Data Sovereignty

Why Trust Techopedia

What Does Data Sovereignty Mean?

Data sovereignty is the concept that information in binary form is subject to the laws of the nation-state where the data is located. For example, data stored in a cloud provider's data center in San Francisco is covered by the California Consumer Privacy Act of 2018 (CCPA) — even if the data source is located in Canada.


The geographical locations where data can legally be stored — as specified by a business, government or industry body — is called data residency. The regulations that specify how data can be collected, processed, stored or transferred within a specific nation-state are referred to as data localization laws.

As the popularity of cloud computing continues to grow, data sovereignty has become an important legal issue for businesses of all sizes. To meet privacy and data sovereignty requirements, many businesses are using end-to-end encryption and simply limiting where their encryption keys can be stored or accessed.

Techopedia Explains Data Sovereignty

Essentially, data sovereignty principles hold that there is a single authentic origin of a piece of data, which consists of the country in which that data is primarily held. However, sorting this out is easier said than done in the age of the cloud and software as a service (SaaS).

That's because these hardware abstraction architectures port data all over the place, all the time — often in real time – and that made can make it extremely hard to pinpoint the origin of the data and where it's coming from.

At the same time, one overarching need for data sovereignty research is the emergence of national proprietary privacy laws. Perhaps the most prominent example is Europe's General Data Protection Rule or GDPR, which came into play within the past couple of years.

The GDPR regulates the use of a European citizen’s private data, and data sovereignty may have a bearing on how that regulation is applied. That requires companies and other stakeholders to do various kinds of discovery to figure out who the data belongs to, and in what nation it originated.

Data sovereignty helps to sort out many complicated issues about digital assets or how to regulate the flow of information online. Theoretically, an international set of regulations would do away with many of the requirements to figure out data sovereignty for a particular data set.


Related Terms

Margaret Rouse
Senior Editor
Margaret Rouse
Senior Editor

Margaret is an award-winning technical writer and teacher known for her ability to explain complex technical subjects to a non-technical business audience. Over the past twenty years, her IT definitions have been published by Que in an encyclopedia of technology terms and cited in articles by the New York Times, Time Magazine, USA Today, ZDNet, PC Magazine, and Discovery Magazine. She joined Techopedia in 2011. Margaret's idea of a fun day is helping IT and business professionals learn to speak each other’s highly specialized languages.