According to new Global Trends research by Cullen International on regulating the cloud, half of the researched jurisdictions mandate that at least some types of personal data be stored locally. This may regard, for example, data in the financial, health and/or telecom sectors, as well as government data.
All the monitored jurisdictions have implemented or proposed to implement a policy to encourage the use of cloud services by the government. For example, under a “cloud first policy”, there is a preference to cloud architectures in procurement for government data.
Data centres are a key infrastructure of cloud architectures. Therefore, they are increasingly the object of government policies and regulations. Policies and rules may regard one or more of four aspects: incentives to grow domestic availability of data centres, licensing or authorization requirements, security aspects, and sustainability.
Cross-border personal data flows are allowed only subject to certain conditions in all but one of the jurisdictions analysed. However, most of the monitored jurisdictions have specific rules on cross-border data transfers for the banking/finance and health sectors.
Agreements between jurisdictions to freely transfer data without restrictions are made in three different ways:
- First, through legal instruments specifically addressing the transfer of personal data.
- Second, in the context of broader bilateral or multilateral free trade agreements (FTAs) where transfer of personal data is included under the scope.
- Third, there are also general schemes to which individual businesses of eligible countries can sign-up to.
The research covers Australia, Brazil, China, the EU, India, Indonesia, Japan, Korea, New Zealand, Singapore, South Africa, Thailand, the UK and the US.
For more information and to access the full benchmark, please click on “Access the full content” - or on “Request Access”, in case you are not subscribed to our Global Trends service.
more news
18 October 24
EU countries late in transposing new EU cybersecurity rules (NIS2)
EU member states should have transposed by 17 October 2024 the Directive on measures for a high common level of cybersecurity across the EU (NIS2). However, most EU member states did not meet the transposition deadline.
16 October 24
[INFOGRAPHIC] Cullen Cheat Sheet on local content obligations for streaming services
Our cheat sheet provides an overview of whether selected countries in different regions of the world are imposing or debating obligations for (video on-demand) streaming services to promote local content.
10 October 24
Analogue switch-off postponed in most LATAM countries
Our latest benchmark shows the regulation of the 700 MHz band. This band, once freed from broadcasting use, offered the first digital dividend in the Americas.