Originally, before the ubiquitous use of networks and the internet, hardware abstraction, virtualization, the explosion in cloud computing, and globalization of tech companies, data protection was relatively easy, and a large portion of the Data Protection was accomplished through Physical Security. These original concepts of Data Protection were greatly expanded to cover Securability. Although this was an improvement in protecting data from the perspective of the corporation, there was little protection for the end-user (i.e., consumer) from the corporations. Figure 1 represents the widespread nature of Geographic Jurisdiction Data Governance. Fortunately, most of the tech areas such as Cloud Computing, Artificial Intelligence and Big Data have already made adaptations for Geographic Jurisdiction Data Governance especially since it has been mandated by International and National Governance and Regulation such as General Data Protection Regulation (GDPR), Data Protection Act 2018, and California Consumer Privacy Act (CCPA).
Unfortunately, most distributed computing platforms (i.e., DIDOs) have done little to address Geographic Jurisdiction Data Governance even while the amount of governance and regulation has increased and become relatively mainstream internationally. Some of the 90+ Countries and their various laws are described in detail on the InCountry website3). The InCountry team is constantly updating the site with new regulations and more countries, The following list represents some of the major non-USA countires:
There are three main categories of Geographic Jurisdiction Data Governance: Data Residency, Data Sovereignty and Data Localization. Usually, these concepts are applied strictly to data storage with an increased burden to store the data in the jurisdiction where the data is created. Basically, it represents the Data-at-Rest data state, see: section 2.3.4.2 State of Data Taxonomy.
The main emphasis of Julian Box's article is on Cloud Computing7), however, many of the concerns and issues he raises are pertinent to Distributed Computing since the data within the distributed solution potentially can reside anywhere, especially with a Permissionless Network.
He suggests as a starting point for Cloud Computing, try applying the distinctions between Data Residency, Data Sovereignty and Data Localization to the following questions about your distributed system:
[char][✓ char, 2022-03-22]New Section -- review