The Illusory Promise of Data Sovereignty Laws

Prior to 2016, you’d be hard-pressed to find any political scientists predicting retreat from the transnational global economy that emerged in the 1990s. The formation of the EU, the passage of free trade agreements like NAFTA, and the thawing of the Cold War promoted global exchange in a seeming Manifest Destiny that transcended national boundaries by forming new jurisdictions based on regional and economic affiliation.

Technology proved a willing ally in the relentless march to globalism. The Internet ushered in a new way of communicating and conducting business through interconnected computer networks. When the cloud appeared on the horizon, users gained 24/7 digital access from any location with an Internet connection. Now, the Internet of things promises to place digital transformation at our fingertips through smart phones, smart appliances, and wearable devices that automate every aspect of daily living.

Then 2016 happened. Brits voted to Brexit the EU. Donald Trump defied expectations and got himself elected president. Italy’s prime minister self-immolated over a failed referendum vote that promised to end gridlock in Italy’s Parlamento Italiano. Not even a close defeat of Austria’s far-right Freedom party gave globalists much room to breathe, not with elections in France and the Netherlands threatening to topple the EU’s once impregnable hold on the European market. Populism is now the name of the day, with China, the US, and Russia shaking up old alliances and staking out adversarial positions based on national interests.

Of course, signs of trouble were apparent long before Donald Trump and Brexit, especially when it comes to data privacy. The real alarm sounded in 2013, when Anthony Snowden revealed the NSA’s vast surveillance of US citizens and foreign nations. Deciding that the US failed to provide adequate protection of EU member data, the EU struck down the Safe Harbor program, the program that allowed US businesses to self-certify that they met the EU’s criteria for protecting personal information.

Individual countries responded to Snowden’s revelations by passing data sovereignty laws, placing a chilling effect on data transfers by mandating that servers hosting citizen data be located within national borders. To date, over 100 countries have already passed data localization laws, with another 40 countries currently considering similar legislation. True to form, Russia has enacted one of the most sweeping data localization laws. Federal Law No. 242-FZ goes beyond requiring companies to locate servers hosting specific types of “sensitive” data within its borders and requires that all citizen data be stored on databases located within Russia. Nor does the law exempt foreign companies from its requirements, meaning that multinational companies will need to invest considerable time, energy, and money into complying with the latest Amendments to Russia’s Federal Law on Data Protection.

Data localization and the new nationalism appear to be here to stay, at least for the short term. Some experts predict an increase in market demand “for local or regional data centers and for software or hardware that facilitates geographic localization.” Other experts offer a less than rosy assessment of data localization, fearing such laws could throttle technological innovation. One recent study warned that fragmentation of the internet based on national borders could threaten new advances in information technology, including cloud computing, big data and the Internet of things. Moreover, by restricting the location of servers, data localization laws sacrifice the cloud’s primary benefits—namely affordability and scalability—which depend on service providers being able to move data between servers in different locations for load balancing and to take advantage of energy discounts and lower labor costs.

Data localization laws won’t just dampen technological innovation, however. Cloud computing and Internet eCommerce are big business. In 2015, the revenues of public cloud vendors reached a combined 75.3 billion U.S. dollars, while revenue from the Software as a Service segment alone was projected to reach 49.9 billion U.S. dollars.  According to Forrester, E-commerce sales will approach $500 billion by 2018 and are expected to grow to more than $400 billion in the next several years.

However, countries seeking a competitive advantage by passing data localization laws may be in for a rude awakening. A study by the European Center for International Political


If data localization laws prove unsustainable, how will companies and nations get around concerns over data privacy? Some experts predict that trade agreements will include limitations on data localization laws as a condition of doing business. Individual corporations may sidestep localization laws by meeting national adequacy determinations through self-certification, binding corporate rules, or model clauses. Political instability may also reverse some of the populist trends of the past year. Far from draining the swamp, Donald Trump is staffing his cabinet with a combination of insiders, political cronies, and deregulators who are ideologically opposed to government intervention in the economy and maintain close ties to multi-national

organizations. Even Brexit appears to be on hold at least temporarily, with new PM Theresa May delaying invocation of

Article 50 until 2017. A recent High Court ruling that the British government must get Parliamentary approval before using Article 50 buys even more time for opponents of Brexit.

Given the instability of the current political landscape, companies seeking to maximize the benefits of cloud computing and ecommerce might be wise to adopt a two-tier strategy. In the short-term, business leaders may want to seek out cloud service providers with data centers in geographic regions where data localization laws apply. In the long-term, the best bet may be to negotiate agreements that curtail data localization laws while promoting economic growth by leveraging the advantages of information





Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s