Is data localisation a solution for data privacy issues in ASEAN?

Countries in Southeast Asia are inclined towards data localisation as a measure to protect personal data.

Data localisation refers to the practice of:

– requiring data to be collected, processed, and stored within a nation’s borders
– requiring a copy of data to be kept in local servers or data centers, such that law enforcement agencies can access the data when necessary
– placing limits on the transfer of personal data across borders

Data localisation may come at a cost to the regional economic development of ASEAN, as well as inhibit the performance of certain technologies & obstruct businesses’ access to foreign markets.

Localisation of data imposes additional costs on companies’ expenditure on resources, setting up data centers, server rooms, and local offices. If cost is too high, companies may choose to pull out or suspend operations. It may slow down the efficiency of technologies like cloud computing and artificial intelligence. Cloud computing works most efficiently when data flows across borders, and artificial intelligence works best when it has a diverse range of data sources.

Data localisation is best applied, with a risk-based approach. It is important to note that data localisation policies on their own may not improve the security of data. Data stored elsewhere on the servers of a cloud service provider may have higher cybersecurity controls than a local data center.

Other security practices, such as the principle of least privileged access and zero trust systems, which requires portals to continuously verify one’s identity through methods such as multi-factor authentication, can help secure data.

If ASEAN countries get aligned on data protection standards, it’d help encourage further economic integration and reduce barriers for the provision of services, much like the EU.