According to new Global Trends research by Cullen International on regulating the cloud, half of the researched jurisdictions mandate that at least some types of personal data be stored locally. This may regard, for example, data in the financial, health and/or telecom sectors, as well as government data.
All the monitored jurisdictions have implemented or proposed to implement a policy to encourage the use of cloud services by the government. For example, under a “cloud first policy”, there is a preference to cloud architectures in procurement for government data.
Data centres are a key infrastructure of cloud architectures. Therefore, they are increasingly the object of government policies and regulations. Policies and rules may regard one or more of four aspects: incentives to grow domestic availability of data centres, licensing or authorization requirements, security aspects, and sustainability.
Cross-border personal data flows are allowed only subject to certain conditions in all but one of the jurisdictions analysed. However, most of the monitored jurisdictions have specific rules on cross-border data transfers for the banking/finance and health sectors.
Agreements between jurisdictions to freely transfer data without restrictions are made in three different ways:
- First, through legal instruments specifically addressing the transfer of personal data.
- Second, in the context of broader bilateral or multilateral free trade agreements (FTAs) where transfer of personal data is included under the scope.
- Third, there are also general schemes to which individual businesses of eligible countries can sign-up to.
The research covers Australia, Brazil, China, the EU, India, Indonesia, Japan, Korea, New Zealand, Singapore, South Africa, Thailand, the UK and the US.
For more information and to access the full benchmark, please click on “Access the full content” - or on “Request Access”, in case you are not subscribed to our Global Trends service.
more news
11 July 24
All you need to know about the new AI Act – Part 3: Who will enforce the AI Act?
Cullen International is publishing a series of reports analysing different aspects of the new AI rulebook. Part 3 of the report series places an emphasis on all the involved national and European bodies in charge of enforcing the new rules.
10 July 24
Most European regulators that impose equivalence of inputs do not lift price control
Our new benchmark analyses which non-discrimination measures NRAs apply and whether they maintain price control obligations.
04 July 24
IoT regulation varies significantly across countries in the Americas
Cullen International’s latest benchmark on IoT regulation shows that countries in the region have significantly different approaches towards regulating or incentivising IoT.