According to new Global Trends research on data flows, both data localisation obligations and bans on international data flows represent a way to regulate data sovereignty and relations with foreign entities.

Barriers are usually set through legal measures and may either consist of an obligation to store and/or process data within a country, or of a prohibition to transfer data abroad. Rules may be subject to conditions or allow certain exemptions. 

Among the researched countries, data localisation requirements are explicitly set by law in Russia, in China (although limited to key information infrastructure operators) and have been proposed in India. There are also countries where the government encourages the storing of data within the country but does not impose data localisation as such.

As for data transfers, the influence of the GDPR has been strong also outside the EU. Several countries around the world recently decided to revisit their respective data protection laws taking into account the EU’s GDPR experience. However, there are also other approaches.

Among the 21 Asia-Pacific Economic Cooperation (APEC) economies, nine of them participate in the APEC Cross-Border Privacy Rules (CBPR) system to facilitate data flows between the participating countries.

To find out more about the visible and invisible barriers to cross-border data flows around the world, please click on “Access the full content” to view the full global benchmark - or on “Request Access”, in case you are not subscribed to our Global Trends service.