The global economy depends on the free movement of data. By data, I simply mean information, like emails, sales history, satellite imagery, crop yields, traffic density reports, and search results. When digital technologies--including servers, personal computers, and mobile devices—process, analyze, and transmit data, it flows through the internet and across national borders seamlessly.
With the rapid rise in connected technology international data flows have exploded in recent years, reflecting their importance to businesses of all sizes and in all sectors. According to the McKinsey Global Institute, cross-border bandwidth has increased an astounding 45 times since 2005. Another report from the United Nations Conference on Trade & Development found that half of all global trade in services is already digital.
Digital technologies, and the data flows that optimize their potential, have spurred innovation and economic inclusion around the world, making them increasingly critical to addressing global challenges such as:
- Small- and medium-sized enterprises can gain a global reach with the click of a button.
- The Internet of Things can unlock energy efficiencies necessary in the fight against climate change.
- Advances in digital agriculture and logistics can improve crop yields and food distribution in order to combat global hunger.
Addressing all of these objectives, whether at the local, regional, or global level, requires the movement of data and information across borders. Amidst this revolution, however, a disturbing trend has emerged: Some countries—including Russia, China, Indonesia, and Nigeria—are erecting barriers to cross-border data flows, principally in the form of data localization requirements.
What is data localization? Data localization is the requirement to store, process, or otherwise handle data within the borders of a certain jurisdiction. These measures include obligations for businesses to keep any data collected on servers located within that country, explicit prohibitions against data transfers across borders, or excessive requirements for companies to obtain consent from a data subject before transmitting information outside its current jurisdiction.
One example of this is Russian Law 242-FZ, which mandates that businesses--even ones without a physical presence in Russia--keep all data on Russian citizens on servers inside the country, where it can be accessed by the Russian authorities. Another is Turkey’s Electronic Payments Law, which requires companies that provide e-payment services to conduct all data processing within Turkey.
Governments that enact data localization policies often cite two primary reasons for doing so: 1) they believe that local mandates will benefit their countries’ economies; and 2) they assert it is to protect the privacy and security of their citizens’ data and personal information. They are generally not aware, however, that data localization requirements can lead to adverse outcomes and do not accomplish either of these goals.
The internet is designed to function in terms of the network, not physical borders. Every second data crisscrosses the globe through network exchange points from users to companies and back again. It chooses where to route data based on network congestion to and from data centers, where it can be stored, processed, and analyzed without being tied to one specific location.
Data localization actually works against the norms that have helped the internet, and by extension global economic growth, flourish for decades. Rather than helping their domestic industries, these measures are counterproductive. Moreover, by favoring domestic providers of services or server space at the expense of competition, it reduces opportunities to drive fresh investment into local economies or for its firms to compete into new markets.
Identifying the problem and explaining the consequences are the first steps to achieving better outcomes. As our blogs on economic development, privacy protection, cybersecurity, and law enforcement access to data demonstrate we are dedicated to finding solutions that help governments align with global, internationally recognized standards which allow data and information to flow freely around the world. We are also invested in finding ways to use international agreements and frameworks for addressing the global problem of data localization in a meaningful way for all stakeholders.
- ITI graduate fellow Evangelos Razis contributed to this article.
Forced Localization Blog Series Table of Contents:
- What is Forced Localization?
- Local Content Requirements
- Local Presence Requirements
- Local Standards and Conformity Assessment
- Data Localization Explained
- The Costs of Data Localization
- Development and Data Localization
- Privacy Protection and Data Localization
- Cybersecurity and Data Localization
- Law Enforcement Access to Information and Data Localization
- Using Trade Agreements and other Multilateral Approaches to Address Forced Localization