According to new Global Trends research by Cullen International on regulating the cloud, half of the researched jurisdictions mandate that at least some types of personal data be stored locally. This may regard, for example, data in the financial, health and/or telecom sectors, as well as government data.

All the monitored jurisdictions have implemented or proposed to implement a policy to encourage the use of cloud services by the government. For example, under a “cloud first policy”, there is a preference to cloud architectures in procurement for government data.

Data centres are a key infrastructure of cloud architectures. Therefore, they are increasingly the object of government policies and regulations. Policies and rules may regard one or more of four aspects: incentives to grow domestic availability of data centres, licensing or authorization requirements, security aspects, and sustainability.

Cross-border personal data flows are allowed only subject to certain conditions in all but one of the jurisdictions analysed. However, most of the monitored jurisdictions have specific rules on cross-border data transfers for the banking/finance and health sectors.

Agreements between jurisdictions to freely transfer data without restrictions are made in three different ways:

1. First, through legal instruments specifically addressing the transfer of personal data.
2. Second, in the context of broader bilateral or multilateral free trade agreements (FTAs) where transfer of personal data is included under the scope.
3. Third, there are also general schemes to which individual businesses of eligible countries can sign-up to.
    

The research covers Australia, Brazil, China, the EU, India, Indonesia, Japan, Korea, New Zealand, Singapore, South Africa, Thailand, the UK and the US.

For more information and to access the full benchmark, please click on “Access the full content” - or on “Request Access”, in case you are not subscribed to our Global Trends service.