Queridos amigos y colegas,
Continuing in my Merida-Miami spirits, I choose to address you in Spanish!
The recently concluded IBA Annual Conference 2022, and its precursor the Intellectual Property, Communications and Technology Section Retreat in Merida, Mexico, have left me exhausted, yet satisfied at having reconnected with so many friends from all corners of the world.
The build-up to the conference, including preparation for the Retreat and the panels at the conference, allowed me the opportunity to interact with several colleagues and learn from each one of them.
Interestingly, my comments on a panel put together by the Banking Committee got me the most responses. Here, we spoke about how Big Data is being actively used in the financial industry. We worked through an imaginary character Spencer and his banking needs. Some 50 years ago, Spencer would walk into a branch office in his city, and approach a cashier who knew him, having provided services to Spencer for many years. He knew where Spencer worked and what his financial needs were – and, accordingly, his service was professional and amicable. Banks earned and maintained the trust of their customers who had ongoing personal contact with bank employees.
Today, Spencer may work for an international company that has offices in several countries. It’s quite possible that he will stay in London for two years, then in Berlin for a year, then in Dubai for another two years, and his next stop may be Singapore. Would the old scheme be suitable for today’s scenario? Data Science in banking allows continuous analysis and storage of all information from traditional and digital sources, creating an electronic trail of each client.
So, the theme of our panel was how Big Data has come to the rescue of banks in serving Spencer. We focused on Big Data — the ever-growing volume of structured and unstructured information of various formats, which belongs to the same context in the banking and financial industry, and its main properties — volume, velocity, variety, value, and veracity. However, the comments that I referred to earlier touched on a slightly different topic – namely, data sovereignty.
We commonly understand data sovereignty to be a concept where information that has been converted and stored in binary digital form is subject to the laws of the country in which it is located. My comments were related to distinguishing and clarifying certain terms that often get confused with one another – data sovereignty; data privacy; data localization; and data residency. Confusion is understandable, as some of these terms are used interchangeably. So, what is the difference?
Data sovereignty – Data sovereignty defines the rules and regulations that data should be subject to. For instance, the EU specifies that data collected from its citizens are subject to the GDPR, regardless of where it is stored. Therefore, businesses are compelled to develop solutions that ensure they comply with relevant data privacy and security laws. Failing to abide by the regulations in the areas where one collects, manages, or stores customers’ data can lead to significant fines or other strictures. We also discussed how cloud computing has made data sovereignty more challenging for businesses.
Data privacy – That everyone has the right to control how his/her personal data/information is collected and used is the core thrust of data privacy. It is this purpose that triggers the rules, practices, and data sovereignty laws that have been developed to ensure that any information related to natural persons is used only for its stated purpose.
Data localization – A data handling concept, which is hot on the agenda of several countries, like China, is that data localization requires any data on the nation’s citizens or residents to be collected, processed, and stored within the country’s borders.
Data residency – Simply put, the concept of data residency refers to the geographical location where a company decides to store its data. Such choices are usually determined based on government policies or regulations. Another determining factor is to try and leave data closer to the locations where it will be used frequently.
Given that over 100 countries have data sovereignty laws, I discussed some of the compliance challenges with data sovereignty for companies working with data from multiple territories. These challenges with achieving compliance include: ever-changing laws; business growth in unchartered territories; expectation of data mobility; being ready with technological transparency for any audit; issues related to cloud Infrastructure; and compliance resulting in higher operational costs.
While many turn to major cloud providers like AWS and Microsoft due to confidence in their data sovereignty compliance, yet it is important to remember that the eventual responsibility is on the entity handling the data.
I am sure each one who attended the Miami conference has stories of what you learnt and how you benefited from sharing your experiences. Do share some with me.
While we prepare for a new IBA year from January 1, 2023, we are keen to know who among you would like to be more involved in the Committee. Be it as office bearers or contributors to programming. A slate of programs and events has been planned for the coming year. I hope you will share your interest as early as possible so that we may consider you for active involvement through the year of 2023.
I look forward to seeing you in Paris for the IBA Annual Conference 2023, if not earlier.
D’ici là cordiales salutations personnelles,
Sajai Singh
Co-Chair, Technology Law Committee
Sajai's broad-based practice focuses on Mergers, Acquisitions, Joint Ventures, strategic alliances, restructurings and financings (whether debt or equity), with particular emphasis on cross- border transactions.