According to new Global Trends research on data flows, both data localisation obligations and bans on international data flows represent a way to regulate data sovereignty and relations with foreign entities.
Barriers are usually set through legal measures and may either consist of an obligation to store and/or process data within a country, or of a prohibition to transfer data abroad. Rules may be subject to conditions or allow certain exemptions.
Among the researched countries, data localisation requirements are explicitly set by law in Russia, in China (although limited to key information infrastructure operators) and have been proposed in India. There are also countries where the government encourages the storing of data within the country but does not impose data localisation as such.
As for data transfers, the influence of the GDPR has been strong also outside the EU. Several countries around the world recently decided to revisit their respective data protection laws taking into account the EU’s GDPR experience. However, there are also other approaches.
Among the 21 Asia-Pacific Economic Cooperation (APEC) economies, nine of them participate in the APEC Cross-Border Privacy Rules (CBPR) system to facilitate data flows between the participating countries.
To find out more about the visible and invisible barriers to cross-border data flows around the world, please click on “Access the full content” to view the full global benchmark - or on “Request Access”, in case you are not subscribed to our Global Trends service.
more news
29 July 25
New benchmark on provisioning timers and SLAs for wholesale local access over fibre in Europe
Our new benchmark covers service level agreements (SLAs) for the provisioning of wholesale local access (WLA) over fibre unbundling and virtual unbundling (VULA) across 18 European countries.
28 July 25
Privacy in the digital age
This Global Trends benchmark compares key aspects of data protection laws across 14 jurisdictions: Australia, Brazil, Canada, China, the EU, India, Indonesia, Japan, Kenya, Korea, Singapore, South Africa, the UK and the US.
25 July 25
Few EU countries have yet designated authorities to enforce new EU rules on data and AI
Our new benchmark maps the authorities designated to enforce the Data Governance Act, the Data Act and the Artificial Intelligence Act across all the 27 EU member states.