The notion of internet sovereignty is not new. China’s government has sought to censor the internet for almost two decades via its so-called “Great Firewall.” Now, even more countries and governments are attempting to place controls on the information their citizens can access. On Nov. 1, 2019, a Russian law requiring internet providers “to install special equipment that can track, filter, and reroute internet traffic” took effect. The Russian government says the law is necessary to prevent foreign cyberattacks.
The governments of China and Russia are not alone in their attempts to exert greater control over citizens’ internet activity. Other governments, including those of Cuba, Syria, Yemen, Turkey, Egypt, Iran,and Saudi Arabia, have embarked on similar endeavors, also citing the need to fight cybercrime. A recent Freedom of the Net report indicated that 89 percent of internet users are “actively monitored,” and that 36 countries have received new “information management” training from Chinese experts.
Key Takeaways for Cybersecurity and Governance Professionals
The effect of sovereign internet rules on data privacy is a developing conversation. Right now, the most glaring issue facing companies that conduct business globally is how to comply with completely different sets of data privacy laws, including GDPR and CCPA.
In China, Russia, and other sovereign internet countries, tech companies, including internet service providers, must make data about citizens available to the government. This means that any personal data flowing in or out of a sovereign internet state is essentially compromised because it is accessible by that state’s government.
Compliance and governance professionals will need to develop and train employees on multiple sets of data protection protocols and find a way to make sure that the data they share with sovereign internet countries doesn’t include personal data from citizens outside of these countries. This is more complicated than it sounds. For example, a bank with offices in the US and Russia will be hard-pressed to conduct business from its Russian office without violating US rules on data protection.
United Nations May Take Measures Against Sovereign Internet
Human rights activists condemned the bill and pleaded with Putin not to sign it. They are concerned about, among other things, the idea of a “splinternet.” In this scenario, the World Wide Web will become a fractured series of intranets within which users receive completely different versions of information. The United Nations may share activists’ concerns.
In 1948, in response to misinformation and propaganda campaigns by fascist forces, the Universal Declaration of Human Rights stated that: “people have the right to seek, receive, and impart information and ideas through any media and regardless of frontiers.”
In 2016, the United Nations affirmed this concept when it passed a resolution for the “promotion, protection and enjoyment of human rights on the internet,” highlighting the importance of an internet that is “open, accessible and nurtured.” Although the resolution is not legally binding, the UN can use it to place pressure on non-compliant countries.