Data is a fundamental input in the twenty-first century economy. One means by which governments seek to protect their citizens is in ensuring control of the their personal data, by means of data localization whereby storing and processing the data of a country’s citizens remains within its borders of that country. Data localization restricts cross-border data transfers, which means that data cannot be transferred outside a country’s border.
Many countries have adopted a certain set of laws to put data localization into practice. While the USA – home to social media and information giants like Facebook and Google – opposes this concept, countries like Germany, China, France, and Australia are in favor of it, albeit with different regimes and emphasis. For example, Australia requires data localization of health records only. But China requires all sorts of personal information and other important data generated within China to be stored inside the borders of China.
National considerations drive data localization measures for several reasons, including:
- Maintaining access to data: If the country where the server is located decides not to cooperate with a another country’s lawful investigation, then the country where the legal proceeding was initiated will not have any option to retrieve the required data.
- Economic benefits: Data localization helps in the economic development of a country by attracting foreign investments and promoting required infrastructure and employment opportunities to store the servers needed for data localization.
Limitations on the benefits of data localization include:
- Physical location of storage is irrelevant for data protection: Data protection solely depends on the technical protocols and infrastructure used to capture, send, and archive the data. If the encryption level being used in the data is obsolete, then the data is compromised irrespective of the location.
- Unequal distribution of opportunities: Translating government mandates into jobs and physical infrasture investments is a process fraught with political constraints.
- Increased operational and compliance costs: Data localization makes it mandatory for companies to build infrastructures in all countries where they run their business, raising costs, on top of existing required privacy and security standards. Experience suggests that several countries that considered data localization requirements have suffered a negative impact on their GDP.
Among the key legislation driving the global data management are:
- United States-Mexico-Canada Agreement (USMCA): The USMCA (as mentioned in U.S. websites) or the CUSMA (as mentioned in Canadian websites) is a replacement for the North American Free Trade Agreement (NAFTA). As per the USMCA ‘Digital Trade’provisions, member states cannot prohibit the cross-border transfer of data or personal information by electronic means if this transfer of data is required for the conduct of business.
- General Data Protection Regulation (GDPR) and EU Data Protection Legislation: All nations in the European Union (EU) have adopted GDPR to ensure the data privacy of all its citizens. These measures allow the transfer of personal data outside country borders, but for transferring data abroad, the non-EU country that receives the data sent from the EU must essentially have the same level of data protection present in the EU. This enables the data exporter to forgo additional safeguards or authorizations, which in turn helps in the free flow of data.
- Cross Border Privacy Rules (CBPR) System: The CBPR is a data privacy regulation overseen by the Asia Pacific Economic Cooperation (APEC), which allows the cross-border transfer of personal data among APEC member countries, protected as per the standards specified in the APEC Privacy Framework. The CBPR is a policy similar to its EU counterpart in terms of its application and is a voluntary principles-based framework, which applies to the members of APEC alone.
The issue of data localization also affects how companies (particularly financial firms) manage their business communication, by requiring their compliance with all local laws and regulations If financial firms are using third-party archiving solutions for capturing and recording their employees’ conversations, then they must ensure that their vendor is capable of storing this information as per the data localization requirements of the client’s country. The Chinese ICP (internet content provider) license requirement when providing information and content outside from China.
About TeleMessage
TeleMessage captures and retains mobile content, including mobile SMS messages, voice calls, and WhatsApp and WeChat conversations from corporate or BYOD mobile phones to ensure compliance with various data protection regulations. The messages are securely and reliably retained within TeleMessage servers or forwarded to your choice of data storage vendor.
Our mobile archiving products securely record content from mobile carriers and mobile devices for various ownership models (BYOD, CYOD, and employer-issued). With our multiple archiving solutions, you can always find the right tools or blend for your requirements:
- Network Archiver
- Enterprise Number Archiver
- Android Archiver
- WhatsApp Archiver
- WeChat Archiver
- Signal Archiver
- Telegram Archiver
TeleMessage offers cross-carrier and international mobile text and calls archiving for corporate and BYOD phones. Visit our website at www.telemessage.com to learn more about our mobile archiving products.
