When it comes to data localization, Microsoft is committed to honoring requests from the government, including in India. It is just one of the many data laws that the tech company is compliant with, after all.

Ann Johnson, Corporate Vice President or Microsoft’s Cybersecurity Solutions Group, told IANS, they are “already fully compliant with the EU General Data Protection Regulation (GPDR)” and the company complies with data laws imposed by various countries, too. In fact, it is mandatory for them.

Microsoft will do the same with other protection laws required by other countries.

What is data localization?

It is a concept that requires the personal data of residents in a specific country to be processed and stored within the country. The push for localization increased when Edward Snowden leaked information on the counter-terrorism surveillance programs of the United States.

The idea can cause problems for international players, but is considered a boon for domestic ones.
It can also hamper data flow, especially in terms of global reach and distribution. Certain directives may restrict data flow. Others may be too lenient when it comes to data mirroring or conditional data sharing.

Some countries have national data localization laws in place. In Australia, for example, health records are processed and kept only within its borders. China, on the other hand, has a wider scope, restricting the flow of business, financial, and personal data only in the country.

As for the United States, it is up to the state and sector to regulate localization. Additionally, President Donald Trump signed earlier this year the CLOUD Act (Clarifying Lawful Overseas Use of Data Act) where data sharing with certain countries is established.

What is the impact on Microsoft?

There are over 1.2 billion people in 140 countries that use Microsoft Office.

Before data localization, the personal data of these individuals flowed freely from device to platform and beyond geographic boundaries. After data localization, the personal data of people in India, for instance, will be processed and stored within India alone.

What brought about the need for the localization of data?

According to the Strategic Policy Advisor at Microsoft, David Heiner, the government believes that if data is located in a country, then it has more control over it.

While this remains a theory to this day, it is a well-established one and that is what prompted the government to demand data localization.

Complying with such demands, however, comes with risks and problems.

Security concerns

Security researchers are analyzing trillions of cyber threat signals coming from different sources, according to the Microsoft Intelligent Security Graph. These signals include over 200 commercial services and global partners, 750 million accounts in Azure Cloud, 1.2 billion Microsoft devices, and 400 billion Outlook emails, among others.

The task of protecting these signals will require a huge effort, and the company is up against well-funded cybercriminals.

There’s also the need to freely move certain sets of data among the countries to improve intelligence and security systems.

Johnson said, “I care about the flow of anonymous sets of encrypted data that must flow freely among the countries.”

Domestic conditions

To process and store data locally, Microsoft needs to build infrastructure to accommodate government demands. But the company must choose wisely where to build its data centers.

Heiner told IANS that Microsoft doesn’t want to be in countries where “human rights are a big issue” and to turn over their data to such governments.  

“We are trying hard to think through what country we want to be in,” he noted.

Varying privacy law

It would make tech companies very happy if there was a single law that governs global data privacy, but Heiner doubts this will ever happen. “Governments have different values and we respect that,” he said.

Microsoft continues to build solutions to meet the demands of security-conscious organizations and within the regulatory guidelines that these companies operate in. It has also taken the lead in the EU GPDR’s data protection as a way to avoid gigantic penalties.

“Privacy never had such hefty fines,” Heiner said.

The Microsoft executive also said that the tech company has set the high international standards for other companies to follow.

Data localization in India

Earlier in October, an RBI mandate to store the financial data of Indian users within the country had companies around the world scrambling to comply. But this is just the latest wave of data localization demands in the ongoing power war between the industry and the government.

Government officials argue that localization will make data accessible to Indian law enforcement. Domestic technology companies also support the concept, saying that regulations for data privacy and security can be stronger with localization.

Industry bodies, however, oppose the idea for fear of a fractured internet and its impact on Indian firms that process foreign data and young startups that want to grow globally.

There is also a strong belief that misguided policies on localization can negatively impact citizens and economies.

Are you a proponent or an opponent of data localization?