Data Localization Laws and Policy
Show Less

Data Localization Laws and Policy

The EU Data Protection International Transfers Restriction Through a Cloud Computing Lens

W. Kuan Hon

Countries are increasingly introducing data localization laws, threatening digital globalization and inhibiting cloud computing adoption despite its acknowledged benefits. This multi-disciplinary book analyzes the EU restriction (including the Privacy Shield and General Data Protection Regulation) through a cloud computing lens, covering historical objectives and practical problems, showing why the focus should move from physical data location to effective jurisdiction over those controlling access to intelligible data, and control of access to data through security.
Buy Book in Print
Show Summary Details
You do not have access to this content

Chapter 8: Summary and recommendations

The EU Data Protection International Transfers Restriction Through a Cloud Computing Lens

W. Kuan Hon


• The Restriction’s legislative aim: prevent controllers from circumventing data protection principles by moving personal data outside the EU. • ‘Transfer’, jurisdiction, regulators’ data location fixation and data localization. • Mismatch between the Restriction’s assumptions and modern realities. • Allowing transfers, particularly to processors. Problems with mechanisms and onward transfers; the GDPR’s deprecation of technological protections like encryption. • Problems enforcing the Restriction. • Focus on access and security instead, to achieve the Restriction’s aims better. • Policy recommendations: abolish data localization restrictions. Otherwise, define ‘transfer’ by reference to recipients and jurisdiction; distinguish ‘transmissions’ (intelligible access); extend E-Commerce Directive defences to intermediaries without intelligible access; define and exclude ‘transit’; encourage risk-based self-assessment; continue ‘block’ mechanisms (valid, absent contrary evidence); incentivize technical protections equally with legal protections; promote third party expert certifications; seek international agreement to resolve conflicting jurisdictions and state surveillance’s limits/oversight, meanwhile increasing international regulatory cooperation on privacy. Keywords: policy, data localization, data sovereignty, jurisdiction, international transfers, cloud computing

You are not authenticated to view the full text of this chapter or article.

Elgaronline requires a subscription or purchase to access the full text of books or journals. Please login through your library system or with your personal username and password on the homepage.

Non-subscribers can freely search the site, view abstracts/ extracts and download selected front matter and introductory chapters for personal use.

Your library may not have purchased all subject areas. If you are authenticated and think you should have access to this title, please contact your librarian.

Further information

or login to access all content.