Choosing a collaboration tool to gain data sovereignty

The rise of data sovereignty is forcing companies to think twice before selecting collaboration tools. Protecting citizen data is at the core of the increasing prevalence of data sovereignty laws and regulations worldwide. This is something that organizations must grapple with as they are compelled to take back control of their data.

Most of us didn’t think much about what was happening with our communications and collaboration data until Edward Snowden came onto the scene in 2013. It shocked most of us to realize that our conversations and messages weren’t that private. While it’s just one of several privacy breaches over the past two decades, it’s perhaps the most well-known and often referenced.

In the years since Snowden, we’ve seen a significant crackdown regarding national laws and governance structures related to data – thus the emergence of “data sovereignty” as a mainstay in our privacy playbook.

Data sovereignty means that the data you generate is subject to whatever laws and regulations apply in the country where it is collected. If the data is collected in the U.S., it’s subject to U.S. regulation, and the same if it is collected in the E.U. For many companies, it becomes incredibly complex when data travels outside their borders. As a result, there is an increasing tendency towards ‘data residency’ – a term for storing data in a specific place, typically close to home.

Organizations are making moves to ensure their data doesn’t travel

“For Pexip, as a video solution provider, we are seeing an increased interest in moving video communication data on-premises or into a private cloud, giving organizations complete control of their data while restricting the movement of that data across borders – thus ensuring compliance with local laws,” explains Thomas Edberg, Vice President CTO Office, Pexip. Schrems II marked a significant turning point for protecting European data and digital privacy. This was a decision made in 2020 by the European Union’s Court of Justice to restrict data sharing, storage, and processing between the EU/EEA and the U.S. Countries across Europe were forced to take swift action to comply with this new decision. “In Sweden, the government has moved to compel organizations to avoid collaboration solutions in which data is stored outside the E.U. This has resulted in the public health agency, among others, seeking video collaboration solutions that give them full control of their data while enabling them to keep their data out of a shared cloud solution in another country,” says Edberg.

As organizations grow more “privacy mature”, technology vendors must be prepared

Video technology providers, like Pexip, are experiencing a change in requirements and general sentiment from organizations in the wake of this global privacy push. Companies aim for full compliance. They want to know where their data travels, where it is stored, and with whom it is shared. Providers must be prepared to answer these questions and stay aware of the ever-evolving local law and regulation it is subject to.

“At Pexip, we help our customers stay compliant being at the forefront of the strictest standards and global best practices,” says Edberg. “We believe that the trend towards more self-hosted solutions, such as on-premises and private cloud, will continue to increase, as companies aim to reduce the risks associated with putting their confidential data outside their borders and control.”

In the cases of particularly sensitive or confidential data, for example, stemming from the government or the healthcare sector, the repercussions of potential disclosure or exploitation of this data are often deemed too significant to take. “Both the public and private sector companies we work with have matured greatly in this area, and their expectations are high,” adds Edberg.

“Compliance with local data protection laws is not optional, and we, the vendors, must work to meet and exceed the requirements while maintaining a superior user experience. This is not a one-and-done task but a constant one because it comes back to citizens. We must continue to do better to protect people and their data.”

Protecting people and data is Pexip’s obsession. Read more about what we do to keep data safe.

Originally published 28 January, 2023. Edit published December 12, 2023.