News Coverage

Virtual Sovereignty: A New Legal Framework for Global Data Protection

It’s no secret that the global regulatory regime governing our data isn’t working.

On the one hand, for example, we have governments that seek—and sometimes desperately need—access to our data.

On the other hand, we have global technology companies that collect and store our data. These companies, like the internet itself, oftentimes transcend institutional and geographic borders. It’s this tension that has led to increasing conflict between tech companies and governments around the world.

And in the middle of this conflict, of course, are consumers and citizens like us, who want safety, security and privacy. And we want to maintain trust in all the institutions charged with keeping our data safe, both public and private.

Some think that’s too much to ask. But Craig Mundie and I, writing in today’s Financial Times, argue otherwise. In our piece, we advocate a concept we call “virtual sovereignty,” which would decouple geographical location from legal jurisdiction when it comes to our data.

Under our framework, governments wouldn’t have access to data based on where it happens to be stored (this is pretty much the way it works now). In a cloud-based world, where data can be transferred back and forth between global data centers at the speed of light, the old, location-based approach to applying laws just doesn’t make much sense.

Instead, we argue that the location data is generated in or accessed should determine what laws apply to that data—no matter where that data is located (and even if it’s stored in multiple locations). This would inject some sense, and some simplicity, into the way governments access our data, and into the way that tech companies protect that very same data.

Craig spent years at Microsoft, and now counsels some of the top CEO’s around the world on technology issues, and it was a ton of fun to work with him on this idea.

Combining deep technological expertise with innovative legal thinking is what we’re all about at Immuta. And given all the issues faced by regulators and tech companies, there’s clearly lots more work to be done.

The piece is available here: