The Digital Age: Navigating cross border data flows
Estimated reading time: 4 minutes
In his opening speech during MyDigital Corporation’s and Huawei Malaysia’s hybrid webinar title, Digital Age: Embracing Technology, Preserving Data Sovereignty, MyDIGITAL CEO Fabian Bigar said, “As the economy moves forward, businesses and government services are now shifting to digital and online models.”
This is reflected by the introduction of MyDigital and the Digital Economy Blueprint in 2021, which outlines via strategic thrusts, objectives, and initiatives, how every sector in the country shall leverage digital tools, technologies and digital infrastructure to participate in the digital economy.
He also shared that the notion of data sovereignty in Malaysia is reflected in existing policy frameworks like the Communications and Multimedia Act of 1998, the National Cybersecurity Policy of 2006, and Personal Data Protection Act 2010 (which is to be revised by 2025 so as to remain relevant).
“Collectively, these frameworks protect personal data but at same time ensure security, reliability and resilience, although there are still gaps to be bridged in data policy which is important for the country to progress forward.
Fabian also set the tone for the panel discussion which followed, by introducing the notion of data sovereignty and the need for the country to classify which data can, or cannot be hosted outside of the country.
Data makes the world go round – but what is data sovereignty?
Data collection and data sharing are important for activities like medical research, monitoring vaccinations, and business transactions and much, much more.
Data flows are increasing, and especially across borders as businesses want to be able to explore opportunities outside of their own countries.
Personal data and sensitive data leakage however, is a risk.
Now, there are rules and guidelines which an organisation, a country and an individual need to set to clarify the rules, so that the future is secure.
Huawei’s Director of Industry Ecosystem Engagements in APAC, Konesh Kochal, said, “What happens in the digital space is our identities, our interactions, our experiences, are presented in the shape of data points. Data points are stored in a particular location which are located in a particular country.
“There are laws and regulations which govern the storage of these data points. Once these data points need to be transferred from point A to point B, there are another set of rules and regulations to be followed.
“Thirdly, once they reach they are applications they are intended for, the data is processed. Again that goes through another set of control mechanisms and regulations.”
So the phenomena of storing, transferring and processing these data points, the rules that need to be followed in order to adhere to these processes, are data sovereignty in my opinion.
Technologies like cloud computing are providing efficient platforms where many applications can be replicated in a timely and scalable manner, in order to utiilise these data points, Konesh said.
Now, there are rules and guidelines which an organisation, a country and an individual need to set to clarify the rules, so that the future is secure.
Facilitating data flows for secure service and technology delivery
The panel discussion organised by MyDigital Corporation, Huawei Malaysia, and the Institute of Strategic and International Studies (ISIS) Malaysia, were joined by industry experts from Telekom Malaysia, MAMPU, MCMC, and MPRC.
MCMC’s Chief Technology and Innovation Officer, Shamsul Izhan, pointed out that technology and tools are imperative but they are only part of the whole equation of services delivery to citizens and businesses.
Puan Nur Hidayah bin Abdullah, an ICT consultant from MAMPU shared that since August 2021, a circular had been released by the Pejabat Ketua Pegawai Keselamatan Malaysia (CGSO), that emphasised for government agencies to take into account the level of classification of their data, before migrating the data to the cloud.
“The delivery of tech and tools will be hampered if data is not available due to (restrictive) data sovereignty. So, we have to be in a facilitator mode.”
Cybersecurity and data privacy is important, a concept that is reflected in data sovereignty laws in over 100 countries today.
But, there are no clear regulations on how data that crosses borders (if they can at all) should be treated and managed.
Perhaps, the first step lies in how efficiently and effectively data can be classified. This has to be collectively addressed by an audience that is larger and more inclusive.
Puan Nur Hidayah bin Abdullah, an ICT consultant from MAMPU shared that since August 2021, a circular had been released by the Pejabat Ketua Pegawai Keselamatan Malaysia (CGSO), that emphasised for government agencies to take into account the level of classification of their data, before migrating the data to the cloud.