The physical location of your data still matters now, but it’s about to become a lot less important

Think back to 2010 and 2011. What were the big trends? We were just about getting started with big data and there was still quite a lot of excitement about Google launching a social play but the thing really making headlines was location, location, location. If everyone used location-based services, the thinking seemed to go, people would automatically go where their friends were and businesses would be guaranteed to benefit from it. Small wonder then that Wired UK crowned Foursquare founder Dennis Crowley the “new king of social” in 2010.

Fast forward to 2014 and Foursquare has reinvented itself so many times it’s hard to keep count and other services, such as Gowalla ended up closing their doors. So does location-based data still count for anything?

The answer, it seems, is: yes but that’s likely to change drastically in the near future. The reason all those social networks hoping to take advantage of location-based data have had to change so much, or have disappeared off the radar is that the data has pretty much become ubiquitous.

As more and more people become aware of the implications that companies having access to their location data though, other concerns will start to be raised. Tech research house Gartner for instance, reckons that physical location be replaced by a combination of legal location, political location and logical location in terms of importance.

If you’re unsure exactly what Gartner means by those terms, here’s a glossary:

Legal location: According to Gartner, many IT professionals are not aware of the concept of legal location. The legal location is determined by the legal entity that controls the data (the organisation). There could be another legal entity that processes the data on behalf of the first entity (such as an IT service provider) and a third legal entity that supports the second one in that endeavour (possibly a captive data centre in India).

“Statements like ‘it’s illegal to store such data outside the country’ are often interpretations of legal language that is far less clear,” says Gartner research vice president Carsten Casper “Each organisation must decide whether they accept those interpretations.”

Political location: Considerations such as law enforcement access requests, use of inexpensive labour in other countries that puts local jobs at risk or questions of international political balance are more important for public sector entities, nongovernmental organisations (NGOs), companies that serve millions of consumers or those whose reputation is already tainted.

“Unless you fall into one of these categories, you can discount media reports on data residency concerns,” Casper says. “While public outrage is still high about data storage abroad, there is little evidence that consumers really change their buying behaviour.”

Logical location: This is emerging as the most likely solution for international data processing arrangements and is determined by who has access to the data. For example, a German company signs a contract with the Irish subsidiary of a US cloud provider, fully aware that a backup of all data is physically stored in a data centre in India. While the legal location of the provider would be Ireland, the political location would be the US and the physical location would be India, logically, all data could still be in Germany.

“The number of data residency and data sovereignty discussions had soared in the past 12 months, stalling technology innovation in many organisations,” says Casper. Originally triggered by the dominance of US providers on the Internet and the Patriot Act, the perceived conflict was then fuelled by revelations of unexpected surveillance by the National Security Agency (NSA) made public by Edward Snowden.

“IT leaders find themselves entangled in data residency discussions on different levels and with various stakeholders such as legal advisors, customers, regulatory authorities, employee representatives, business management, and the public,” Casper reckons. “Business leaders must make the decision and accept the residual risk, balancing different types of risk: ongoing legal uncertainty, fines or public outrage, employee dissatisfaction or losing market share due to a lack of innovation, or overspending on redundant or outdated IT.”

While it’s clear that revelations of the kind made by Edward Snowden have evidently affected businesses, it is slightly worrying that the vast majority of the advice concerns how companies can keep themselves safe rather than their employees.

It is nonetheless interesting to see how we’ll view data in the future. Given the way things are going, it’s also not implausible to think that a startup with good legal grounding could use these different data location standards to ensure that the only people who see data around your physical location are the ones you want to see it.