For American companies doing business abroad, it is time—past time, in fact—to consider how and where you are storing your data. If you answered “in the cloud,” you need to do some probing, stat. If your data is stored on a server outside of the United States, you need to figure out where it currently resides, assess the applicable laws, and determine whether it would be prudent to move it elsewhere.
Rising conflicts over control of the global network are escalating—perhaps nowhere more so than in Europe. On May 6, the EU announced plans to create a single digital market by making rules governing tax, copyright, and e-commerce more uniform across European borders. Although the plan is ostensibly designed to improve data access among European nations and to make it easier for Europeans to do business with other merchants on the continent, the new approach is likely to have a detrimental effect on American companies that do business in Europe.
As with many other recent digital-related laws, this latest chapter in moves that favor the localization of data, the Internet, and its supporting infrastructure seems to target U.S. retailers and other companies with a strong European presence, including search engines and price-comparison websites. As the media has been reporting recently, this is particularly true since it comes on the heels of European regulators considering an antitrust review of whether e-commerce and social media companies are unfairly restricting cross-border trade.
With American companies already battling regulations requiring data localization, such as the recently enacted Russian data-residency law that, as of September 1, 2015, will require companies to store data relating to Russian citizens within Russian borders, this development may render American companies even more reluctant to rely on cloud-based data storage services. Many companies may fear they could lose control of where their data is stored and unwittingly run afoul of the inconsistent patchwork of laws relating to data protection, access, residency, and transfer. Unless they rely on cloud providers who build local data centers or relocate servers, or unless they choose a temporary, on-premises “backpack” model for managing data in e-discovery, they could certainly realize their fears.
About the Author