How data localisation can harm SMEs: A view from across the world

The internet giants and local technology companies are feeling the heat as the debate over data of Indian customers as well as laws to safeguard it rages on.Surabhi Agarwal  |  April 17, 2018, 09:02 IST
The internet giants and local technology companies are feeling the heat as the debate over data of Indian customers as well as laws to safeguard it rages on.

Srikrishna panel details how data localisation can harm SMEs

Russia

Federal Law No: 242-FZ mandates all data operators to ensure that recording, systematisation, accumulation, storage and extraction of personal data of Russian citizens occurs with the use of data centres located in Russian Federation territory.

The law requires operators to notify the Russian Data Protection Authority, the Roskomnadzor, of the location of the server.

China

Chinese Cybersecurity Law mandates that Chinese citizen’s data, which are collected by critical information infrastructure (CII) operators in China must be stored domestically. CII operators must also provide encryption keys to the government.

CII, while not explicitly defined, is understood to mean public communication and information services. The departments can suspend business operations, shut down websites and revoke licenses

How data localisation can harm SMEs: A view from across the world

Australia

In Australia, the Personally Controlled Electronic Health Records Act, 2012, provides that where a system operator, a registered repository operator, or a registered contracted service provider holds the health records of an individual, or has access to such records, then such records cannot be taken outside Australia

Canada

The PIPEDA in Canada does not contain any data localisation requirements. However, provincial law in Nova Scotia (Personal Information International Disclosure Protection Act, 2006) requires that personal information created by public institutions be stored on local servers

Vietnam

The Decree on Management, Provision, and Use of Internet Services and Information Content Online in Vietnam requires a range of Internet service providers to maintain within Vietnam, a copy of any information they hold in order to facilitate inspection of info by authorities, specifically providing that organisations and enterprises must have at least one server system in Vietnam serving the inspection, storage, and provision of information at the request of authorities. Decree 72 applies to general websites, social networks, mobile networks, and game service providers.

Indonesia

The regulation regarding the Provision of Electronic System and Transactions in Indonesia mandates the local storage of data relating to electronic system operators for public service.

The Regulation 20/2016 on Personal Data Protection in Electronic System provides that electronic system providers are required to process protected private data only in data centers and disaster recovery centers located in Indonesia.