Tick tick tick? Is the data sovereignty issue a destructive timebomb or a potential DSP assist?

• Real  data privacy concerns underpin Europe’s struggle with US tech giants over where European user data can be kept 
• But there is also an undeniable dash of regional self-interest at play
• Does the apparent drive to keep data stored within national and regional borders for security reasons have an upside?

Here’s the story so far. Back in August the US administration decided that TikTok, a Chinese owned dance app, was a security danger since it collected huge amounts of data from its US users and, in some obscure way, might be able to use it to threaten US national security (despite the fact that dozens of of US companies also collected similar amounts of data and much of it was for sale - potentially to China).

Discussions and various disclosures continued to grab headlines as Trump ordered that the company’s US component  be sold to a US company. This move appeared to everyone outside the US as tantamount to extortion - especially as the president seemed to view it as if it were a profitable ‘deal’ more than a security move.  It was pointed out that if TicTok’s sale was forced it would set a precedent for other countries (China) to do the same thing to its foreign players  -  order one or more to sell up or ship out. 

Meanwhile over in Europe

The European Commission, as is its wont, had been carefully trying to find a solution to a direct parallel to the US/TikTok flare-up. Big tech - in particular Facebook -  was shipping European user data back to the US where there were next to no data privacy protections. Various deadlines were set for get-outs and special arrangements that might see the data protected, but in the end the European authorities ran out of road (and probably patience) and in July the European Court of Justice  found that there were insufficient safeguards against spying on European user data  by US intelligence agencies (sound familiar?). 

Step forward Ireland’s  Data Protection Commission (DPC) which issued a ruling instructing Facebook to stop transferring the data. In response Facebook said it might be forced to pull out of Europe and strand its 410 million users if the DPC enforced a ban. 

Facebook has now challenged the order in court, winning a temporary stop. The next hearing in the case will be held in November. By then, of course, the US election will be over but the questions around data sovereignty will still be very much alive.

Will continued fraying of international agreement and co-operation on data movement mean a damaging unpicking of the current global cloud market?

 If the EU stands firm and forces a real settlement on Facebook which secures European user data, will that embolden the Chinese to strike back also. And if Facebook can find some sort of acceptable arrangement involving the utilisation of European cloud assets and US tech companies are forced to follow suit, will that be a boost to European cloud and digital service providers?