According to new Global Trends research by Cullen International on the regulation of data flows, in most of the surveyed countries, even if there are no data localisation restrictions, cross-border personal data flows are restricted unless certain conditions are met.
Among the researched countries, the law in Australia, China, Korea and Russia sets data localisation requirements. Data localisation has also been proposed in India and South Africa.
Political discussions have been carried out in trade agreements such as the Asia-Pacific Economic Cooperation (APEC) Cross-Border Privacy Rules (CBPR) system and the EU General Data Protection Regulation (GDPR) adequacy decision framework, among others.
The research found very few examples of fines being imposed in practice for breaches of the rules on data localisation or data transfers (e.g. WhatsApp, Facebook, and Twitter were fined in Russia). However, other sanctions have also been applied (e.g. American Express, Diners Club and Mastercard were restricted from adding new customers in India).
The research shows that data sharing and re-use to drive innovation has been mandated in several countries, mostly for open banking. In addition, in some cases a standardised application programming interface (API) has either been mandated (e.g. Australia, Korea, Russia and the UK) or developed voluntarily (e.g. the US).
The research covers Australia, Brazil, China, the EU, India, Japan, Korea, Russia, Singapore, South Africa, the UK and the US.
For more information on the report, please click on “Access the full content” - or on “Request Access”, in case you are not subscribed to our Global Trends service.
more news
29 July 25
New benchmark on provisioning timers and SLAs for wholesale local access over fibre in Europe
Our new benchmark covers service level agreements (SLAs) for the provisioning of wholesale local access (WLA) over fibre unbundling and virtual unbundling (VULA) across 18 European countries.
28 July 25
Privacy in the digital age
This Global Trends benchmark compares key aspects of data protection laws across 14 jurisdictions: Australia, Brazil, Canada, China, the EU, India, Indonesia, Japan, Kenya, Korea, Singapore, South Africa, the UK and the US.
25 July 25
Few EU countries have yet designated authorities to enforce new EU rules on data and AI
Our new benchmark maps the authorities designated to enforce the Data Governance Act, the Data Act and the Artificial Intelligence Act across all the 27 EU member states.