Which principle describes the idea that countries may impose data handling requirements on data stored within their jurisdiction?

Data sovereignty describes the idea that data is subject to the laws of the country where it is stored, so nations can require how that data is collected, stored, processed, and shared. When data sits in a country’s data centers, that country’s regulations apply and organizations must follow rules on localization, access, retention, and cross-border transfers. This is why data localization requirements and cross-border data flow controls matter for data stored within a specific jurisdiction. Jurisdiction is the broader authority to enforce laws in general, but it doesn’t specifically capture the rule that storage location dictates how data must be handled. Export control regulations deal with restricting sensitive information from crossing borders for security reasons, not the everyday data-handling requirements tied to where data resides. BYOD is about using personal devices for work, which is unrelated to where data is stored.