State of Data Localization in the Age of Digital Transformation

Data localization requires the data of a country’s citizens or residents to be gleaned, processed and stored inside the region, often before being relocated internationally. It is the process of storing data on any device that is physically present within the borders of a specific country where the data is generated. It is used to safeguard the personal and financial information of a country’s citizens and residents from foreign surveillance and provide local governments and regulators the authority to call for the data when required.

With the evolution of cutting-edge technologies, the value of data has also increased enormously. And if it is not protected strategically and used unsafely can lead to the growing threat of misuse of the data or theft. Thus, due to these impediments, several regulations are being implemented with the purpose to secure the data and safeguard the industrial sector. In this way, data localization is one such regulation that is now being adopted by various industries and countries across the globe.

Countries that adopt this data localization law require the storage or processing of data on servers that are physically located within their borders. In some countries, free flow and sharing of digital data, especially the data which could impact the government operations, is strictly restricted.

Today the global economy is completely shifted to digital and relies heavily on cross border facilities of services and goods. For these cross-border facilities, previous trade regulations have embraced the borderless nature of the internet and adopted light-touch regulation. However, with the growing importance of data, governments worldwide now are taking steps toward restraining the cross-border data flows.

In a 2017 U.S. International Trade Commission report, the number of data localization measures has doubled in the last six years. And it was most cited by the U.S. industry representatives as the policy measure hampering digital trade. But now as governments worldwide start mandating data localization laws, most organizations will need to address the wide-ranging implications in strategic ways as part of their national cyber policies.

Data Localization Law in Countries

The requirement for data localization is rapidly evolving and has been enforced in several countries due to individuals’ preferences based on data threats and national law mandates. The countries that have been imposed this law, including South Korea, Russia, Vietnam, Indonesia, Brazil, Australia, Brunei, Nigeria, and Iran.

Currently, countries like India are also considering data localization requirements, and some others are looking to expand existing regulations. In India, the Reserve Bank of India (RBI) has made data localization mandatory for payment systems, and the Ministry of Information & Broadcasting is working on a policy that places large limitations on cross-border data transfer, prohibiting sharing of the data with a third party.

Impact of Data Localization on Global Businesses

As data localization is being leveraged as a solution to secure the consumers and safeguard the country’s national and economic interests, it is expected to potentially affect businesses that make use of the Internet or web-based technologies for services. Data localization laws could affect internet service providers (ISPs), mobile communications companies, and social media. Also, it could have an impact on the multinationals and small and medium-sized enterprises (SMEs) in retail, production, healthcare, pharmaceutical, among other business sectors.