The growing use of globally distributed computing services and resources, with huge amounts of data being moved regularly from one country to another, there is a great deal of concern among data owners over the risk that their data and the hardware that stores and moves it could be implicated in a violation of international law. It is an issue of great concern to all global companies that even a perceived violation of these regulations could expose their sensitive data to unwanted access, scrutiny, and seizure. These issues are known as data residency.
Data residency laws can be confusing for companies that store data even if they store it within their own native country and region of operation. While specific rules and regulations regarding where in the world your data is stored, there is one basic rule that describes the whole of these laws. It all comes down to where the data center is located that hosts the data.
What Data Residency Means
If you are a US company that has data storage facilities overseas- in, say Japan- your data is governed by Japanese law and the Japanese tax code. In other words, according to international law, your data lives where it is stored- not where it is used, where it comes from, or in the location of whoever owns it. If you are the owner of a piece of software or a data collection that exists in Mexico, even if you live in Canada- that data is governed by Mexican laws and tax regulations.
The Patriot Act
If this doesn’t seem like a hostile enough atmosphere for any globally operating data firm, it gets worse. With the introduction of the Patriot Act last decade and relatively recent additions to its provisions- the FBI has authorization to supenea, seize, or scour the contents of any data center owned by a US owned company no matter where in the world that company keeps its data facilities.
That’s bad news for criminals who store their data in US owned companies, so far- so good. But this can be extremely unfortunate for legitimate enterprises whose entire business model could be radically disrupted should their data be seized as evidence in an international terrorism investigation.
This is, of course, an extreme example of the kinds of trouble that can come about through a complex series of laws that are far too compendious to cover completely here. But, there are many similar legal pitfalls that companies who store their data with American owned cloud data firms can face, and cases of international law can take years- sometimes decades to be resolved. Your data could be lost in legal limbo long beyond the point where it is useful effectively forever.
The European Solution
Because the European Union, as a collection of Western nations, is closely linked with the security concerns of the United States- many European cloud storage companies have seen the need for legitimate businesses to escape the pitfalls which have come about from these new security laws. Many such firms specialize in working with US companies whose data would normally be subject to search and seizure for arbitrary reasons. Today, this is the mainstream solution for many data residency problems.
We include the following, very informational video for your benefit. We are not affiliated with the producer in any way, but thank them for the great tutorial.
By staff writer