Data Sovereignty vs Data Localisation Law

By: Sonny Zulhuda

Transferring personal data beyond national boundaries has been a point of contention under many data protection laws across the globe. The European Union adopts this restriction that such transfer beyond EU boundaries cannot be done unless to the countries or places which have adequate protection on personal data of individuals.

Cloud-Data-SecurityThis rule is associated with the concept of “Data Sovereignty” which says that a country shall not lose a control or sovereignty over the processing of personal data pertaining to data subjects from that country. It also imposes that information which has been stored in digital form is subject to the laws of the country in which it is located. Therefore, a control over trans-border data flow is a form of upholding data sovereignty.

The concept of Data Sovereignty is reflected in the EU Data Protection Directives 1995 recitals whereas:

  • cross-border flows of personal data are necessary to the expansion of international trade;
  • the protection of individuals guaranteed in the Community by this Directive does not stand in the way of transfers of personal data to third countries which ensure an adequate level of protection;
  • the transfer of personal data to a third country which does not ensure an adequate level of protection must be prohibited.

As much as we are concerned with personal data transferred beyond our border, we also appreciate that personal data is inherently needed for the International trade and International cooperation. Hence, when a personal data is subject to trans-border flow, there shall be no discriminatory treatment to the citizen’s personal data despite where it is processed.

Data Localisation Law

This data sovereignty is sometimes confused with the rules of “Data Localisation”, which is totally a different thing. Data localisation laws set forth requirements to keep and store data “locally” (i.e., within national or regional borders), and thus not allowing data users to transfer data beyond borders. Consequently, any foreign party who wishes to collect or process personal data of individuals will be required to establish a local data storage facilities in the country of those individuals. Continue reading

Social Media Policy and Regulation: A Network Governance Perspective

By: Sonny Zulhuda

The above is the name of the event in Tsinghua University, Beijing, on December 3-4, 2016, where I came as a speaker to the audience consisted of law, media and Internet governance academia and practitioners. Both Beijing-based School of Journalism and Communication of Tsinghua University and the School of Communication of Hong Kong Baptist University (HKBU) jointly organised this event.

The invitation came to me through Dr. Yik Chan Chin of the HKBU, who is with me at the Global Internet Governance Academic Network (GigaNet). Upon few exchanges of emails, I was then invited to come and present my views on the social media regulations in the Malaysian perspective. I must say that the event was really a rewarding experience; filled with substantial discussions, new perspectives and, of course, new friends and network!

IMG_3014

This can be highlighted from the list of the speakers of the two-day workshop: Continue reading

  • August 2017
    M T W T F S S
    « Jul    
     123456
    78910111213
    14151617181920
    21222324252627
    28293031  
  • Visitor

    free counters

  • Enter your email address to subscribe to this blog and receive notifications of new posts by email.

    Join 1,574 other followers