More countries are now taking steps to ensure that data belonging to their citizens are not stored in other countries, thereby significantly impacting foreign investments and trade relations.
Countries like the UK, the United States, and China are now putting a higher price on data privacy than on welcoming foreign investors.
In June 2015, The Washington Post attributed the devastating cyber-attack on the US Office of Personnel Management to China, signalling that the Asian giant, rather than a bunch of hackers, was singularly responsible for the largest data breach in history that compromised sensitive details of 4 million current and former federal employees, including military and intelligence personnel.
The United States didn’t stop at that. In the days that followed, the Obama administration made it clear that they would slap economic sanctions on Chinese companies who benefited from data stolen from US companies via cyber-attacks. The administration also indicted five People’s Liberation Army officers for orchestrating cyber espionage and data theft.
Later that year, days before President Xi Jinping was to embark on a state visit to the United States to mend fences, his regime claimed to have arrested some hackers who it said were behind the cyber-attack on OPM servers. The United States didn’t buy it.
What has since followed is a deep-seated mutual distrust. Having been placed on par with Russia as the global leader of cyber espionage and theft of intellectual property, China recently struck back with a draconian cyber security law of its own.
The new law makes it clear that critical personal data of Chinese citizens cannot be stored outside China without express permission from the Chinese government. It is binding on international firms that run web services in China and these include network operators and critical information infrastructure operators. Companies that host cloud-based services in China will also have to adhere to the new law.
In light of Britain’s exit from the European Union, China’s new law sounds like a hammer blow to British businesses. Recently, Chancellor Philip Hammond has claimed that despite Brexit, Britain and China were ‘natural trading partners’ and that Britain would benefit immensely from China’s new economic vision.
While the likes of Apple and Airbnb have decided to set up data centres in China to comply with China’s new law, it is going to be expensive for medium and small businesses to do likewise, especially if the nature of their businesses require them to hold large chunks of customer data. Issues like the language barrier, IPR issues, and unfamiliarity may add to their concerns. There are also concerns that China may force data processors to hand over encryption keys to authorities anytime they please.
In the United States, Amazon halted sales of Blu smartphones after security firms pointed out how such devices contained firmware that secretly transmitted SMS messages and other data to servers located in China. The United States military has also decided not to use ‘made in China’ drones because of cyber espionage and related security concerns.
Recently, LinkedIn decided to give up six million users in Russia and shut down its activities in the country after the Russian government tried to force it to store all Russian users’ data in the servers in the country.
“Part of what made the Internet always great and the reason why it’s blossomed is because it was always decentralized and not subject to heavy-handed regulations. The concern is that the Internet will be splintered into islands,” said Omer Tene, vice president of research and education at International Association of Privacy Professionals to USA Today. The report reveals that China’s new cybersecurity law may have wiped out 1.1% of the country’s GDP.
So why are countries giving up on globalisation, economic growth, mutual trade and foreign relations for the sake of data security? Increased state interference in data stored by companies, the arrival of new laws that help nations bypass encryption in the name of national security, and the rising trend of state-sponsored cyber warfare across continents could be among the most obvious answers.
‘Data is more valuable than oil and companies like Google, Facebook and Amazon, that have a lot of data are the top companies in the world. Governments are slowly waking up to the fact that their citizens’ privacy and data is being bought and sold so try to clamp down on it,’ says Sunetra Chakravarti, Editor at TEISS.
‘Whether they will succeed remains to be seen but as has been in the past- data harvesters will always find a way around,’ she adds.