top of page
Search

Location Matters: Understanding Data Sovereignty and Residency in Commercial RDM SaaS for Global Research

  • Writer: Quenifer Lung
    Quenifer Lung
  • 11 minutes ago
  • 4 min read

Research teams operating across jurisdictional or national boundaries must address data location governance issues because globalization demands better management of research data residence.


When institutions select commercial Research Data Management (RDM) Software-as-a-Service (SaaS) platforms for collaboration support, data sharing, and storage they face increasing legal and ethical and strategic challenges regarding data residency and sovereignty. Projects dealing with sensitive information such as personal health records, Indigenous data, or confidential industry partnerships must consider physical storage locations and legal consequences because these determine their compliance with regulatory standards, institutional ethical responsibilities, and participant trust.


Data residency represents the geographical area where organizations store their data and conduct its processing and analytical activities. The legal control that jurisdictions maintain over their territorial data constitutes data sovereignty. Research data management becomes complicated because data travels internationally but remains subject to the regulations of its country or origin. Canadian researchers who collaborate with European partners need to demonstrate data management practices that fulfill both PIPEDA and Canadian Tri-Agency RDM Policy requirements as well as the European Union’s GDPR standards. The requirements for protecting Canadian data must also be respected by collaborators operating outside Canada when they store or conduct analyses on data involving Canadian research participants or institutions. Similar requirements apply in the US.


Commercial RDM SaaS providers deliver their services through global cloud infrastructure providers such as Amazon Web Services, Microsoft Azure, and Google Cloud. These providers provide comprehensive infrastructure services globally but they are not responsible for how researchers handle their data or comply with jurisdictional legal frameworks. Some data platforms store research information on servers that traverse multiple countries yet this practice might unintentionally reveal data to legal jurisdictions with monitoring capabilities. Institutions could face potential noncompliance issues when they lack specific guarantees about data residency or hosting locations which may breach agreements with sponsors along with ethical approval bodies and funding authorities who need data to stay within certain borders. Study termination and funding loss as well as legal consequences become possible when noncompliance occurs - not to mention the reputational damage that could result.


Data residency functions beyond being a technical preference because it has become an essential requirement that numerous research institutions need to meet particularly when working with sensitive populations and national health systems or with data protected by international agreements. Institutions must now select research data management platforms that enable them to determine their data storage locations and verify their compliance with data sovereignty regulations. More importantly, these RDM tools must facilitate cross-jurisdictional collaboration while enforcing role-based access controls to ensure no data loss or breaches. 


Institutions need to answer various questions related to research methodology and data access requirements including: Where and how is the data captured? Where will it be stored? Who needs access to it? Who maintains legal authority over this data? Can we confirm that third-party vendors will not relocate our data across borders except through explicit permission? The ability to safely move data independently should only be available when research methodology permits and likely after data anonymization has taken place.


myLaminin addresses these needs in a number of ways. As a blockchain-powered research data management solution myLaminin delivers complete institutional governance and control of data storage locations and data integrity. myLaminin supports both cloud and on-prem data storage options allowing institutions and researchers to maintain complete control over their data. myLaminin’s collaboration features allow for a robust role-based access control over the research data repository regardless of the physical location of the research team member.


Additionally, myLaminin maintains a robust audit trail of all actions undertaken on the research project and the research data store by all research team members - regardless of role. Every system access, change, or share action registers an authenticated timestamped entry which records the user, action, object, date, and time. myLaminin also provides the Principal Investigator and his/her Research Administrator access to a recycle bin where any files inadvertently or maliciously deleted can be retrieved.


And because myLaminin is blockchain-enabled, the audit trail is a secure and irrefutable log of all actions which is searchable, filterable, and sortable. Institutions can prove data residency compliance and ethics board requirements even in cross-border data sharing circumstances. The system gives participants peace of mind through its guarantee that their information receives proper care under the correct legal framework. These capabilities represent essential requirements for multinational research consortia because trust and transparency demand them.


The capability to restrict data residency together with collaboration enforcement tools enables institutions to build research infrastructure that will stand the test of time and have the ability to adapt to different research needs. The ability of platforms like myLaminin allows institutions to modify their data strategies in response to evolving international laws and data localization regulations without needing to relocate their data or start new access arrangements. The ability to adapt proves essential for maintaining projects which need extended data preservation because of their nature such as health data and environmental datasets and/or research involving Indigenous data sovereignty.


The pursuit of global collaboration should never compromise national compliance or institutional autonomy. Modern commercial RDM SaaS platforms need to be able to support inter-disciplinary, and cross-jurisdictional collaboration as well as compliance with regulatory standards. Data residency and compliance frameworks should form the core elements of research infrastructure to address data sovereignty, security, and usability requirements.


Scientific research data collaboration across borders at high speed requires platforms like myLaminin to establish new standards for data stewardship which is responsible, legally sound, and flexible.

__________________________________


Quenifer Lung (article author) is University of Western Ontario Honours Business & Globalization student and myLaminin intern as part of the University's WMA program.



Image by Andrew Neel
bottom of page