Data Localization:
A global threat to free internet
The internet was born on January 1 1983 and that changed our world in unimaginable ways. Before internet, computers had no direct way of communicating with each other but the internet brought the world closer, helped in research, trade and democratizing information.
As a proof of its immense utility, leading to rapid facilitation of internet services, internet users have increased manifold over the years.
Today, internet is a human right and cutting access to internet for long periods of time is considered as violation of the freedom of expression
Data Localization, the practice of requiring data to be stored and processed within a particular country's borders, threatens the internet and its value!
Data localization:
1. Increases Costs: A study by the European Centre for International Political Economy found that data localization measures in the European Union could cost businesses up to €8 billion per year. These costs would likely be passed on to consumers, resulting in higher prices for goods and services.
2. Takes away jobs: According to a report by the Information Technology and Innovation Foundation, data localization measures in the United States could result in a 1.1% decrease in GDP and a loss of 54,000 jobs in the technology sector. McKinsey report says that 86 percent of tech-based startups had at least one cross-border activity.
3. Leads to a fractured internet: A fractured internet refers to the idea that the internet, which was originally designed as a global and open network, is becoming increasingly fragmented and divided along national or regional lines. This fragmentation is being driven by various factors such as data localization laws, censorship, and other forms of government regulation. The consequences of a fractured internet include limits to cross-border communication, limit innovation and freedom of expression.
How does Data Localization work and why is it there if it causes so many problems?
About Data Storage
The everyday data that we release online, like photo uploads on drive, internet searches and What's App messages are all stored in hardware in data centers.
Photo by Taylor Vick on Unsplash
Photo by Taylor Vick on Unsplash
This data can then be retrieved by (authorized) users through the internet from anywhere in the world. This means that irrespective of the location of data centers, users from anywhere can retrieve the data.
Data centers are huge and costly. Meta has data centers covering 34.2 million square feet in total and they have invested $16 billion so far in building these data centers in the US.
Data localization became more popular after Snowden Revelations
Because of Silicon Valley being the seat of technological giant corporations, US houses the most number of data centers in world. This means that most of the world's data is within US borders.
Some countries like China and Russia (among a few others) were nervous about sharing their citizens' data with the US. Also, these governments wanted access to their country's citizens' data, and it was very difficult to do so if the data was housed in US borders.
However, when Snowden revelations leaked in June 2013, telling the world about the NSA's surveillance capabilities and unethical conduct with private data, other countries, including US allies felt their data was unsafe within US borders.
Today several countries have restricted data access and passed data localization laws
The term data localization implies that countries mandate some or all of their citizens' data be stored within their national borders such that individuals outside the country don't have access to the data generated within the country. This can lead to a fractured internet, decreased international trade, global shrinking of GDP and an impediment to cross-border collaboration.
Data localization laws
Partial data localization laws refer to laws or regulations that require only certain types of data to be stored or processed within a particular country's borders, rather than all data. For example, a country may require that sensitive personal data, such as financial information or health records, be stored locally to protect user privacy and security, while allowing other types of data to be stored overseas.
Of the countries, following partial data localization, many follow EU's General Data Protection Regulation (GDPR) or have national laws based on GDPR principles. The GDPR does not allow transfer/processing of EU data in countries classified deemed unsafe for upholding data privacy.
More strict data localization laws are laws or regulations that require all or a significant portion of data generated or collected within a particular country to be stored and processed within that country's borders. These laws may also require companies to use local data centers or to partner with local companies in order to comply with the regulations.
The data localization laws in Russia and China are examples of strict data localization laws. In Russia, the "On Personal Data" law requires that personal data of Russian citizens must be stored on servers physically located within Russia. In China, the "Cybersecurity Law" requires that "critical information infrastructure operators" store personal information and other important data within China. Because of these laws, despite China being a huge market, big companies like Facebook refuse to conduct business in China under the strict cybersecurity laws.
Today, 64 countries have some form of data restriction
Data localization threatens to decrease global GDP since e-commerce share of international trade was 12% (McKinsey, 2016) and is projected to increase.
Government control of data
Data localization laws are often implemented in the name of national security or data sovereignty, and are intended to give governments greater control over data and to protect against foreign surveillance and data breaches. However, these laws can have negative implications for privacy, security, and economic growth, as they can make it more difficult for businesses to operate across borders and to provide online services to users in other countries.
So what should countries do?
You should have a say
Unfortunately, data localization is hardly an election topic in most countries, including countries where data localization is in place.
So learn more about it and advocate for change:
1. Learn about data free flows with trust - an actionable guide by the world economic forum
2. The G20 insights on data free flow and data restriction.
3. Join a community that advocates for digital rights.
Please and learn and share about this so that more of your fellow citizens can be part of the conversation where they decide how your data should be stored!
References
Hill, J. (2014, May 1). The Growth of Data Localization Post-Snowden: Analysis and Recommendations for U.S. Policymakers and Business Leaders. The Hague Institute for Global Justice, Conference on the Future of Cyber Governance, 2014. The Growth of Data Localization Post-Snowden: Analysis and Recommendations for U.S. Policymakers and Business Leaders by Jonah Hill :: SSRN .
Kathuria, R., Kedia, M., Varma, G. and Bagchi, K. (2019, December 11). Economic Implications of Cross-Border Data Flows.Think Asia. https://think
asia.org/handle/11540/11375?show=full .
Castro, D.A. (2015, February 24). Cross-Border Data Flows Enable Growth in All Industries. Itif.org. https://itif.org/publications/2015/02/24/cross-border-data-flows-enable-growth all-industries.
Institute of International Finance (IIF). (2020, December). Data Localization: Costs, Trade-offs and Impacts Across the Economy.
https://www.iif.com/Portals/0/Files/content/Innovation/12_22_2020_data_localization.pdf.
Sharma, U., & Burma, A. (2021, April 4). How would data localization benefit India? Carnegie India. https://carnegieindia.org/2021/04/14/how-would-data-localization-benefit-india pub-84291.
Yayboke, E., & Ramos, C. G. (2021, July 23). The real national security concerns over data localization. The Real National Security Concerns over Data Localization | Center for Strategic and International Studies. https://www.csis.org/analysis/real-national-security concerns-over-data-localization.
Healey, J., Mallery, J. C., Jordan, C. T., & Youd, N. V. (2014). (rep.). Confidence Building Measures in Cyberspace. Washington, DC: Atlantic Council.
https://www.files.ethz.ch/isn/185487/Confidence-Building_Measures_in_Cyberspace.pdf.
Kamp, R. (2019, August 21). Data Residency: A concept not found in the GDPR. https://www.mcafee.com/blogs/enterprise/data-security/data-residency-a-concept-not found-in-the-gdpr/.
Nova, N. (2014, November 14). Maps of data center localisations. IICloud(s) – Inhabiting and Interfacing the Cloud(s). Maps of data center localizations (iiclouds.org).
Built with Shorthand