Countries have marketed data protection laws as a consumer protection story, but it’s more of a: “data is our commodity and we aren’t going to share it for free” story.
Don’t get me wrong, Western markets, specifically the EU is going to throw some fines at mega corps for playing fast and loose with users’ data, but are these paltry fines what they’re after? In 3 years, how many judgements resulted in large fines? Do these fines move market caps? No—and all parties know it.
When you look around the world, have data protection laws delivered on the below?
– Safeguarding valuable data from leaks, loss, and theft – No
– Maintaining and increasing public, investor and customer confidence – No
– Improving brand value and gaining competitive advantage – No
Generally speaking, data protection laws haven’t practically delivered on protecting consumers’ data, they’re simply an opening salvo for countries to drive a specific narrative—to force foreign firms to operate technical infrastructures within their jurisdictions.
For example, in Russia they’re already starting to push US tech firms to set up entities in the country. Case in point: FGX did a deployment into Russia some years ago as our client needed to comply with changing data protection laws that were recently passed. Since that date we have seen the laws become more strict.
Although we are still in the early innings, we will start to see stricter regulation in tricky non-Western markets. It’s only a matter of time before countries really start pushing back on companies that are drinking their data milkshakes.
That being said, the narrative is slow moving and will unfold at the time scale of decades. In the short to medium term I can see why countries are doing what they are doing. Naturally, nation states desire a more equitable share of value and power. In exchange for allowing companies access to their markets, they will push them to operate within their borders. This will force companies to experience meaningful international nexus and thus governments will capture more: tax, control, equity and power.
As nation states begin to treat data as the valuable resource that it is, we will see more state actors limiting where “its” data can go and how it’s moved and stored by foreign companies operating within their borders.
The middle innings, whenever they come, are going to expose what really matters to state actors. In my opinion, what matters most is that nation states force foreign companies and governments to geo-locate the physical hardware used to run their businesses within the country’s sovereign borders. In theory, this will help them ensure that businesses don’t sidestep their laws and or the spirit of their business culture while benefiting from accessing their domestic markets.
This makes sense to me. Globalization has peaked and will be corrected with protectionist policies. “If you want to access my market, you play by my rules and if you don’t play by my rules I need to be able to mitigate and manage quickly and easily.” Although most countries won’t go as far as China on this, most countries will act similarly.
What does this mean for IT infrastructure people? It means that supporting your international infrastructures is going to get a lot more complicated.
Being able to quickly and securely deploy, augment or even pull gear out of international markets will be a competitive advantage in the coming years and decades; it’s one of the reasons for why IT supply chain and logistical competency is a hot topic with executives presently. This story is but a small part of what is changing at warp speed in our industry. I have good news however; with volatility comes great opportunity.