User:Dianavimega/sandbox

Data Localization

Data localization refers to the set of laws enacted by a state or country that requires foreign companies to store citizens’ data within its borders. This means that data of the specific nation’s citizens has to be collected, processed, and stored inside the country, before being transferred internationally, and transferred only after meeting local privacy or data protection laws. Such regulations impact email communication, personal records, and social media services. Data localization derives from the concept of data sovereignty which requires that records about a nation's citizens or residents follow its personal or financial data processing laws, however, data localization goes a step further and requires that initial collection, processing, and storage of data occur first within the national boundaries of the particular country enacting the law. For example, Russia, China, Indonesia, and others have enacted economy-wide localization policies that require data to be stored on servers within their respective borders, while other countries, such as Australia, Germany, South Korea, and Venezuela, have enacted industry-specific laws that require certain financial, health and medical information, online publishing, and telecommunications data collected from their citizens to be stored on local servers.

In terms of localizing an internet-based product and/or service, data localization is a key factor to consider when drafting a localization strategy. Localizing into a country with data localization policies will imply larger IT investment and stringent security measures for data related to business operations.

Data Localization Policies Around the World Currently, there are at least 34 different countries with data localization policies, with China featuring a dozen of them, plus major countries, such as Russia, Indonesia, and Vietnam.

To see a list of data localization measures around the world, see the Technology Industry Council’s Snapshot of Data Localization Measures The aforementioned document captures most of the world’s data-localization policies. The entries with icons show where countries have enacted and implemented data localization policies targeting specific types of data. Other entries cover cases where countries have proposed, but not enacted, data localization policies or provide context for data-related policies, such as in the European Union. The list shows that data localization comes in many forms: while some countries enact blanket bans on data transfers, many are sector specific, and others target specific processes or services. One of the basic problems for companies complying with data localization laws is the difficulty in determining which categories of data need to be locally stored and which can be moved abroad.

Future of Data Localization

For the detractors of data localization, adding restrictions on how and where data is stored or transferred, poses a fundamental threat to the free flow of information across borders and the maintenance of global supply chains. As cross-border trade increasingly moves towards e-commerce and relies on the use of internet technologies such as cloud computing and big data, data localization policies pose a major threat to the economy and businesses’ bottom line. In addition, privacy and security suffer as companies are forced to store data in a way that is not the most efficient or effective and in most cases data security results affected, which is often the officially stated purpose of this type of measure.

The reality is that data localization laws are here to stay. As companies invest in compliance and governments without these laws see the short-term benefits that accrue to the localizing government in the form of increased access to data and a boost to the local economy, more nations may want to get in the localization game.

References:

ITIF.org https://itif.org/publications/2017/05/01/cross-border-data-flows-where-are-barriers-and-what-do-they-cost

ITIC.org https://www.itic.org/policy/forced-localization/data-localization

IAPP.org https://iapp.org/news/a/is-the-gdpr-a-data-localization-law/

Americanbar.org https://www.americanbar.org/content/dam/aba/publications/antitrust_magazine/anti_fall2017_cohen.authcheckdam.pdf