{"id":41898,"date":"2018-09-07T11:00:37","date_gmt":"2018-09-07T01:00:37","guid":{"rendered":"https:\/\/www.aspistrategist.ru\/?p=41898"},"modified":"2018-09-07T10:00:07","modified_gmt":"2018-09-07T00:00:07","slug":"data-localisation-threatens-economic-growth-without-improving-security","status":"publish","type":"post","link":"https:\/\/www.aspistrategist.ru\/data-localisation-threatens-economic-growth-without-improving-security\/","title":{"rendered":"Data localisation threatens economic growth without improving security"},"content":{"rendered":"
<\/figure>\n

Increasing data localisation\u2014governments requiring certain data to be stored within a jurisdiction\u2014threatens internet innovation and makes the development of digital goods and services more difficult, potentially slowing economic growth.<\/p>\n

India is thinking of<\/a> joining the countries that have data localisation requirements: China, Russia, Indonesia, Vietnam, and others. It is a bad idea.<\/p>\n

The internet has delivered worldwide benefits, mostly through US technology companies offering services globally. Light regulation has enabled innovation, facilitated rapid development of internet services, and delivered benefits across the planet.<\/p>\n

These technologies are also bringing new challenges. Fake news and social media have been blamed for nothing less than the potential destruction of democracy<\/a>, and leading technology companies warn of the dangers posed by cyberattacks<\/a>.<\/p>\n

One response has been for governments to clamp down and impose tighter regulations. The inherently borderless nature of the internet has presented regulators and lawmakers with challenges, but in recent times governments have taken two different approaches.<\/p>\n

The first is to create laws that apply beyond their own borders. The European Union has imposed tight data-protection rules<\/a>\u2014known as the General Data Protection Regulation (GDPR)\u2015based on the premise that individuals have the fundamental right to control the use of their own data. The justification for the GDPR\u2019s extraterritorial application is that a citizen\u2019s right to control their own personal data is universal and exists regardless of overlapping jurisdictions. According to the GDPR, personal data should be used in a manner \u2018designed to serve mankind\u2019 and should \u2018whatever [an individual\u2019s] nationality or residence, respect their fundamental rights and freedoms, in particular their right to the protection of personal data\u2019.<\/p>\n

The second approach is to compel data localisation and legislate that data\u2014typically personal data\u2014must be stored within a state\u2019s jurisdiction. China<\/a> and Russia<\/a> both have laws that impose a data localisation requirement. Both states cite protection of personal information as one of the justifications for these laws, but concerns have been raised that they\u2019re using localisation to enable intrusive government access to private information. Governments have a range of exceptional access powers that are typically relatively easy to exercise within their borders, but difficult to enforce outside their jurisdiction.<\/p>\n

To be clear, both approaches are forms of regulation that impose additional costs. Ideally, a harmonised global approach to data protection would be preferable. The European GDPR already imposes relatively high costs on companies doing business in the European Union, or even just conducting business with EU citizens.<\/p>\n

Data localisation requirements, however, impose additional new <\/em>costs above and beyond those of the GDPR.<\/p>\n

There are several factors that decide where data should \u2018live\u2019\u2014that is, where it is best stored. Many of these factors are technological, and the best place to store data has changed over time as technology has evolved.<\/p>\n

Some of the factors involved today are:<\/p>\n