{"id":49976,"date":"2023-12-06T13:43:50","date_gmt":"2023-12-06T18:43:50","guid":{"rendered":"https:\/\/www.kaspersky.com\/blog\/?post_type=emagazine&#038;p=49976"},"modified":"2023-12-08T03:23:55","modified_gmt":"2023-12-08T08:23:55","slug":"insight-story-digital-sovereignty","status":"publish","type":"emagazine","link":"https:\/\/www.kaspersky.com\/blog\/secure-futures-magazine\/insight-story-digital-sovereignty\/49976\/","title":{"rendered":"Digital sovereignty and the rise of data spaces: What does it mean for business?"},"content":{"rendered":"<p>Data. It seems businesses can\u2019t live with it \u2013 without big friction \u2013 and can\u2019t live without it. <a href=\"https:\/\/www.kaspersky.com\/blog\/secure-futures-magazine\/data-new-toxic-waste\/34184\/\" target=\"_blank\" rel=\"noopener nofollow\">Cory Doctorow wrote for Secure Futures in 2020<\/a> that data \u2013 rather than being the \u2018new oil\u2019 \u2013 can fast become toxic waste, without due attention to minimization and proper management.<\/p>\n<p>Now data fuels almost every business, it\u2019s critical leaders understand the next evolution of data regulation \u2013 digital sovereignty \u2013 and how it applies to their work. It\u2019s not just about complying with the law, but an opportunity for competitive advantage with the bonus of enhancing customer trust.<\/p>\n<p>In our podcast Insight Story, experts Ben Farrand (UK,) Professor in Law and Emerging Technologies at Newcastle University and Sille Sepp (Finland,) Director of Operations at MyData Global, explore how business can do better in an increasingly interconnected world. Dr. Amin Hasbini of Kaspersky\u2019s Global Research and Analysis Team talks about the role of transparency in digital sovereignty, and why sharing intelligence makes good business sense.<\/p>\n<p><iframe style=\"border: none;min-width: min(100%, 430px);height: 300px\" height=\"300\" scrolling=\"no\" src=\"https:\/\/www.podbean.com\/player-v2\/?i=pzx4d-151c103-pb&amp;from=pb6admin&amp;pbad=0&amp;square=1&amp;share=1&amp;download=1&amp;rtl=0&amp;fonts=Arial&amp;skin=1b1b1b&amp;font-color=auto&amp;logo_link=episode_page&amp;btn-skin=2baf9e&amp;size=300\" width=\"100%\"><\/iframe><\/p>\n<h2>What is digital sovereignty, and what does it mean for business?<\/h2>\n<p>Ben says, \u201cDigital sovereignty is about geopolitics. We\u2019re seeing increasing tensions between states and concern over the power of big market players like Google, Amazon and Facebook in the US and Chinese companies like Baidu, Alibaba and Tencent. When data moves between countries, there may be detrimental impacts from geopolitics and national regimes, regulations or policies.\u201d<\/p>\n<p>Against this backdrop, the EU introduced its General Data Protection Regulation (GDPR) in 2016, providing that identifying, personal or sensitive data about EU citizens kept anywhere in the world is governed by EU law.<\/p>\n<p>GDPR and digital sovereignty more broadly mean companies must think about the legal implications of their cross-border interactions.<\/p>\n<div id=\"attachment_49981\" style=\"width: 193px\" class=\"wp-caption aligncenter\"><img decoding=\"async\" aria-describedby=\"caption-attachment-49981\" class=\"size-full wp-image-49981\" src=\"https:\/\/media.kasperskydaily.com\/wp-content\/uploads\/sites\/92\/2023\/12\/05054040\/ben_farrand-1.jpg\" alt=\"\" width=\"183\" height=\"182\"><p id=\"caption-attachment-49981\" class=\"wp-caption-text\">Ben Farrand, Professor in Law and Emerging Technologies, Newcastle University<\/p><\/div>\n<p>Ben recommends firms wanting to trade more internationally have people dedicated to data security and digital sovereignty. \u201cCompanies handling EU citizens\u2019 personal data need someone aware of how to comply with GDPR\u2019s requirements. In the EU and UK, they\u2019re often called data protection officers. They must know data security protocols, and how data can and can\u2019t be used.\u201d<\/p>\n<h2>Can state concerns and business interests align?<\/h2>\n<p>Businesses often don\u2019t have the same priorities as nations. Is digital sovereignty making it harder to trade internationally?<\/p>\n<p>Ben says, \u201cDigital sovereignty covers the whole supply chain from raw materials to cybersecurity services. For example, when <a href=\"https:\/\/www.drive.com.au\/news\/german-car-factory-shut-down-until-2022-amid-chip-shortage\/\" target=\"_blank\" rel=\"noopener nofollow\">supply chains for semiconductors collapsed during the pandemic, shutting some car manufacturers<\/a>, the EU, China and the US started seeking more control of resources.\u201d<\/p>\n<p>But he questions the merit of attempts at strategic autonomy in today\u2019s world.<\/p>\n<blockquote><p>Interdependence is the nature of 21st-century life. No matter how much desire for increased control and demonstrating countries\u2019 sovereignty, supply chains are global, making cooperation essential.<\/p>\n<cite><p>Ben Farrand, Professor in Law and Emerging Technologies at Newcastle University<\/p><\/cite><\/blockquote>\n<h2>Getting ahead of compliance with data ethics<\/h2>\n<p>Digital sovereignty is on the radar for many businesses, but those who go the extra mile to do the right thing, rather than simply comply, may see advantages.<\/p>\n<p>Ben says, \u201cWe\u2019ll see both <a href=\"https:\/\/en.wikipedia.org\/wiki\/Carrot_and_stick\" target=\"_blank\" rel=\"noopener nofollow\">\u2018stick\u2019 and \u2018carrot\u2019 regulation.<\/a> There\u2019s much legislation about investment, like the US <a href=\"https:\/\/www.mckinsey.com\/industries\/public-sector\/our-insights\/the-chips-and-science-act-heres-whats-in-it\" target=\"_blank\" rel=\"noopener nofollow\">CHIPS and Science Act<\/a>, around how companies can cooperate and seek funding to diversify supply chains, for improving trade relations with third parties in ways that build resilience.\u201d<\/p>\n<p>Businesses should also note a growing focus on regulating social media platforms, given its role in communicating with customers.<\/p>\n<p>\u201c<a href=\"https:\/\/www.theverge.com\/23845672\/eu-digital-services-act-explained\" target=\"_blank\" rel=\"noopener nofollow\">The EU recently passed the Digital Services Act<\/a>. It applies to content on social media platforms and search engines that may be illegal in member states, such as hate speech or trade in prohibited goods,\u201d says Ben.<\/p>\n<p>The legislation isn\u2019t concerned with individual instances of illegal content but requires social media platforms and search engines to have transparency, accountability and oversight systems.<\/p>\n<p>Ben sees benefits for business. \u201cCompanies don\u2019t want to be associated with illegal or immoral things. They already manage this by pulling advertising or moving over to other platforms. Digital sovereignty isn\u2019t just coming from regulation, but market-based decisions.\u201d<\/p>\n<h2>AI and digital sovereignty<\/h2>\n<p>The explosion of AI systems has made it even more important that organizations are clear on data ownership.<\/p>\n<p>Ben sees regulation in this field coming soon. \u201cThe EU is talking about regulating high-risk systems because they believe AI shouldn\u2019t be doing some things.\u201d<\/p>\n<p>And it\u2019s not just the EU. \u201cAt the <a href=\"https:\/\/www.gov.uk\/government\/publications\/ai-safety-summit-introduction\" target=\"_blank\" rel=\"noopener nofollow\">AI Safety Summit<\/a> hosted by UK Prime Minister Rishi Sunak in November 2023, there was an agreement between the <a href=\"https:\/\/www.theguardian.com\/world\/2023\/nov\/03\/first-edition-ai-safety-summit-rishi-sunak-elon-musk\" target=\"_blank\" rel=\"noopener nofollow\">EU, US, China and others to take a united approach in managing high-risk systems<\/a>.\u201d<\/p>\n<p>Again, there are business opportunities. \u201cNew technologies arise from regulation like the \u2018<a href=\"https:\/\/www.sciencedirect.com\/science\/article\/pii\/S0167404821002261\" target=\"_blank\" rel=\"noopener nofollow\">federated computing<\/a>\u2018 approach, where you train AI on data sets remotely then communicate only the outcomes centrally, minimizing data privacy risks,\u201d explains Ben.<\/p>\n<h2>Making space for data security and data power<\/h2>\n<p>All businesses want to use their data better for innovation and growth. But it may be challenging to do so securely, fairly and in ways customers trust. Data spaces are one tool for addressing safe and <a href=\"https:\/\/www.kaspersky.com\/blog\/secure-futures-magazine\/technology-data-ethicist\/46328\/\" target=\"_blank\" rel=\"noopener nofollow\">ethical data use<\/a> while leveraging its power for better business.<\/p>\n<div id=\"attachment_49982\" style=\"width: 310px\" class=\"wp-caption aligncenter\"><img decoding=\"async\" aria-describedby=\"caption-attachment-49982\" class=\"wp-image-49982 size-medium\" src=\"https:\/\/media.kasperskydaily.com\/wp-content\/uploads\/sites\/92\/2023\/12\/05054310\/Sille_Sepp-300x300.jpg\" alt=\"\" width=\"300\" height=\"300\"><p id=\"caption-attachment-49982\" class=\"wp-caption-text\">Sille Sepp, Director of Operations, MyData Global<\/p><\/div>\n<p>Sille Sepp is Director of Operations at human-centered data non-profit MyDataGlobal. She explains data spaces: \u201cThey\u2019re a systemic approach to increasing trust and sovereignty in sharing and using data across organizations and sectors. It\u2019s not just technological infrastructure but includes business, legal and operational layers for trustworthy data sharing.\u201d Examples include the <a href=\"https:\/\/smart-connected.nl\/nl\" target=\"_blank\" rel=\"noopener nofollow\">Smart Connected Supplier Network<\/a> for manufacturing supply chains and <a href=\"https:\/\/catena-x.net\/en\/\" target=\"_blank\" rel=\"noopener nofollow\">Catena-X<\/a> for automotive supply chains.<\/p>\n<p>MyData is involved in a cross-data space project, <a href=\"https:\/\/dssc.eu\/\" target=\"_blank\" rel=\"noopener nofollow\">Data Spaces Support Center<\/a>, and preparing for the <a href=\"https:\/\/www.skillsdataspace.eu\/\" target=\"_blank\" rel=\"noopener nofollow\">Data Space for Skills<\/a>. Businesses can join projects as a data provider, data user or enabling service, or look at creating their own data space with collaborators.<\/p>\n<p>Sille recommends how to start: \u201cAs a partner in the Data Spaces Support Center, I recommend exploring the website, the repositories of initiatives and the contributing partners. Associations like <a href=\"https:\/\/internationaldataspaces.org\/we\/\" target=\"_blank\" rel=\"noopener nofollow\">International Data Spaces<\/a>, <a href=\"https:\/\/gaia-x.eu\/\" target=\"_blank\" rel=\"noopener nofollow\">Gaia-X<\/a> and <a href=\"https:\/\/www.fiware.org\/\" target=\"_blank\" rel=\"noopener nofollow\">FIWARE<\/a> have long mapped data space work.\u201d<\/p>\n<p>Data spaces go beyond EU-based businesses. \u201cMany initiatives collaborate with international partners and look at business cases that will bring global benefits,\u201d says Sille.<\/p>\n<p>Sille highlights the need to put customer control of their data at the heart of developing data spaces. \u201cWhen developing design principles and architecture for data spaces, we must embed human-centric principles. There are ways to empower people through design choices. Businesses can get involved as enabling services \u2013 intermediaries that serve the interests of individuals, managing permissions and returning value to them.\u201d<\/p>\n<h2>Transparency\u2019s role in digital sovereignty<\/h2>\n<p>Dr. Amin Hasbini of Kaspersky\u2019s Global Research and Analysis Team explains how tech businesses can use transparency centers to uphold different states\u2019 digital sovereignty worldwide. \u201cDigital sovereignty means companies, especially multinationals operating in digital, need tools that comply with regulation in countries where they operate. As an example, Kaspersky operates <a href=\"https:\/\/www.kaspersky.com\/transparency-center\" target=\"_blank\" rel=\"noopener nofollow\">transparency centers<\/a> in several countries. These let entities check code to ensure it complies with their laws.\u201d<\/p>\n<p>But he thinks international firms can go further in building regulators\u2019 trust.<\/p>\n<blockquote><p>Cooperation is the way to go. We start by sharing intelligence about recent attacks in the region. This brings discussions into a better place.<\/p>\n<cite><p>Dr. Amin Hasbini, Global Research and Analysis Team, Kaspersky<\/p><\/cite><\/blockquote>\n<p>Sharing also benefits the industry as a whole. \u201cWe publish many of our <a href=\"https:\/\/securelist.com\/\" target=\"_blank\" rel=\"noopener\">threat intelligence findings<\/a>, which means better threat visibility for everyone. The cybersecurity community can build on our findings,\u201d says Amin.<\/p>\n<h2>Taking the first steps into digital sovereignty<\/h2>\n<p>Ben advises businesses to consider the basics as they start exploring digital sovereignty. \u201cWhat data are you collecting and where does it go? Once you know that, you can think through the implications: Security provisions you may need to protect data within your company and outside. Think first about why you need this data, and that will help you define every step of the process.\u201d<\/p>\n<p>Let\u2019s be super clear: Digital sovereignty, like all matters of global trade, is complex. It\u2019s not an off-the-shelf charter or compliance checklist. Enterprises should grasp the opportunity now to get involved with data spaces and other cooperation projects to shape the new international standards for data.<\/p>\n<p>Digital sovereignty regulation will only grow \u2013 particularly around the use of AI. Businesses should think through how they use data and what security should be in place to safeguard it. Digital sovereignty also presents opportunities for better business, such as through data spaces and transparency initiatives.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Digital sovereignty has shaped how businesses use data for many years, and with AI and data spaces proliferating, its influence will grow.<\/p>\n","protected":false},"author":2521,"featured_media":49978,"template":"","coauthors":[3452],"class_list":{"0":"post-49976","1":"emagazine","2":"type-emagazine","3":"status-publish","4":"has-post-thumbnail","6":"emagazine-category-data-and-privacy","7":"emagazine-tag-audio","8":"emagazine-tag-insight-story","9":"emagazine-tag-podcast"},"hreflang":[{"hreflang":"x-default","url":"https:\/\/www.kaspersky.com\/blog\/secure-futures-magazine\/insight-story-digital-sovereignty\/49976\/"},{"hreflang":"en-us","url":"https:\/\/usa.kaspersky.com\/blog\/secure-futures-magazine\/insight-story-digital-sovereignty\/29474\/"}],"acf":[],"_links":{"self":[{"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/emagazine\/49976","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/emagazine"}],"about":[{"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/types\/emagazine"}],"author":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/users\/2521"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/media\/49978"}],"wp:attachment":[{"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/media?parent=49976"}],"wp:term":[{"taxonomy":"author","embeddable":true,"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/coauthors?post=49976"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}