According to new Global Trends research on data flows, both data localisation obligations and bans on international data flows represent a way to regulate data sovereignty and relations with foreign entities.
Barriers are usually set through legal measures and may either consist of an obligation to store and/or process data within a country, or of a prohibition to transfer data abroad. Rules may be subject to conditions or allow certain exemptions.
Among the researched countries, data localisation requirements are explicitly set by law in Russia, in China (although limited to key information infrastructure operators) and have been proposed in India. There are also countries where the government encourages the storing of data within the country but does not impose data localisation as such.
As for data transfers, the influence of the GDPR has been strong also outside the EU. Several countries around the world recently decided to revisit their respective data protection laws taking into account the EU’s GDPR experience. However, there are also other approaches.
Among the 21 Asia-Pacific Economic Cooperation (APEC) economies, nine of them participate in the APEC Cross-Border Privacy Rules (CBPR) system to facilitate data flows between the participating countries.
To find out more about the visible and invisible barriers to cross-border data flows around the world, please click on “Access the full content” to view the full global benchmark - or on “Request Access”, in case you are not subscribed to our Global Trends service.
more news
30 June 25
LTE and 5G in the 410–430 MHz and 450–470 MHz bands in Europe
Our latest European benchmark shows the countries where the 410–430 MHz or 450–470 MHz bands can be used for LTE or 5G.
27 June 25
Can European end users choose their own router or modem?
Our new benchmark research shows that national regulators clearly defined the network termination point in five of the 14 European countries studied.
26 June 25
Data Protection in the Americas
Recent research highlights contrasts in the enforcement of data protection laws across the Americas. While most countries have legal frameworks in place to penalise violations, the scale of fines—both in terms of maximum fine limits and actual enforcement—varies widely. The findings also reveal that fines imposed in Europe are often significantly higher than those recorded in the Americas.