There can be complications when using data across international borders. Across the world, some countries are developing and implementing complicated data privacy laws. If your business is using data in different territories, then you need to ensure you are adhering to rules from the countries involved.
The range of flexibility of digital regulations varies considerably. Some countries are very strict, while others are more relaxed. Yet digital regulations are important for the protection of consumer data and privacy.
Falling Foul Of The Rules
Every multinational company faces challenges to ensure that they meet regulations. Even giants like Google can face fines from governments when they don’t follow local news. In December 2013, Spain fined the search engine giant $1.2 million for breaking their data protection laws. In the case, Spain accused Google of sharing data across its services without telling users about the collection practices.
German courts took a more business-friendly approach towards liabilities for data protection violations. One of the rulings stated that companies cannot be held responsible in regards to data protection law violations of Facebook when the business is using the social networking site’s pages. This is because, the court argued, that the company itself does not own the data.
Inside The Country Of Origin
One interesting note is that Russian lawmakers have introduced laws that state foreign internet companies need to store personal information about Russian users on a machine that is located in Russia. Many experts state that this might become the law across the world, although that does make data management particularly tricky for several reasons:
- Can you restrict your internet users based on location entirely? The internet is worldwide.
- Does this mean you need data centers in every country in which you operate? Is this financially feasible?
- What about users who travel to many different countries and use the same systems? Where is their data stored?
Apple is another company that has been accused of breaking data protection law in Germany.
Complicated Data Environment
The legal landscape is inconsistent and complex. How can this be managed? Especially when there are even greater concerns when it comes down to the cloud and how and where that information is stored.
One solution is encrypting data and limiting access to users who are located in a particular location. Another option is to use Tokenization. This is the process where you replace sensitive data with unique identifying symbols that can represent the original information. The original information can be stored elsewhere, on a master database, which can then be hardened, encrypted and used to match the token to the original piece of data.
Tokenization provides a solution for companies who are using public cloud, for where the data never leaves the in-country data center in which the tokenization process occurs. Therefore, this seems like a good solution for businesses and would appear to allow them the operational area to function within data privacy laws across the world.
Of course, that doesn’t make everything easy. Businesses still need to ensure that their specific privacy laws match the requirements of the local governments. What is a requirement in one country, might not be in another. For instance, in the US, the double opt-in is required for email sign-ups but not for those in the UK or EU.
Therefore, it is always best to speak to a consultant who can guide you through the tough data territory.
Have you been warned over your data privacy or residency? Are you following all the legal requirements your company should?
Let us know in the comments below.
By Staff Writer