HO CHI MINH CITY: Internet crackdowns from Vietnam to Bangladesh cause self-inflicted economic harm by raising the cost of doing business and risk cutting trade by up to 9% in some of Asia’s investment destinations, a think tank says.
Countries that force companies to store data on local servers – an increasingly common policy among Asian governments – are chasing a “false allure of data nationalism” that only increases import and other business expenses, says a report by the Information Technology and Innovation Foundation released on Monday.
The US-based ITIF crunched numbers on five territories, including Hong Kong, Indonesia and Pakistan, linking a 1-unit rise on a data restrictiveness index to a 0.5% drop in annual trade.
The report says these governments are “learning many of the worst lessons from” China when it comes to enforcing strict internet controls. As tech and other services claim a growing share of global trade, banning companies from transferring data across borders does not achieve the privacy or security goals used to justify such bans, the ITIF said.
“Countries that embrace this misguided approach only set themselves back in the global digital economy,” authors Nigel Cory, Luke Dascoli and Ian Clay wrote.
Cory told Nikkei Asia that for everything from monitoring supply chains to conducting drug research, businesses rely on centralised, global IT systems rather than setting up a single system in each country. Data localisation is seen as increasing inefficiencies and thus costs.
The ITIF calculated how these higher costs reduce imports, especially by data-reliant companies that tend to use the imports as inputs for goods to be exported from the five jurisdictions covered by the study.
All five of those governments recently introduced laws or proposals on localisation, and all will sacrifice trade volumes after five years, ranging from 3.7% for Pakistan to 9% for Vietnam, compared to a scenario without the restrictions, the ITIF said.
Pakistan and Vietnam are among the countries that took cues from Europe’s privacy rules, but critics say they are set to implement such regulations in a very different way.
The EU-US Privacy Shield was announced in 2016 because Brussels wanted guarantees that US tech giants would protect Europeans’ data when sending it across the Atlantic.
In contrast, Pakistan’s data sovereignty proposal would “expand the government’s “ability to surveil users”, global nonprofit Freedom House said, while a similar draft in Bangladesh would “create a far-reaching, privacy-invasive surveillance apparatus”, activist Zara Rahman wrote on the Global Voices blog.
John Selby, a researcher at Australia’s Macquarie University, said some states believe forced localisation “provides better information security against foreign intelligence agencies” and boosts their own intelligence collection.
“Policymakers’ attraction to the false sense of control localisation gives them is both economically costly and counterproductive” and does “not lead to greater data privacy or cybersecurity”.
But localisation is banned in the Comprehensive and Progressive Agreement for Trans-Pacific Partnership, a trade deal that includes Vietnam, Cory noted.
Rather than wall off data in a new “splinternet”, the ITIF urged countries to adopt global protocols that actually guard privacy and security.
“Governments can do this by ensuring cloud providers are audited and certified against international standards,” the foundation said. It noted that Singapore and Germany have adopted the ISO/IEC 27001 information security management standard formulated by the International Organization for Standardization, a nongovernmental group.