the world. This is something that organizations must grapple with, as they are compelled to take back control of their data.

Most of us didn’t think much about what was happening with our communications and collaboration data until Edward Snowden came onto the scene in 2013. It shocked most of us into the realization that our conversations and messages weren’t that private after all. While it’s just one of several instances of privacy breaches over the past two decades, it’s perhaps the most well-known and often referenced.

In the years since Snowden, we’ve seen a significant crackdown when it comes to national laws and governance structures related to data – thus the emergence of “data sovereignty” as a mainstay in our privacy playbook.

Simply put, data sovereignty means that data you generate is subject to whatever laws and regulations apply in the country where it is collected. If the data is collected in the U.S., it’s subject to U.S. regulation, and the same if it is collected in the E.U. For many companies, this means that it becomes incredibly complex when its data travels outside its own borders. As a result, there is an increasing tendency towards ‘data residency’ – a term for storing data in a specific place, typically close to home.

Organizations are making moves to ensure their data doesn’t travel

“For Pexip, as a video solution provider, we are seeing an increased interest in moving video communication data on-premises or into a private cloud. This gives enterprises much more control of their data while restricting the movement of that data across borders – thus ensuring compliance with local laws,” explains Thomas Edberg, Vice President CTO Office, Pexip. Schrems II marked a significant turning point for European data and digital privacy protection. This was a decision made in 2020 by the European Union’s Court of Justice to restrict data sharing, storage and processing between the EU/EEA and the U.S. Countries across Europe were forced to take swift action to comply with this new decision. “In Sweden for example, the government has made moves to compel organizations to avoid collaboration solutions in which data is stored outside the E.U. This has resulted in the public health agency, among others, to seek video collaboration solutions that give them full control of their data, while also enabling them to keep their data out of a shared cloud solution in another country,” says Edberg.

As organizations grow more “privacy mature”, technology vendors must be prepared

Corporate collaboration tool providers, like Pexip, are experiencing a change in both requirements and general sentiment from organizations in the wake of this global privacy push. Companies aim for full compliance. They want to know where their data is traveling, where it is stored, and with whom it is shared. And vendors must be prepared to answer these questions and stay aware of the ever-evolving local law and regulation to which it is subject.

“At Pexip we take a holistic approach and ensure that we comply with the strictest standards and global best practices,” says Edberg. “We believe that the trend towards more self-hosted solutions, such as on-premises and private cloud, will continue to increase, as companies aim to reduce the risks associated with putting their confidential data outside their borders, and outside their control.”

In the cases of particularly sensitive or confidential data, for example stemming from the government or the healthcare sector, the repercussions of potential disclosure or even exploitation of this data is often deemed as a risk too great to take.

“Both the public and private sector companies we work with have matured a great deal in this area, and their expectations are high,” adds Edberg.

“Compliance with local data protection laws is not optional, and we, the vendors, must work to both meet and exceed the requirements, all while maintaining a superior user experience. This is not a one-and-done task, but a constant one, because really it comes back to the citizens. We must continue to do better to protect people and their data.”

Protecting people and data is Pexip’s obsession. Read more about what we do to keep data safe.