More and more countries are implementing data localization policies — laws and regulations that require data to be stored locally. These new rules pose a challenge to American business — not just app makers, cloud-computing businesses, and technology companies, but a wide variety of broader manufacturing and services companies for which data is central to their business operations.
To meet data localization requirements, firms need to use local storage infrastructure in the country or region where they’re doing business. But many small companies lack the resources to do this, which means they’re effectively boxed out of these markets.
U.S. trading partners with data localization rules include India, Brazil, and Indonesia.
In India, the National Data Sharing and Accessibility Policy mandates that data collected using public funds must be kept in India. Proposed regulations in recent years have gone further, suggesting that all data generated in India remain in the country.
Brazil’s General Data Protection Law only permits Brazilian data to be stored in certain foreign countries, a list that has yet to be fully determined, threatening market access and predictability for American firms.
Since 2019, Indonesia has required public-sector data to remain in the country for storage, management, and processing, and restricted the cross-border flow of personal data unless the foreign country matches Indonesia’s standards.
These are just a few of many examples. Between 2017 and 2021, the number of data-localization policies around the world grew from 67 restrictions in 35 countries to 144 restrictions in 62 countries, according to the Information Technology and Innovation Foundation.
Data localization rules are in effect trade barriers, negatively affecting commerce wherever they’re implemented. For American companies across all economic sectors they’re a potential disaster.