GDPR has brought a new level of data protection to the European Union, but rather than replicate the regulation in the USA, Box CEO Aaron Levie wants an global agreement on privacy standards.
"What would be even better would be if globally we could all agree on some standards around data privacy, data control and control our personal information," Levie said during the Box World Tour in London.
"I think that what we've seen with the Facebook scandal with Cambridge Analytica and what we've seen with consumer properties in general is the way our information is being used and how it’s managed and who has access to it, and what advertisers have access to it, is pretty unclear with a lot of the platforms.
"And I think that the more innocuous use cases were kind of advertising targeting, but now the more severe use cases are things like elections, we need to think about what the future of our news and information distribution looks like."
Data protection has grown into a public concern since Levie cofounded the cloud storage company in 2005, due to a string of privacy scandals that was topped by the recent Cambridge Analytica data leak.
Salesforce CEO Mark Benioff has also called for a national privacy law in the US akin to GDPR in the EU, but Levie is keen on a borderless solution.
"I do think we need to be thinking about this on a global basis," he said. "I think we need to ensure that we do that for two reasons: one is ensuring we don't get lots of conflicting data privacy laws that make it really hard for a global internet to be able to persist.
"Just as we had the risk of Balkanisation of data and systems from a data residency standpoint, you wouldn't want a Balkanisation of data privacy requirements that make it really hard for global internet platforms to be able to actually adhere to the law of any given location.
"That's the first thing. And the second thing is that this has more and more just become the right for anyone using internet services to be able to revoke that data, to know exactly how it's being used, to ensure it's not going to parties that you haven't given expression for, so I think it makes complete sense that the US would adopt something similar or at least on a global basis we create more consistent standards for how we should think about privacy online."
Box announces multizone storage for Box Zones
Box will support its customers' GDPR compliance journeys with the launch of multizone storage capabilities for Box Zones. The additional support for the in-region data storage technology gives customers the chance to store their content across any of Box' existing seven zones.
The multi-zone support is designed to help enterprises decide precisely where they keep their data and collaborate on the files with any other Box users wherever they're working, and the number of zones they can choose from is set to expand.
"From a technology standpoint, we can support more and more regions over time wherever our technology partners have data centres and infrastructure, so we are sort of evolving the regional support based on the customer demand that we're seeing," said Levy. "So you can imagine that as we expand into places like South America, more broadly throughout Asia, you would see more and more data residency locations emerge."
Box Zones was launched in 2016, but the regulatory landscape has changed much since then and will continue to evolve beyond GDPR. The multi-region support can be extended to any zones that Box adds in the future, ensuring compliance with any national regulations until Levie's plans for global standards come to fruition.