New laws and court decisions reflect a broader trend within the global privacy and regulatory environment that is making it more difficult to transfer data across borders.
Russia’s data localisation has been with us for several years but is getting more strict with enforcement. China is implementing its Cybersecurity Law to exert more scrutiny on outbound data transfers and require data localisation in some cases. India is considering legislation that would require data localisation in some cases. Brazil and other jurisdictions are adopting GDPR-like data protection requirements with cross-border transfer restrictions.
Given that the landscape is changing and developing rapidly, companies considering long-term investments in information technology and cloud applications will need to evaluate how to build in flexibility as a hedge against data localisation and privacy risk.