India Cloud, China Cloud, U.K. Cloud, and U.S. Cloud — it may not be long before we are talking about country-specific cloud technology. Until now, the spotlight has been on cloud providers — Microsoft, IBM, Amazon, Google, Alibaba — and their generic and industry-specific capabilities. Data localization has often been considered an afterthought, but this issue is one that enterprises must consider in their cloud computing strategy as they invest and innovate with emerging technologies such as artificial intelligence, internet of things (IoT), and blockchain. As governments around the world begin mandating data localization laws, organizations will need to address the wide-ranging implications in strategic ways as part of their national cyber policies.
Recently passed regulations in the European Union around data privacy, such as the General Data Protection Regulation 2016/679 (GDPR), have pushed cloud providers and enterprises to implement data storage in local servers and encryption requirements in their products and services. Outside of Europe, especially in Asia (with the noted exception of China, which has rigid localization laws), data localization has mostly been a passive issue. With India’s recent aggressive push to pass data localization laws, it’s just a matter of time before other emerging economies accelerate similar policy measures, as data and cyberspace become the next frontiers of innovation, competitiveness, trade, and foreign policy levers among nations.
Democratically elected governments around the world will be abdicating their responsibility if they don’t have control over the data originating within their sovereign borders to address problems of national interests and crime. Recently, when the government of India circulated a policy document that described its plans to mandate that cloud providers and multinational companies operating in India store data generated from transactions and interactions with its citizens in locally hosted servers, the reaction from the global companies and cloud providers was collective criticism and backlash. The policy was criticized as a barrier to global trade and innovation. However, recent noteworthy data breach events, whether Cambridge Analytica, Wikileaks, or even the continued spreading of fake news on social media platforms, have raised the call for firmer policies around data protection. The remaining question may be where the line of privacy and localization should be drawn for governments, organizations, and consumers.