APAC’s Data Localization Requirements

Understanding the impact of cross-border regulations

Current and emerging regulations for data localization generally fall into the following categories:

  • Geographic restrictions that require data be stored and processed within a given country or region,
  • Geographical restrictions on data sets to be copied outside the country,
  • Permission-based regulations that require data exporters to obtain consent from specific individuals or institutions (e.g. in the financial sector) to transmit data out of the country.

Companies must understand the APAC localization rules in operating models, IT systems, and their international data flows. They should expect a plethora of sometimes confusing regulations on data privacy, transfers, and localization. The good news is that by developing a repeatable data localization approach, a company should be able to cover various jurisdictions, thus lowering costs. By staying on top of the legal requirements for data localization, a data center provider could also distinguish itself from its competitors.

Data sovereignty: what it means for cross-border data storage and transfer

Data sovereignty has become an issue around the globe that companies must reckon with in the entire APAC region driven by Russia and China. Their governments want easy access to servers and other data storage devices within the territory. Another motive for data sovereignty is to protect the local industry to prevent the local industries from outsourcing data storage and value-added services to other jurisdictions. However, there is also a veritable industry need to store data locally, which is particularly voiced by the industry.  Many medium-sized and smaller companies and public institutions are often concerned that cloud data storage in other jurisdictions will trigger a host of security concerns,  such as hacking, or government access to their stored IP and valuable data sets, which are often the lifeblood of the company.

This story is part of a paid subscription. Please subscribe for immediate access.

Subscribe Now
Already a member? Log in here

ABOUT THE AUTHOR

Andrew Lipman

Andrew Lipman practices in many areas of communications law and other related fields, including regulatory, transactional, litigation, legislative, and land use law. Andy’s clients in the private and public sectors include those in the areas of local, long-distance, and international telephone common carriage; Internet services and technologies; conventional and emerging wireless services; satellite services; broadcasting; competitive video services; telecommunications equipment manufacturing; and other high-technology applications. Additionally, he manages the privatization of telecommunications carriers in Europe, Asia, and Latin America.

Dr. Axel Spies

Dr. Axel Spies has advised clients for many years on various international issues, including licensing, competition, corporate issues, and new technologies such as cloud computing and international telecommunications licensing. He counsels on international data protection (EU General Data Protection Regulation (GDPR) and Data Privacy Framework), international data transfers and compliance, healthcare, technology licensing, ediscovery, the EU AI Act, and equity purchases. Dr. Spies is a long-time correspondent and co-publisher of the German Journal of Data Protection (ZD) and the European telecoms journal MultiMedia & Law (MMR). He is a Certified Information Privacy Professional (CIPP/E).