Hardback
Data Localization Laws and Policy
The EU Data Protection International Transfers Restriction Through a Cloud Computing Lens
9781786431967 Edward Elgar Publishing
Countries are increasingly introducing data localization laws, threatening digital globalization and inhibiting cloud computing adoption despite its acknowledged benefits. This multi-disciplinary book analyzes the EU restriction (including the Privacy Shield and General Data Protection Regulation) through a cloud computing lens, covering historical objectives and practical problems, showing why the focus should move from physical data location to effective jurisdiction over those controlling access to intelligible data, and control of access to data through security.
More Information
Critical Acclaim
Contents
More Information
Countries are increasingly introducing data localization laws and data export restrictions, threatening digital globalization and inhibiting cloud computing’s adoption despite its acknowledged benefits.
Through a cloud computing lens, this multi-disciplinary book examines the personal data transfers restriction under the EU Data Protection Directive (including the EU-US Privacy Shield and General Data Protection Regulation). It covers historical objectives and practical problems, showing why the focus should move from physical data location to effective jurisdiction over those controlling access to intelligible data and control of access to data through security measures. The book further discusses data localization laws’ failure to solve concerns regarding the topical and contentious issue of mass state surveillance. Its arguments are also relevant to other data localization laws, cross-border transfers of non personal data and transfers not involving cloud computing.
Comprehensive yet accessible, this book is of great value to academics in law, policy, computer science and technology. It is also highly relevant to cloud computing/technology organisations and other businesses in the EU and beyond, data privacy professionals, policymakers and regulators.
Through a cloud computing lens, this multi-disciplinary book examines the personal data transfers restriction under the EU Data Protection Directive (including the EU-US Privacy Shield and General Data Protection Regulation). It covers historical objectives and practical problems, showing why the focus should move from physical data location to effective jurisdiction over those controlling access to intelligible data and control of access to data through security measures. The book further discusses data localization laws’ failure to solve concerns regarding the topical and contentious issue of mass state surveillance. Its arguments are also relevant to other data localization laws, cross-border transfers of non personal data and transfers not involving cloud computing.
Comprehensive yet accessible, this book is of great value to academics in law, policy, computer science and technology. It is also highly relevant to cloud computing/technology organisations and other businesses in the EU and beyond, data privacy professionals, policymakers and regulators.
Critical Acclaim
‘Displaying great originality and rigour, this book makes the case that location-based personal data protection should have that “Frankenrule” replaced by regulation based on enforcement of security and encryption standards. With an interdisciplinary focus on law, computer security and industrial organisation (in technological and business value chains of data processing), this approach is to be recommended to legal scholars of the Internet.’
– Dr Chris Marsden, Professor of Internet Law, University of Sussex, UK
‘It should be read by every data protection supervisory authority and law-maker in Europe.’
– Rosemary Jay, Author, Data Protection Law and Practice
‘Data localization is not just a short-term phenomenon, but reflects a profound unease with increasing globalization, and a lack of certainty as to whether we want national borders carried over onto the online space. This book helps illuminate the choices that we face as a society in deciding where we want those boundaries to be set.’
– Dr Christopher Kuner, Co-Director, Brussels Privacy Hub, VUB Brussel and Editor-in-chief, International Data Privacy Law
‘This book which is partly a legalistic discussion about terms and concepts is very useful for companies involved in cloud computing, as it explains the challenges in practical terms and with many examples of real cases. The arguments that the author makes are often not only relevant in the cloud computing context, but also apply more generally for cross-border transfers.’
– Privacy Laws and Business Reports
‘The subtitle to this detailed look at ‘data localization’ is ‘The EU Data Protection International Transfers Restriction Through a Cloud Computing Lens’. To turn such subject-matter into a readable text of almost 500 pages is quite an achievement, but I promise you that Kuan Hon has achieved precisely that. It’s so readable that I actually read (almost all) the book when my aim was to read the minimum number of pages possible in order to write a respectable review. . . Data Localization Laws and Policy ‘illuminates the choices that we face as a society in deciding where we want those boundaries to be set.’
– Computers & Law
‘The author provides a thorough analysis of the law and highlights the absurdity of rules which use physical location as a shorthand for data security, while ignoring the impact of encryption, remote access, and cloud computing. The author describes the new General Data Protection Regulation''s approach to data localisation as ''retrograde'' and advocates an approach that centres on compliance with data protection principles, through control of intelligible access to personal data, and accountability for what happens to that data, regardless of location. Punchy, timely, and opinionated.’
– Journal of Cyber Policy
– Dr Chris Marsden, Professor of Internet Law, University of Sussex, UK
‘It should be read by every data protection supervisory authority and law-maker in Europe.’
– Rosemary Jay, Author, Data Protection Law and Practice
‘Data localization is not just a short-term phenomenon, but reflects a profound unease with increasing globalization, and a lack of certainty as to whether we want national borders carried over onto the online space. This book helps illuminate the choices that we face as a society in deciding where we want those boundaries to be set.’
– Dr Christopher Kuner, Co-Director, Brussels Privacy Hub, VUB Brussel and Editor-in-chief, International Data Privacy Law
‘This book which is partly a legalistic discussion about terms and concepts is very useful for companies involved in cloud computing, as it explains the challenges in practical terms and with many examples of real cases. The arguments that the author makes are often not only relevant in the cloud computing context, but also apply more generally for cross-border transfers.’
– Privacy Laws and Business Reports
‘The subtitle to this detailed look at ‘data localization’ is ‘The EU Data Protection International Transfers Restriction Through a Cloud Computing Lens’. To turn such subject-matter into a readable text of almost 500 pages is quite an achievement, but I promise you that Kuan Hon has achieved precisely that. It’s so readable that I actually read (almost all) the book when my aim was to read the minimum number of pages possible in order to write a respectable review. . . Data Localization Laws and Policy ‘illuminates the choices that we face as a society in deciding where we want those boundaries to be set.’
– Computers & Law
‘The author provides a thorough analysis of the law and highlights the absurdity of rules which use physical location as a shorthand for data security, while ignoring the impact of encryption, remote access, and cloud computing. The author describes the new General Data Protection Regulation''s approach to data localisation as ''retrograde'' and advocates an approach that centres on compliance with data protection principles, through control of intelligible access to personal data, and accountability for what happens to that data, regardless of location. Punchy, timely, and opinionated.’
– Journal of Cyber Policy
Contents
Contents: Foreword by Rosemary Jay Foreword by Christopher Kuner 1. Background 2. Legislative history and objectives 3. The ‘transfer’ concept 4. Assumptions 5. Mechanisms and derogations 6. Compliance and enforcement 7. Access and security 8. Summary and recommendations Index
